Re: [gentoo-dev] Re: Improve the security of the default profile
On Sat, Sep 07, 2013 at 07:12:04PM -0400, Rich Freeman wrote: On Sat, Sep 7, 2013 at 7:08 PM, Rick Zero_Chaos Farina zeroch...@gentoo.org wrote: Personally I'm using the hardened profile already and find the performance penalties negligible for a desktop user, and someone trying to run realtime on defaults is likely suicidal anyway. I suspect what keeps people away from hardened isn't the performance, but the risk of compatibility issues. Most operations these days aren't CPU-bound, but getting something like RBAC to work right is fairly involved... Rich Hi, from a longtime user perspective: I'm using hardened on desktops since about three or four years now and I can't remember any issues that were caused by the toolchain. Performance loss is imho negligible even on low powered systems like an atom netbook or my Raspberry Pi (I'm not saying, that there is none, but it's nothing dramatical). RBAC, SELinux or a PaX enabled kernel is a completly other matter (in terms of breakage and usability) but this thread was about toolchain not kernel, wasn't it? WKR Hinnerk signature.asc Description: Digital signature
Re: [gentoo-dev] College Course in Gentoo Development
On Mon, Dec 17, 2012 at 11:02:24AM -0500, Rick Zero_Chaos Farina wrote: SNIP Can I take this course online? Will the lectures be recorded? I would second the idea of an online course if that is possible: I would even gladly do the beta testing of such an online course... ;) WKR Hinnerk
Re: [gentoo-dev] grub:2 keywords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05.07.2012 06:26, Doug Goldstein wrote: On Tue, Jul 3, 2012 at 9:20 AM, Jeroen Roovers j...@gentoo.org wrote: On Mon, 2 Jul 2012 15:02:28 -0400 Mike Gilbert flop...@gentoo.org wrote: That is exactly what Doug (cardoe) proposed, and he is working on the docs for that. Ah yes, it's been a long-winded thread. :) jer I got a little busier this past weekend than I had intended (loving that leap second bug) but here's the first draft: http://dev.gentoo.org/~cardoe/docs/grub2-migration.xml It will be integrated into the official Gentoo doc set once I get a nod from the docs guys. Hi, according to my /etc/grub.d/10_linux grub2 (or better the grub2-mkconfig script) searches for the following kernel names: /vmlinuz-*, /boot/vmlinuz-* and /boot/kernel-* for x86 and x86_64 and the same plus /vmlinux-* and /boot/vmlinux-* for other arches. The accepted names for initrd/initramfs are: initrd.img-${version}, initrd-${version}.img, initrd-${version}.gz,initrd-${version}, initramfs-${version}.img, initrd.img-${alt_version}, initrd-${alt_version}.img, initrd-${alt_version}, initramfs-${alt_version}.img, initramfs-genkernel-${version}, initramfs-genkernel-${alt_version}, initramfs-genkernel-${GENKERNEL_ARCH}-${version} and initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}. I (as a user) would propose to reflect this . I would also give information about /etc/defaults/grub since that is the config file that you need to enable persistent, customized kernel options (will be automatically appended when you run grub2-mkconfig) and grub specific options like the timeout or the graphic settings. Thank you for your effort. I really look forward for grub2 becoming the default (whatever that is in gentoo ;) ) option. WKR Hinnerk -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP9UI8AAoJEJwwOFaNFkYc2kcH/jKTjWpkqxx4rJxjHwGHDm0N 3BNe+o8/DbMbiyTG/fAwVmq4EdzucqWtoF5fRrNRkNd3OGg9+dZcoUeOVdZfWKpY evJF1/iuetr7XuHDJhjnAn2FLNfb7jzuLlUEXiGLYLvgtu+O5NUgLQyv3ut+eVMU JCRM41/BchnfnZdFTPWreL6QimpxQVBT4HDff5K0YYqrVEePLOufIt8ct81c2oAQ 3KSC4uPb9bvrM+3S3NVtyYUZgy60QrtzuWXM0S4eWEodU1pO5xnczqt7FCGlnnw1 G83aDcXI1oBdvVnMbhHJtAQi9EBvUn/q56gYMbtREFTXDjUvKZ0ozfu1lmEKGk8= =/ZBF -END PGP SIGNATURE-
Re: [gentoo-dev] rfc: locations of binaries and separate /usr
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10.01.2012 19:56, Dale wrote: Michał Górny wrote: On Tue, 10 Jan 2012 19:14:52 +0100 Enrico Weigeltweig...@metux.de wrote: * Micha?? Górnymgo...@gentoo.org schrieb: Does working hard involve compiling even more packages statically? I guess, he means keeping udev in / ? Because adding 80 KiB of initramfs hurts so much? We should then put more work just to ensure that admin doesn't have to waste 15 minutes to recompile the kernel (if necessary), create an initramfs and add it to bootloader config? Took me days to get dracut to work. Where does 15 minutes come from? How much time does it take when the initramfs fails? I keep hoping that all the smart people involved in this will see the mess it is creating. I'm not the sharpest tool in the shed but I'm sharp enough to see the mess this is going to create and I'm just a desktop user. I feel sorry for people with more complicated systems or remote ones. Dale :-) :-) If you have got it working once, it should take less than 15 minutes (I've made myself a bashscript with the exact dracut commandline parameters needed for my system). But I have to agree with you, that exotic setups (I have encypted root on my laptop) are very bad documented. If dracut shall become standard for Gentoo (alternative: genkernel can build an initramfs) someone will have to write an exact howto with the most important (or better all) commandline arguments and kernel commandline parameters. Hinnerk -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPDIzWAAoJEJwwOFaNFkYccIUH/2sPXpD/nOyrMZi34eUgV8qp NVa/JvVUEiSdxpETJoahwNTT1tOilxXA5ospLK3FShDyMqmngaFtTp8dqaiojOwg OOcNkmq8/W6GUVrRUOfBjM1LORVOcGkGWAQ2RNkah388M7HCXe98bgKSd7vLJtbd E5deIZ8ETLaJ2+tQh1L3Af6D7hUlZolbwwmUGl7b81o6O1YFjkvaZFiNBBoSQ8rD h+OXxnsXn72xFIqek/egpPkUqHDRhtO4hvo6fJR5JZGpF8r1HeS3y4Fa/jFPVrtV EUsdkCulW5ZDQt0pXbWDOugMhEFtkJ3NMlZKUiqdKYiiZmJcmp1Rgu0NQYlw0uY= =bupg -END PGP SIGNATURE-