Oct 24 2018
Apr 29 2017
upstream ceased open development: https://www.grsecurity.net/passing_the_baton_faq.php
upstream ceased open development: https://www.grsecurity.net/passing_the_baton_faq.php
May 4 2016
Apr 2 2016
Mar 1 2016
Unfortunately the maintainer said that its a big maintenance burden for him but is open to outside help. I asked for this functionality to be added as optional for the source package.
Feb 29 2016
Opened feature request:
Feb 5 2016
The author (Collin Childs) is associated with Tor
Having had a glimpse at the code, it is still missing tons of required
features. Almost everything listed in T301. Anyhow. Good to know.
Coldkernel is a project that is better at what grsecurity-installer was meant to be:
Jan 28 2016
There is no "no duplicate package" policy in that sense. There is a "no
duplicate source code" policy. [Compare: linux-image-686 vs
linux-image-686 are not considered duplicates either. Sharing the very
same source package.] Therefore linux-grsec-generic, linux-grsec-xen,
etc. should not be a policy issue.
Not gonna happen. It took this long to package grsec for Debian because of their no duplicate packages policy so the patch had to be adjusted to work with the Debian flavor of the linux kernel.
Jan 27 2016
What about separate binary packages per hypervisor?
Could support for all hypervisors be enabled at the same time?
Jan 26 2016
Could support for all hypervisors be enabled at the same time?
Jan 25 2016
The problem is the Debian kernel is not compiled with any virtualization support.
Jan 22 2016
What does not work? The package build/install or the grsecurity kernel itself?
Jan 21 2016
You want softmode, right? So why use 'kernel.pax.softmode=0' instead of
'kernel.pax.softmode=1'?
What does not work? The package build/install or the grsecurity kernel
itself?
I tried manually testing the 05-grsec.conf settings with no success. Editing the original grsec.conf doesn't work too. (I tried with the kernel conf lock setting disabled). I don't know what to try now...
Jan 19 2016
debian/rules debian/control misses systemd entries.
OK did the changes but need to test package.
HulaHoop (HulaHoop):
> needs a license header. Its all gplv3. Do you have an example?
needs a license header.
This can very well go to the testers and also the stable repository just
as any package. As long as it's not installed by default there really is
no reason a against it since it requires a manual action to install that
won't be happening accidentally without reading documentation.
Jan 18 2016
Some notes: When copying paxctld all my tabbing disappeared and the file looks hideous.
And how does corsac's repository help with that compared to Debian sid repository?
Yes. Let's go simple for start and then see where we get.
I'm almost done with the exceptions list. I merged some rules to cover Tor Browser and a few other binaries that weren't included. Changed some binary paths to reflect those on Debian...
Why are we back to using corsac's repository? Why not use Debian sid repository and apt pinning instead?
Yes. Merge the first two packages.
Yes. Merge the first two packages.
Package roadmap:
To obtain a binary package or source package to compile?
Jan 17 2016
To land a grsec kernel ASAP we can use corsac's Jessie repo.
To land a grsec kernel ASAP we can use corsac's Jessie repo.
All we need is a dpkg hook and a conf file for paxctld (the latter mirrors the Arch Linux one)
My last comment is wrong. David's description is on point.
Jan 16 2016
Can you shed light on paxctld vs paxrat?
Jan 11 2016
Good question. I asked upstream because it depends on what direction they'll take:
Do you think paxrat will require a .d config file folder? Would we need a custom paxrat.conf?
Do you think paxrat will require a .d config file folder?
Do you think paxrat will require a .d config file folder? Would we need a custom paxrat.conf?