profiles/hardened-x86-2004.0/make.defaults


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.2 2004/05/14 22:07:54 tseng Exp $

GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic"

# <zhen@gentoo.org> defaults for a hardened system
# <zhen@gentoo.org> pam added until bug 10135 is fixed
USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic pie hardened"

ARCH="x86"
COMPILER="gcc3"
ACCEPT_KEYWORDS="x86"

# 
# FEATURES are settings that affect the functionality of portage. Most of
#     these settings are for developer use, but some are available to non-
#     developers as well. 
#
#  'sandbox'     enable sandbox-ing when running emerge and ebuild
#  'sfperms'     feature for security minded people that causes portage to 
#                remove group+other readable bits on setuid files and
#                remove the other readable bits on setgid files.
#  'strict'      causes portage to react strongly to conditions that
#                have the potential to be dangerous -- like missing or
#                incorrect Manifest files.
#  'userpriv'    allows portage to drop root privleges while it is compiling
#                as a security measure, and as a side effect this can remove 
#                sandbox access violations for users.
#  'usersandbox' enables sandboxing while portage is running under userpriv.
#                unpack -- for debugging purposes only.
#

FEATURES="sandbox sfperms strict"
#FEATURES="sandbox sfperms strict userpriv usersandbox"