Closed Kalle72 closed 6 years ago
thestinger
commented
6 years ago There won't be install instructions. If someone can't apply a patch, I don't think it's a good idea for them to be building their own kernel. After all, they end up responsible for choosing the configuration, etc.
4.12.9.a, 4.12.9.b, etc. means patches for 4.12.9. I think that's straightforward.
thestinger
commented
6 years ago Additionally, can you explain briefly the differences between your efforts and "https://github.com/minipli/linux-unofficial_grsec"?
That's the last grsecurity 4.9 patch with the upstream 4.9 LTS changes merged in. This is a much different thing.
As is says in the GitHub description:
Supplement to upstream hardening work by the Kernel Self Protection Project. Features already provided by SELinux + Yama aren't within the current scope of this project and neither are archs other than multiarch arm64 / x86_64. Only tags have stable history. Changes from PaX/grsecurity are marked as such. IRC: irc.freenode.net ##linux-hardened
It's a set of clean, split up patches being landed upstream when possible. The aim is to slowly gain back the same set of features as before, but in a way that's much more maintainable. It will have minimal downstream changes by only carrying code rejected for political reasons in the long term while everything else can land upstream. It relies on SELinux to provide the access control features including restrictions on runtime code injection.
Kalle72
commented
6 years ago Thanks a lot! I will try it!
Hello,
are there any instructions how to install your patch set onto a "vanilla-kernel"? Is there a version mapping, e. g. patchset 4.12.9 belongs to the vanilla-kernel 4.12.9? (I am on gentoo hardened and seeking for a new hardened kernel)
Additionally, can you explain briefly the differences between your efforts and "https://github.com/minipli/linux-unofficial_grsec"?
Thanks in advance!