Hardened Gentoo Roadmap

be> CommitDate: Tue May 24 20:36:06 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs= .git;a=3Dcommit;h=3Dc13c3be3 Suggest roadmap alterations, create support matrix page --- xml/roadmap.xml | 224 ++++++++++++++++++------------------------- xml/support-state.xml | 257 +++++++++++++++++++++++++++++++++++++++++++= ++++++ 2 files changed, 349 insertions(+), 132 deletions(-) diff --git a/xml/roadmap.xml b/xml/roadmap.xml index eab839e..e9d8839 100644 --- a/xml/roadmap.xml +++ b/xml/roadmap.xml @@ -4,20 +4,11 @@ -Hardened Gentoo Roadmap +Gentoo Hardened Roadmap Adam Mondl @@ -305,185 +296,153 @@ handling CFLAG filters for a hardened toolchain i= n a proper way. Related Bugs - Improve and sustain support for multiple architectur= es - - - x86 support - - In place - Zorry - - - - amd64 (x86_64) support - - In place - Zorry - + Enhance documentation - sparc32 support + Document the toolchain feature set - Unassigned + In progress - sparc64 support + Describe the grSecurity RBAC system Unassigned - ppc support - - In place - nixnut, Zorry, blueness - + Kernel development and maintenance - ppc64 support + Release hardened-sources-2.6.37 - In place + Done blueness + + + + + + + +grSecurity Goals and Milestones +

+Current State + + +

+grSecurity is well integrated within Gentoo Hardened (patch- and softwar= e wise +as well as knowledge). However, the documentation is lagging behind a lo= t and +is in need for attention. +

+ + +

+Goals and Milestones + + + - s390 support - - Unassigned - - + + + + + - hppa support + + the existing grSecurity2 document needs to be converted to Handbook = XML + Unassigned - arm support - - In progress - blueness - - - - mips support - - In progress - blueness - - - - ia64 support + + the features of PAX and grSecurity need to be described and document= ed + - In place - Zorry, blueness - - - - - - - Document the toolchain feature set - - In progress + Unassigned - Describe the grSecurity RBAC system + + the RBAC system needs to be covered documentation-wise in much more = detail + Unassigned - - - - - Release hardened-sources-2.6.37 - - Done - blueness - -

Description	ETA	Status	Coordinator(s)	Related Bugs
Enhance documentation
Kernel development and maintenance

=20 - -

=20 -Short-Term Goals +SELinux Goals and Milestones

-Access Control Systems +Current State =20 -

Grsecurity

- -

-Documents regarding Grsecurity are currently a major need for Gentoo. -

- -

-The existing Grsecurity2 document needs to be converted to Handbook XML. -
-We are working on a document describing the features on PAX and Grsecuri= ty. -
-Also, a document describing the RBAC system in more detail is needed. -
-Finally we are working on keeping the hardened kernel sources up to date= . -

- -

SELinux

-Currently the project supports x86 and AMD64 so support for other archit= ectures -has to be handled by upstream except when the issues can also be reprodu= ced in -any of those architectures. Aside work is being done in the following ar= eas: +The Gentoo Hardened SELinux state is, within the ~arch branches, up to d= ate and +fully supported (except MCS/MLS which is not supported yet). The documen= tation +is being updated as the state evolves, but can still improve.=20

=20 -

-Strengthen and extend current policies. -
-Extend support to more architectures. -
-Policy module support. -
-Additional Daemon Policies. -
-Updated documentation. -

- -

RSBAC

+ +

+Goals and Milestones + =20 -

-We need a new maintainer here so if you think you qualify as it feel fre= e to -contact us. -

+ + + + + + + + + + Stabilize the userland tools and libraries + 2011-05-24 + Slight delay + blueness, SwifT + + + + + Stabilize the ~arch SELinux policies based on 2.20101213 upstream br= anch + + 2011-06-07 + On track + blueness, SwifT + #368199 + + + Stabilize the new SELinux profile structure + 2011-06-28 + On track + blueness + #365483 + +

Description	ETA	Status	Coordinator(s)	Related Bugs

=20

- =20 + =20 diff --git a/xml/support-state.xml b/xml/support-state.xml new file mode 100644 index 0000000..ea2047a --- /dev/null +++ b/xml/support-state.xml @@ -0,0 +1,257 @@ + + + + +Gentoo Hardened Support State + + Sven Vermeulen + + + +The support state of the Gentoo Hardened project describes the supported +platforms, setups and additional requirements for each of the subproject= s +involved.=20 + + +1.0 +2011-05-25 + + +Introduction +

+ + +

+The Gentoo Hardened project aims to support as many platforms as possibl= e. +However, this aim is restrained as we do not have access to as many plat= forms +that we want (nor do we have the resources to work on all these platform= s). As a +result, support for the individual subprojects becomes limited to those +platforms that we have access and resources to. +

+ +

+This document gives an overview of the supported platforms and, if neces= sary, +elaborates on the specific requirements in order to work with one of Gen= too +Hardened's subprojects. Note that each subproject has its own support ma= trix, +based on upstream support (which platforms are supported by the technolo= gy) and +Gentoo Hardened (for which platforms can we run tests and validate users= ' +reports and feedback). +

+ + +

+ + + +Support Matrices +

+Hardened Toolchain + + + + + + + + + + x86 + In place + + + + amd64 / x86_64 + In place + + + + ppc + In place + + + + ppc64 + In place + + + + ia64 + In place + + + + arm + In progress + Contact blueness for more information + + + mips + In progress + Contact blueness for more information + + + sparc32 + Unsupported + + + + sparc64 + Unsupported + + + + s390 + Unsupported + + + + hppa + Unsupported + + +

Architecture	Support	Additional notes

+ + +

+grSecurity (incl. PAX) + + + + + + + + + + x86 + Yet to be determined + + + + amd64 / x86_64 + Yet to be determined + + + + ppc + Yet to be determined + + + + ppc64 + Yet to be determined + + + + ia64 + Yet to be determined + + + + arm + Yet to be determined + + + + mips + Yet to be determined + + + + sparc32 + Yet to be determined + + + + sparc64 + Yet to be determined + + + + s390 + Yet to be determined + + + + hppa + Yet to be determined + + +

Architecture	Support	Additional notes

+ + +

+SELinux + + + + + + + + + + x86 + In place + Still ~arch for the time being + + + amd64 / x86_64 + In place + Still ~arch for the time being + + + ppc + Unsupported + + + + ppc64 + Unsupported + + + + ia64 + Unsupported + + + + arm + Unsupported + + + + mips + Unsupported + + + + sparc32 + Unsupported + + + + sparc64 + Unsupported + + + + s390 + Unsupported + + + + hppa + Unsupported + + +

Architecture	Support	Additional notes

+ + + +

+ + +