profiles/hardened-x86-2004.0/make.defaults


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

# Copyright 1999-2004 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.8 2005/01/12 22:47:06 spyderous Exp $

GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic pie hardened"

# <zhen@gentoo.org> defaults for a hardened system
# <zhen@gentoo.org> pam added until bug 10135 is fixed
USE="x86 berkdb bitmap-fonts font-server crypt readline nls opengl ssl tcpd type1-fonts truetype-fonts xv zlib pam pic pie hardened"

ARCH="x86"
ACCEPT_KEYWORDS="x86"

# 
# FEATURES are settings that affect the functionality of portage. Most of
#     these settings are for developer use, but some are available to non-
#     developers as well. 
#
#  'sandbox'     enable sandbox-ing when running emerge and ebuild
#  'sfperms'     feature for security minded people that causes portage to 
#                remove group+other readable bits on setuid files and
#                remove the other readable bits on setgid files.
#  'strict'      causes portage to react strongly to conditions that
#                have the potential to be dangerous -- like missing or
#                incorrect Manifest files.
#  'userpriv'    allows portage to drop root privleges while it is compiling
#                as a security measure, and as a side effect this can remove 
#                sandbox access violations for users.
#  'usersandbox' enables sandboxing while portage is running under userpriv.
#                unpack -- for debugging purposes only.
#

FEATURES="sandbox sfperms strict"
#FEATURES="sandbox sfperms strict userpriv usersandbox"