Comment on Do any hardened Linux distributions exist?
ruination@discuss.tchncs.de 1 year agoYou can even mix and match it H/SELinux with musl (and Clang, if you’re up for some masochism and performance boost), though it does require patching sometimes. From my experience, you can find patches from Alpine’s Aports and that should fix it ~90% of the time, but sometimes you’d need to write your own. Another tip in case you’re interested in trying musl on Gentoo is that there’s a compilation flag for large file support documented in Gentoo Wiki’s musl development page which fixes compilation failures caused by calls to functions with names ending in 64 (e.g. fseek64). This is yet another massive source of compilation failure in musl. Lastly, you should mask musl versions greater than 1.2.4 if you want to have any semblance of a good time with it.
ctr1@fl0w.cc 1 year ago
Oh good to know! Thanks for the tips. What do you like about musl it over glibc?
ruination@discuss.tchncs.de 1 year ago
To be honest, I only use it for fun. Unless you enjoy tinkering like I do, or you have really low RAM, there’s no reason to use it over glibc. I’m aware that Madaidan also mentioned that it is more secure, but I’m not too knowledgeable on that so I can’t really comment.
ctr1@fl0w.cc 1 year ago
Ah gotcha, just asking because I’ve never used it before. Good to know that Gentoo supports hardening it
ruination@discuss.tchncs.de 1 year ago
Gentoo lets you do basically whatever you want. The whole idea of it is that you make all the decisions in your system, as opposed to how most distros impose their developers’ choices.