| * KARL * LibreSSL (most Linux distros use OpenSSL, YMMV) * License (GPL, GPL everywhere) * PID randomization * Priv sep (for some package managers, for example) * Swap encryption (probably opt-in, so not default) * UTF-8 only * W^X Memory * autoinstall (though ansible and co. might help) * base system (it's GNU/Linux after all, not just GNU nor Linux -- some outliers) * doas(1) (yeah, sudo(1) was made in OpenBSD, but they ditched it) * pf (http://man.openbsd.org/pf.conf.5) * pledge * signify (most distros use GnuPG instead) (though porting it should be a breeze) * unveil Unveil, pledge, and co. probably have AppArmor/SELinux counterparts, but adding layer upon layer make the whole thing brittle. Unveil, pledge, etc. are built-into all base utils (see also base system concept) |