blob: 5da866c8a27e180d45655b5b8b249bc5dffb9df8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# Copyright 1999-2004 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.9 2005/01/12 22:49:19 spyderous Exp $
GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic pie hardened"
# <zhen@gentoo.org> defaults for a hardened system
# <zhen@gentoo.org> pam added until bug 10135 is fixed
USE="x86 berkdb bitmap-fonts font-server crypt readline nls ssl tcpd type1-fonts truetype-fonts zlib pam pic pie hardened"
ARCH="x86"
ACCEPT_KEYWORDS="x86"
#
# FEATURES are settings that affect the functionality of portage. Most of
# these settings are for developer use, but some are available to non-
# developers as well.
#
# 'sandbox' enable sandbox-ing when running emerge and ebuild
# 'sfperms' feature for security minded people that causes portage to
# remove group+other readable bits on setuid files and
# remove the other readable bits on setgid files.
# 'strict' causes portage to react strongly to conditions that
# have the potential to be dangerous -- like missing or
# incorrect Manifest files.
# 'userpriv' allows portage to drop root privleges while it is compiling
# as a security measure, and as a side effect this can remove
# sandbox access violations for users.
# 'usersandbox' enables sandboxing while portage is running under userpriv.
# unpack -- for debugging purposes only.
#
FEATURES="sandbox sfperms strict"
#FEATURES="sandbox sfperms strict userpriv usersandbox"
|