To use Libcap2/fcaps we need linux-2.6.24 with the capabilities module loaded, and ext2/ext3/reiserfs filesystem, on the host system... if the /bin/passwd program is using capabilities, then the host needs linux-2.6.24 capabilities or we can't set the root password before rebooting. To use grsec rbac we need a grsec kernel... to set grsec rbac rules as packages are installed.
I would like to keep hlfs designed to be hardened on the first boot, and not designed to be set up with grsec rules after first boot. This will screw using knoppix or the lfs-livecd as a host system, while having the side effect of forcing new users to have some advance knowledge of what they're getting into and how to set it up. The main disadvantage is that I don't know of any live-cd that meets these requirements, so installing on a brand new system would be impossible. It's a catch22. Ideally you should trust the host system, and you can only really do that with an LFS host system. On the other hand, it's unfair to expect everyone with a brand new system to install LFS before HLFS. Without distributing an hlfs-live-cd I don't see a way around this. Even if we find workarounds for these two issues (someone-elses livecd), it wouldn't account for future issues of the same nature. robert
pgpgXJGY38CI7.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
