# Copyright 1999-2004 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.16 2005/05/03 18:45:21 flameeyes Exp $ GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic pie hardened" # defaults for a hardened system # pam added until bug 10135 is fixed USE="x86 berkdb bitmap-fonts font-server crypt readline nls ssl tcpd type1-fonts truetype-fonts zlib pam pic pie hardened" ARCH="x86" ACCEPT_KEYWORDS="x86" # # FEATURES are settings that affect the functionality of portage. Most of # these settings are for developer use, but some are available to non- # developers as well. # # 'sandbox' enable sandbox-ing when running emerge and ebuild # 'sfperms' feature for security minded people that causes portage to # remove group+other readable bits on setuid files and # remove the other readable bits on setgid files. # 'strict' causes portage to react strongly to conditions that # have the potential to be dangerous -- like missing or # incorrect Manifest files. # 'userpriv' allows portage to drop root privleges while it is compiling # as a security measure, and as a side effect this can remove # sandbox access violations for users. # 'usersandbox' enables sandboxing while portage is running under userpriv. # unpack -- for debugging purposes only. # FEATURES="sandbox sfperms strict" #FEATURES="sandbox sfperms strict userpriv usersandbox" # Env vars to expand into USE vars. Modifying this requires prior # discussion on gentoo-dev@gentoo.org. Flat profiles also need to # be updated appropriately. USE_EXPAND="FRITZCAPI_CARDS FCDSL_CARDS VIDEO_CARDS INPUT_DEVICES LINGUAS USERLAND KERNEL ELIBC" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf" USERLAND=GNU KERNEL=linux ELIBC=glibc