Re: VPN Firewall Kernel
> > at http://sourceforge.net/projects/wolk
> It appears that WOLK is not in Debian. I would guess that given it's aim to
> Neither the URL you provide nor the Freshmeat entry list what patches are
> included in WOLK.
Well, there used to be such list, but then WOLK turned into closed project
for a year. I hear that 2.6 wolk is once again on the right track.
( /pub/linux/kernel/people/mcp/2.6-WOLK )
> In Debian there are patches for exec-shield, SE Linux, GRSecurity, and the
> Adamantix kernel patch (PAX + RSBAC + maybe some other things).
There are many patches in debian, but most of them are designed to work
with 'generic debian kernel', not with 'generic debian kernel patched with
several other debian-packaged patches', ie - combining few of those
usually is similiar to maintaing your own kernel patchset. Unfortunatelly.
And I don't think it would be technically easy to change that.
> distribution. The "Hardened Gentoo" people are doing some interesting stuff
> in regard to kernel security patches. Compiling Gentoo kernel source on and
> for a Debian machine should not cause any problems.
I hear gentoo kernel people are quite fond of wolk. When wolk was still an
open project they used to consider using it as a base for their version.
They didn't and rightly so.
Anyway, if you want more then one feature provided by some patches, you
either go with some ready-made source like wolk, gentoo or
redhat(especially for databases), or you decide to roll you own.
Middle-ground does not exist, the best you can do is go some route that
makes rolling you own easier ( like picking patches from some greater
patchset, or carefully chosing features you need(to avoid conflicting
featuer) )
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
Reply to: