Bug#605090: linux-2.6: [RFC] Add a grsec featureset to Debian kernels
On Fri, Dec 03, 2010 at 06:01:47PM +0100, Yves-Alexis Perez wrote:
> On dim., 2010-11-28 at 10:44 +0100, Yves-Alexis Perez wrote:
> > On sam., 2010-11-27 at 23:56 +0000, Ben Hutchings wrote:
> > > These gids are in the 'dynamically assigned' range and must not be
> > > configured into the kernel; see Debian policy §9.2.
> > On this, I'm not sure (but will ask base-passwd maintainers for advice).
> > The gids are configured in KConfig, but can be changed dynamically using
> > sysctl (though that means before procpcs is run the gid is still the
> > static one). It'd be nice to have the same gids on every system, but I'm
> > not sure it's really indispensable.
> Ok, after talking a bit with Brad Spengler it's a bit hard to make the
> -proc user runtime-configurable because it'd mean either chown()ing the
> whole /proc tree after running the sysctl, or something like that. A
> boot parameter could be used too, but all in all, there are no real nice
> way to achieve that. So I've requested from base-passwd maintainers the
> allocation of 5 gids in the 60000-64999 range, and I'm waiting for their
I let Yves-Alexis know by private e-mail, but, for the public record, I
allocated these gids as requested.
Colin Watson [email@example.com]