Bug#605090: [RFC] Proposal for a new linux-grsec source package

To: Yves-Alexis Perez <corsac@debian.org>
Cc: 605090@bugs.debian.org, Erinn Clark <erinn@debian.org>, Ben Hutchings <ben@decadent.org.uk>, micah <micah@riseup.net>, error@debian.org, micah@debian.org
Subject: Bug#605090: [RFC] Proposal for a new linux-grsec source package
From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Sat, 19 Dec 2015 15:45:47 +0000
Message-id: <[🔎] CAFggDF1-y-T+ZJLU_=w1UJj5ed6=XU847Xgg-rbpNwVogzka0g@mail.gmail.com>
Reply-to: Jacob Appelbaum <jacob@appelbaum.net>, 605090@bugs.debian.org
In-reply-to: <[🔎] 1450523929.4218.2.camel@debian.org>
References: <20150914181533.GB5144@berimbolo.double-helix.org> <877fnsg0ff.fsf@muck.riseup.net> <1442272347.2298.53.camel@decadent.org.uk> <1442297571.6274.28.camel@debian.org> <20150915162006.GD5144@berimbolo.double-helix.org> <20150930105353.GA27330@scapa.corsac.net> <1444506942.5525.11.camel@debian.org> <1446757738.8412.25.camel@debian.org> <[🔎] 1450523929.4218.2.camel@debian.org>

On 12/19/15, Yves-Alexis Perez <corsac@debian.org> wrote:
> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
>> > This is really a work in progress and this mail a request for comment.
>> > Especially missing is:
>>
>> So, did any of you have the chance to test it? I'm currently running the
>> 4.2.5
>> kernel with grsecurity-3.1-4.2.5-201511021814 (just uploaded to my
>> repository
>> and to git.d.o) and it works just fine.
>>
>> I'm really interested by any feedback you would have on this.
>>
> With a lot of help from Ben I've made quite some progress in having the
> less possible differences with src:linux package. With 4.3.3 we still have few
> things differing, some of them which I think will be integrated in the
> upcoming src:linux releases.
>

Great news - this looks fantastic!

> I'm intending to upload the current version to NEW during the week-end, so
> if any of you want to test it, now would be a good time.
>

I've installed it - I've also tuned a few things. It seems to work as
well as my previous kernel - audio works, etc.

> You can find it on the git repository
> at https://anonscm.debian.org/cgit/colla
> b-maint/linux-grsec.git and the source and binary packages on my apt
> repository
> at https://perso.corsac.net/~corsac/debian/kernel-grsec/packages/

To boot Debian Jessie (with some testing pacakes too) to X - I had to set:

kernel.grsecurity.disable_priv_io=0
kernel.pax.softmode=1
kernel.grsecirity.grsec_lock=0

Reply to:

Follow-Ups:
- Bug#605090: [RFC] Proposal for a new linux-grsec source package
  - From: Jacob Appelbaum <jacob@appelbaum.net>

References:
- Bug#605090: [RFC] Proposal for a new linux-grsec source package
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Bug#808397: ITP: smali -- Assembler/disassembler for Android's dex format
Next by Date: Bug#808373: ITP: libwaive -- Allow processes to waive their rights
Previous by thread: Bug#605090: [RFC] Proposal for a new linux-grsec source package
Next by thread: Bug#605090: [RFC] Proposal for a new linux-grsec source package
Index(es):
- Date
- Thread