https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
It closes the topic of our discussion. worth reading: http://openwall.com/lists/kernel-hardening/2017/05/01/5 http://openwall.com/lists/kernel-hardening/2017/05/02/4 this means: * KSPP means that keeping PaX for >4.9 will be difficult and painful, as I pointed out previously * NSA SELinux instead PAX MPROTECT? alternatives: RSBAC * slow, but actively developed: http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=summary * produkction ready * lots of options similar to what is in grsecurity (eg. restricted chroot in grsec and jail in rsbac): http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=blob;f=rsbac/Kconfig;h=4a6ae294d41365a5c1757503575074c89ceebb11;hb=HEAD
