Prepared project builds , based on the 32-bit version of Slackware-Current and shipped with 32-bit and 64-bit variants of the Linux 4.19 kernel. Size 800 Mb.
All , compared to the original Slackware:
- Installation on 4 partitions "/", "/boot", "/var" and "/home". Partitions "/" and "/boot" are mounted in read-only mode, and "/home" and "/var" in noexec mode (prohibition of execution);
- Patch to the kernel CONFIG_SETCAP. The setcap module can disable specified system capabilities, or enable them for all users. The module is configured by the superuser during system operation via the sysctl interface or the /proc/sys/setcap files and can be frozen from making changes until the next reboot.
In normal mode, CAP_CHOWN(0), CAP_DAC_OVERRIDE(1), CAP_DAC_READ_SEARCH(2), CAP_FOWNER(3) and 21(CAP_SYS_ADMIN) are disabled in the system. The system is brought back to normal with the tinyware-beforeadmin (mount and capabilities) command. Based on the module, you can develop the securelevels binding. - Patch to PROC_RESTRICT_ACCESS kernel. This option restricts access to the /proc/pid directories in the /proc file system from 555 to 750, with the group assigned to root for all directories. Therefore, users see only their own processes with the "ps" command. Root still sees all processes in the system.
- A patch to the CONFIG_FS_ADVANCED_CHOWN kernel that allows ordinary users to change the ownership of files and subdirectories within their directories.
- Some changes to default settings (eg UMASK set to 077).
Source: opennet.ru