| Summary: | PATCH sys-kernel/hardened-sources-2.6.25-r3 working patch for fbcondecor-0.9.4 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Magnus Granberg <zorry> |
| Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | martin |
| Priority: | High | ||
| Version: | 2008.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
working fbcondecor-0.9.4 patch
diff 4200_fbcondecor-0.9.4 and 4460_fbcondecor-0.9.4 |
||
|
Description
Magnus Granberg
2008-08-12 20:38:15 UTC
Created attachment 162774 [details, diff]
working fbcondecor-0.9.4 patch
Need to be after 4450_selinux-avc_audit-log-curr_ip.patch
Created attachment 162776 [details, diff]
diff 4200_fbcondecor-0.9.4 and 4460_fbcondecor-0.9.4
* Applying 4445_grsec-2.1.11-mute-warnings.patch (-p0+) ... [ ok ]
* Applying 4450_selinux-avc_audit-log-curr_ip.patch (-p0+) ... [ ok ]
* Applying 4460_fbcondecor-0.9.4.patch (-p0+) ... [ ok ]
>>> Source unpacked.
Working on vanilla toolchain with hardened-sources-2.6.25-r3 and no PAX or GRSEC enable.
I'm not carrying fbcondecor patches in hardened-extras. If you submit an fbcondecor patch to kernel@g.o that fixes the conflicts with the grsecurity patch (appears that it should be a trivial task) I'll consider removing fbcondecor from UNIPATCH_EXCLUDE in hardened-sources. Nice work though and thanks for your inquiry. Thats okey with me. When I tried last time (with kernel 2.6.29), there was no obvious conflict between grsecurity and fbcondecor. And at least applying the patch works with hardened-sources-2.6.29. However, fbcondecor is still in UNIPATCH_EXCLUDE; actually, meanwhile it is the only item there. Is there a particular reason for this? If not, I would suggest to remove it from that list. It is certainly not a "must" but a "nice to have", even on hardened systems... |