Hello Everyone,
I just heard that gentoo-hardened will be scrapped by end-of-month.
Well, I have some good news - it doesn't have to be. A project has risen
up to continue supporting the patch on future kernels and I have been
running it successfully for over a month with the stock hardened
profile.
You can download the patches here, they are also GPG signed:
https://github.com/minipli/linux-unofficial_grsec/releases
So-called "linux-hardened project (KSPP)" and "SELinux" do not even
slightly compare at their current stage of development in terms of
kernel hardening and PaX protection. In the mid-term, I would recommend
using these forward patches for hardened-LTS 4.9.x and hope
Gentoo-hardened will continue for awhile longer while we wait for
further improvements.
Thank you for your time and concern.
I just heard that gentoo-hardened will be scrapped by end-of-month.
Well, I have some good news - it doesn't have to be. A project has risen
up to continue supporting the patch on future kernels and I have been
running it successfully for over a month with the stock hardened
profile.
You can download the patches here, they are also GPG signed:
https://github.com/minipli/linux-unofficial_grsec/releases
So-called "linux-hardened project (KSPP)" and "SELinux" do not even
slightly compare at their current stage of development in terms of
kernel hardening and PaX protection. In the mid-term, I would recommend
using these forward patches for hardened-LTS 4.9.x and hope
Gentoo-hardened will continue for awhile longer while we wait for
further improvements.
Thank you for your time and concern.