I am pleased to present the following patchset with a view to its being committed as the initial hardened-sources-2.6.24 release.
The sha256sum for the hardened-patches-2.6.24-1.tar.bz2 archive is as follows:
Many thanks are due to Gordon Malm for his outstanding contributions.
These are the changes, relative to 2.6.23-r9:
* Re-based upon 2.6.24 + genpatches-2.6.24-5
* Incoporates unmodified grsec-2.1.11-188.8.131.52-200803262003 patch
* Introduces bespoke server and workstation oriented security levels
* Allows PaX to be enabled without grsecurity
* VDSO_COMPAT cannot be enabled during runtime if PaX is enabled
Thanks. I tried vanilla 184.108.40.206 + grsec-2.1.11-220.127.116.11-200803262003.patch
and it made my machine freeze *hard* without any oops/panic at all.
The only thing I changed in the .config from my tries with 2.6.23-hardened-r9
were that I disabled CONFIG_PAX_MEMORY_SANITIZE and CONFIG_PAX_MEMORY_UDEREF.
> * Allows PaX to be enabled without grsecurity
Thank you much Kerin. Just a reminder, this not an actual change relative to 2.6.23-r9, we just split it out of the unrelated patch it has been contained in for many releases. With all the discussions, work and basically complete audit we have done, I can certainly understand the mixup.
OK, I added the ebuild with a slight modification to the tree. Thanks a lot for your effort Kerin and Gordon.