I've made a patch to 3.0.1_rc1 genkernel to allow control of pax/grsec/selinux. Here it is.
Created attachment 26350 [details, diff] patch to gen_configkernel.sh 3.0.1_rc1 This processes $EXTENS and looks for the most specific /usr/share/genkernel/extens/${EXTEN_NAME}-config* file it can find. Left to right, it's basically $EXTEN_NAME-config{-$ARCH{-$KV,-$VER.$PAT,},-$KV,-$VER.$PAT,}
Created attachment 26351 [details] extensions extract to /usr/share/genkernel so that it creates /usr/share/genkernel/extens/* Config files for pax, grsecurity, and selinux. Tested pax with 2.4 and 2.6, grsecurity with 2.4, and selinux with 2.6. You may need to make an selinux-config-2.4
I don't actually have a patch for /etc/genkernel.conf, so just eyeball this and cut & paste, changing to taste. # Use Color output in Genkernel? USECOLOR="yes" # Extensions # pax selinux grsec grecsysctl # Grsecurity GID's and suggested names # 1002 -- denysvrsocks (no server sockets) # 1003 -- denyclisocks (no client sockets) # 1004 -- denyanysocks (no network sockets of any kind) # 1005 -- untrusted (tpe untrusted users) # 1007 -- audit (users to audit) # selinux needs a kernel param enforcing=1 to work. selinux=0 will disable # selinux. #EXTENS="pax selinux grsec grsecsysctl" EXTENS="pax" # =========GENKERNEL LOCATION CONFIGURATION============
Created attachment 26373 [details, diff] x86/kernel-config-2.6 (worked from 2.6.3-rc4) This is a patch for 3.0.1_rc1 /usr/share/genkernel/x86/kernel-config-2.6 It was worked from 2.6.3-rc4 and contains a few changes. Enabled parallel port support, because I still have a parallel printer, and I don't think everyone has USB printers. ide-floppy support is in, because that's zip and jazz drive type disks. People using genkernel are either going to be trying to avoid configuring the kernel, or going to be the type to wonder why Linux doesn't have drivers for their zip250 drive yet. Enabled the Magic SysRQ key. I use this A LOT. Who do you know who holds alt while pressing printscrn? That's about it but it's really up to you.
I'm not sure what the heck I was doing with that last patch. . . why was I rewriting the config again?
neat. I'm hoping that genkernel will have 2 configs, one for user interface settings and one for techie type stuff, because the techie type stuff must change by neccesity, and it's annoying to re enter configs for every kernel release. maybe the techie part of kernel config genkernel configs should be with the specific kernel so that genkernel doesn't have to be updated every day or so?
there's nothing in the kernel for user interface.
>there's nothing in the kernel for user interface. umm... talking about genkernel here, and you said that the config file had to be hand edited, and I said how I was hoping to make the config file be two seporate files.. one for _genkernel_ user interface and one for _genkernel_ kernel configuration stuff. The config file is already in two parts, I was just hoping to make them be two files. Which is related to your comment about hand editing the config file.
umm, this bug i think is getting off topic ... I don't see anything here that mentions 2 configs, just appears to append config settings depending on 'extenstions' ... which makes sense. I'll apply this to genkernel cvs as soon as 3.0.1 is released, and start a 3.1 branch. May update it a bit though (commandline options, etc) -Brad
[[ Reassigning ]]
Could we have a patch for 3.0.2b please along with a command-line option for this patch? Thanks...
whoa. Been forever since I looked at this, 'cause the guy said it went into cvs. You need the stuff moved up? Erg. Lemme try and figure out wtf I actually did and I'll try to get it tomorrow. Or so.
o.x I should do this. *emerges genkernel* o.x
Closing as NEEDINFO; updated patches for 3.0.2g needed. If you could provide some, then please reopen this bug. Thanks!
Moving these so we can remove the "Install CD" component from "Gentoo Linux". I apologize to everyone for this spam, but according to the bugzilla developers, this is the only reasonable way to do this.
