Hardened kernel with Grsecurity is coming along nicely - and there is yet more to come, as this medium-post shows https://medium.com/@securitystreak/living-with-qubes-os-r3-2-rc3-for-a-week-1a37e04c799e
Here's the background, I just sent this mail to coldhak.ca: --- Referring to https://coldhak.ca/coldkernel/ 1. Please add that error-messages from "sudo update-grub2" can safely be ignored. As also stated in https://www.qubes-os.org/doc/managing-vm-kernel/ , "Installing PV GRUB2". 2. Also please add that one needs to change the kernel in appvms to pvgrub2 3. And related, that one should also install paxtest and run it to confirm that grsecurity is running As mentioned at https://micahflee.com/2016/01/debian-grsecurity/ 4. And that there is the option to add further to securing the appvm, by using gradm2 in learning mode as explained at https://en.wikibooks.org/wiki/Grsecurity/The_Administration_Utility#Full_System_Learning --- And so I'd like to hear if you have any suggestions for RBAC given the opportunities for compartmentalization that Qubes OS provides. Cheers, C-c & C-v -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0dfeb459-3b7f-438f-b028-e8d8a32848c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.