blob: 8619556f6dfbdbb0270d180ecc5c300247416ce9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
<?xml version='1.0' encoding="UTF-8"?> <!DOCTYPE guide SYSTEM
"/dtd/guide.dtd">
<guide link="transition.xml">
<title>Rule Set Based Access Control (RSBAC) for Linux -
Transition from rsbac-sources to hardened-sources </title>
<author title="Author">
<mail link="kang@gentoo.org">Guillaume Destuynder</mail>
</author>
<abstract> This document will help you transioning from
rsbac-sources to hardened-sources </abstract>
<!-- The content of this document is licensed under the CC-BY-SA license
--> <!-- See http://creativecommons.org/licenses/by-sa/1.0 --> <license/>
<version>1.0</version>
<date>2006-02-15</date>
<chapter>
<title>RSBAC</title>
<section> <title>Why ?</title>
<body>
<note> Currently only the 2.4 kernels are affected </note>
<p> All hardened patches are currently present in the hardened-sources
kernel. SELinux as well as GrSecurity MAC solutions are also present.
The current RSBAC kernel is simply a copy of this hardened-sources
kernel, with RSBAC patches added and GrSecurity patches disabled. </p>
<p> When users are looking for the kernel to install, they install
this very one. Most often, they assume the RSBAC kernel is simply not
present because not inside of the "hardened kernel". </p>
<p> Finally, why having two versions of the almost same kernel when
it can just be one ? </p>
</body>
</section>
<section> <title>How ?</title>
<body>
<p> The transition is very simple. In short, you just have to emerge
the hardened-sources kernel instead of the usual rsbac-sources one.
Make sure to also add the rsbac local use flag so that the RSBAC
patches get applied. </p>
<impo> Make sure you are using the 2.4 kernel. 2.6 kernels have not yet been
transitionned </impo>
<pre caption="Adding the rsbac local use flag">
# <i>echo "sys-kernel/hardened-sources rsbac" >> /etc/portage/packages.use</i>
# <i>emerge hardened-sources</i>
</pre>
</body> </section> </chapter>
</guide>
|