Re: [arch-general] End of official PaX and grsecurity support in Arch Linux
I found someone from opensuse started to maintain grsec patches for 4.9 kernel series [1]. Maybe it will be possible to add linux-lts-grsec package to AUR based on Daniel's PKGBUILD and config with RANDSTRUCT enabled linked to new upstream source. [1] https://github.com/kdave/grsecurity-patches/tree/master/wip \-- Sent using MsgSafe.io's Free Plan Private, encrypted, online communication For everyone. https://www.msgsafe.io
On Sat, 2017-04-29 at 17:03 +0000, Alexander Harrigan wrote:
I found someone from opensuse started to maintain grsec patches for 4.9 kernel series [1]. Maybe it will be possible to add linux-lts-grsec package to AUR based on Daniel's PKGBUILD and config with RANDSTRUCT enabled linked to new upstream source.
[1] https://github.com/kdave/grsecurity-patches/tree/master/wip
As I mentioned, it can't be called PaX or grsecurity. I also don't think it makes sense to expend time on this. It won't support new hardware and systemd will probably increase the minimum kernel version before the 4.9 LTS is end-of-life. Effort spent on 4.9 is effort not spent on anything that will actually last. If someone decides to do this, they'll also be taking responsibility for maintaining PaX exceptions, etc. and handling any bugs caught by the features or false positives. There will be new issues introduced as the LTS gets changes backported to it.
participants (2)
-
Alexander Harrigan
-
Daniel Micay