(correcting the wrong list address)

On Fri, Aug 27, 2021 at 6:07 AM akuster808 <akuster808@gmail.com> wrote:

> Marta,
>
> On 8/24/21 11:05 PM, Marta Rybczynska wrote:
> > Compilers and related utils are better restricted on production
> platforms.
> > Change permissions of all installed binutils tools to remove access from
> > users outside of the root group.
> >
> > This also demonstrates how to restrict file permissions in a hardened
> > distribution.
>
> Have you looked into FILESYSTEM_PERMS_TABLES? An example of the format
> can be found @ /meta/files/fs-perms.txt
>
> For more info see
> https://www.yoctoproject.org/docs/3.1/ref-manual/ref-manual.html
>
> Maybe having something like fs-perms.txt in meta-hardening may achieve
> the same?
>
>
It looks like a possibility, I will give it a try. I have a question about
the future,
however. Currently meta-hardening is defining its own distribution. When
hardening
will be in DISTRO_FEATURES (you were working on it some time ago
https://patchwork.openembedded.org/patch/174773/),
it would be less obvious to use, wouldn't it?

A bonus question, do you still plan to make it in DISTRO_FEATURES?

Regards,
Marta