Hi Michael Am 11.06.2017 um 23:39 schrieb Michael Brinkman: > Hello, so I've been running Gentoo Hardened for a few years on my > laptop, my desktop, and a server made from an older desktop. > > Because of Grsecurity closing access to its source to non-subscribers, > I decided that I would just try to stick with Gentoo-sources and > harden the default profile and follow the KSSP guidelines to get as > close as possible without losing the testing kernel. Because of this, > I no longer used the PaX features and decided switch to the default > profile and enabling my own flags.
The security people probably have more insight, but I personally run by default the hardened profile, also in combination with gentoo-sources if there were too many compatibility issues with the software I had to run on that specific machine. So, from my point of view there is no reason to switch to the default profile just because the grsec-kernel-patchset isn't open source anymore. Best regards, Tiziano