The hardened-sources are produced by applying the hardened-patches to the gentoo-sources, and the later are produced by appying the genpatches to vanilla kernels pulled form upstream.
There are two hardening models provided by the hardened-sources : 1) SELinux has been a part of the mainline kernel for many years. The hardened-sources patchset does not have to add SELinux, just facilitate its availablity. 2) GRSEC/PaX is a multi-layered detection, prevention, and containment model which provides intelligent Role-Based Access Control, and many hardening features. This is the major component of the hardened-sources patchset.
hardened-sources is a subproject of the hardened gentoo project, which includes hardened toolchain, Bastille, and other subprojects. Since the toolchain and kernel form the core of any system, both are closely interrelated for full hardening.
Last modified: September 27, 2011