Bug#605090: linux-2.6: [RFC] Add a grsec featureset to Debian kernels

[Colin Watson <cjwatson@debian.org>]

On Fri, Dec 03, 2010 at 06:01:47PM +0100, Yves-Alexis Perez wrote:
> On dim., 2010-11-28 at 10:44 +0100, Yves-Alexis Perez wrote:
> > On sam., 2010-11-27 at 23:56 +0000, Ben Hutchings wrote:
> > > These gids are in the 'dynamically assigned' range and must not be
> > > configured into the kernel; see Debian policy §9.2.
> > 
> > On this, I'm not sure (but will ask base-passwd maintainers for advice).
> > The gids are configured in KConfig, but can be changed dynamically using
> > sysctl (though that means before procpcs is run the gid is still the
> > static one). It'd be nice to have the same gids on every system, but I'm
> > not sure it's really indispensable.
> 
> Ok, after talking a bit with Brad Spengler it's a bit hard to make the
> -proc user runtime-configurable because it'd mean either chown()ing the
> whole /proc tree after running the sysctl, or something like that. A
> boot parameter could be used too, but all in all, there are no real nice
> way to achieve that. So I've requested from base-passwd maintainers the
> allocation of 5 gids in the 60000-64999 range, and I'm waiting for their
> comment.

I let Yves-Alexis know by private e-mail, but, for the public record, I
allocated these gids as requested.

  http://bzr.debian.org/scm/loggerhead/users/cjwatson/base-passwd/trunk/revision/155

-- 
Colin Watson                                       [cjwatson@debian.org]