Am 13.01.2010 14:31, schrieb James Rayner:
They provide ArchLinux 2009.08 in both 32 and 64 bit with their own kernel with grsecurity (2.6.31.5-grs) How well does this integrate? Arch doesn't have any officially-endorsed grsecurity kernel. Does it require userspace modifications? Have they submitted their package to Arch so the devs can look at it and check for flaws?
In general, kernel's don't need to integrate with anything, and no changes whatsoever should be necessary in userspace. The exception is when the kernel is too old to be compatible with our udev version.
I build my own kernels, not via PKGBUILDs/pacman. They work fine and it's tidy too. Kernels keep to their own directories with the kernel itself a single file in /boot and modules in /lib/modules.
That isn't entirely the point. IIRC SELinux requires lots of support in userspace, this might be the same for grsecurity. I don't know for sure what needs modification though.