On 08/16/2017 10:37 AM, Francisco Blas Izquierdo Riera (klondike) wrote: >>> >> Would anyone like to outline a simple process to migrate from >> hardened-sources + hardened tool-chain to gentoo-sources? >> > Unless you want to drop userspace hardening (which most likely you don't > as it is still useful on vanilla kernels) a simple copy of the .config > file to gentoo sources followed by make oldconfig will work in the vast > majority of cases. >
There is one thing you have to watch out for: certain vanilla kernel hardened features were subjugated to grsecurity ones and you'll probably want to enable them. For example, you probably want CONFIG_VMAP_STACK once you've switched, but it won't be enabled in your old .config because it conflicts with GRKERNSEC_KSTACKOVERFLOW. (It would help to collect those options on a wiki page?)
