1a5f1bdc1d
Created the security page and added details on how to install apparmor in the gentoo-desktop-setup section.
20 lines
868 B
Markdown
20 lines
868 B
Markdown
Security is an important factor when it comes to an operating system. Hardening the system is done to prevent as many exploits as possible. There are multiple factors which should be considered.
|
|
|
|
## Apparmor and LSM
|
|
|
|
Apparmor is a Mandatory Access Control (MAC) system that restricts capabilities from a program on a computer. It can dissallow access to files which the program would not require. Make sure the `apparmor` USE flag is enabled and install the necessary programs:
|
|
|
|
``` shell-session
|
|
sh# emerge -av apparmor apparmor-utils
|
|
sh# rc-update add apparmor boot
|
|
```
|
|
|
|
Then add apparmor and other Linux Security Modules (LSM) to the `cmdline` and rebuild the initramfs:
|
|
|
|
``` title="/etc/kernel/cmdline"
|
|
... apparmor=1 lsm=landlock,lockdown,yama,capability,integrity,apparmor
|
|
```
|
|
|
|
``` shell-session
|
|
sh# emerge --config gentoo-kernel # or gentoo-kernel-bin etc.
|
|
```
|