lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Added apprmor to Gentoo install

Browse source 
Created the security page and added details on how to install apparmor in
the gentoo-desktop-setup section.
This commit is contained in:
nils 2025-02-28 23:06:00 +01:00
parent 005af69f9f
commit 1a5f1bdc1d
3 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/gentoo-desktop-setup/installation.md
View file

@ -83,7 +83,7 @@ PORTAGE_LOGDIR_CLEAN="find \"\${PORTAGE_LOGDIR}\" -type f ! -name \"summary.log*
ACCEPT_LICENSE="-* @FREE" ACCEPT_LICENSE="-* @FREE"
# USE flags # USE flags
USE="${USE} networkmanager -modemmanager wayland dbus elogind -systemd policykit pam man udev pipewire initramfs secureboot modules-sign dist-kernel" # .... USE="${USE} networkmanager -modemmanager wayland dbus elogind -systemd policykit pam apparmor man udev pipewire initramfs secureboot modules-sign dist-kernel" # ....
# Emerge settings # Emerge settings
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --with-bdeps y" EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --with-bdeps y"

20
docs/gentoo-desktop-setup/post-install/security.md Normal file
View file

@ -0,0 +1,20 @@
Security is an important factor when it comes to an operating system. Hardening the system is done to prevent as many exploits as possible. There are multiple factors which should be considered.
## Apparmor and LSM
Apparmor is a Mandatory Access Control (MAC) system that restricts capabilities from a program on a computer. It can dissallow access to files which the program would not require. Make sure the `apparmor` USE flag is enabled and install the necessary programs:
``` shell-session
sh# emerge -av apparmor apparmor-utils
sh# rc-update add apparmor boot
```
Then add apparmor and other Linux Security Modules (LSM) to the `cmdline` and rebuild the initramfs:
``` title="/etc/kernel/cmdline"
... apparmor=1 lsm=landlock,lockdown,yama,capability,integrity,apparmor
```
``` shell-session
sh# emerge --config gentoo-kernel # or gentoo-kernel-bin etc.
```

1
mkdocs.yml
View file

@ -101,6 +101,7 @@ nav:
- 'Swap': gentoo-desktop-setup/post-install/swap.md - 'Swap': gentoo-desktop-setup/post-install/swap.md
- 'Users': gentoo-desktop-setup/post-install/users.md - 'Users': gentoo-desktop-setup/post-install/users.md
- 'Ccache': gentoo-desktop-setup/post-install/ccache.md - 'Ccache': gentoo-desktop-setup/post-install/ccache.md
- 'Security': gentoo-desktop-setup/post-install/security.md
- 'Graphical session': - 'Graphical session':
- 'Session manager': gentoo-desktop-setup/graphical-session/session-manager.md - 'Session manager': gentoo-desktop-setup/graphical-session/session-manager.md
- 'Login manager': gentoo-desktop-setup/graphical-session/login-manager.md - 'Login manager': gentoo-desktop-setup/graphical-session/login-manager.md