Gentoo Linux includes support for grsecurity in nearly every kernel that
we have. Unfortunately the patch level is not always as up2date as Brad's
code due to the many other patches that are included, however what I'm
wondering here is do the Gentoo users want the option of merging a
vanilla-kernel with just "one" patch applied. It would be called
grsecurity-sources. I would like to use the grsec2 series for this so we
can help Brad debug and get it to a stable level.
That was a poll that ran on gentoo-dev, gentoo-hardened, grsec mailing lists
that got good feedback.
Added to portage as grsec-sources-126.96.36.199.9.11(x86) and 188.8.131.52.0_rc2(~x86
~sparc ~alpha ~ppc)
This ebuild was written to work for both 1.9.x and 2.x and should play along
Anybody interested in testing grsec-sources and reporting some feedback?
Created attachment 16294 [details]
ibook config, desktop config
I'm running 184.108.40.206.0_rc2 on a dual x86 desktop, and also tried running it on my iBook (ppc).
But I found that the latter needs a couple of hardware specific patches (notably AGP support and framebuffer), so I patched over the latest benh2 kernel.
Patching worked well except for CONFIG_GRKERNSEC_PAX_RANDMMAP, and I rather disabled it than merge it manually.
As these are X machines, I excluded some options, and found that I needed to disable as well CONFIG_GRKERNSEC_KMEM for DRM acceleration.
Apart from that, everything working nicely.
Find attached configurations. Hope you like my feedback :)
changing resolution to TEST-REQUEST (more or less leaving this bug open so
others may find the ibook config)