Am Montag, 13. November 2023, 11:19:26 CET schrieb ralfconn: > Hello, > > I've been running the desktop profile for years. Now I'm thinking to > switch to the hardened. Since there is no 'hardened desktop' profile, > the hint I found online is to note the current desktop USEs, switch to > hardened and add the USEs not found there, but I wonder if it is really > the best option. Comparing the two profiles, hardened seems a sub-set of > desktop with the addition of: > > cet > hardened > pie > ssp > xtpax > > It seems to me easier to add these to the desktop rather the other way > round. Any gotcha's I am missing?
Yes, you are missing that the best solution is: Make a new profile which contains both profiles. See more here: https://forums.gentoo.org/viewtopic-p-8694188.html#8694188 (And you have to start with a hardened stage3) Many greetings, Peter P.S.: Maybe read also the first note from this article: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/ Kernel_Hardening_with_KSPP
