On Tue, 2014-01-28 at 20:29 +1100, Russell Coker wrote: > On Fri, 24 Jan 2014, Marko Randjelovic <markoran@eunet.rs> wrote: > > > I would also like this. Yesterday I started compiling 3.2.54 with grsec > > > and PaX. A ready debian kernel(-source) with grsec and PaX would be > > > fine. Currently I am distributing my special packages via my own > > > repository - is there any concern when making it public (copyright, > > > etc.)? > > > > I managed to do it from official kernel 3.2.51-1. I removed all > > features/* patches without consideration because there were to many of > > them (905). Than I had to remove many other patches to resolve > > conflicts. If patch file f is patched consequently by patches p1, p2, > > if patch p1 is removed, then p2 may fail. > > The correct thing to do is just prepare a GRSecurity patch that applies on top > of the Debian kernel patches. That will be an unholy mixture not supported by either Debian or GRSecurity. May I remind you of #605090; in particular: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090#223 > At one time (10+ years ago) I was maintaining > patches for GRSecurity and LSM/SELinux and doing this for every new Debian > kernel package and new version of GRSecurity and LSM/SELinux. > > http://packages.debian.org/jessie/linux-patch-grsecurity2 [...] I bet it doesn't apply to 3.2.y any more... no, it doesn't. Bug opened (#736925). Ben. -- Ben Hutchings It is a miracle that curiosity survives formal education. - Albert Einstein
Attachment:
signature.asc
Description: This is a digitally signed message part