[arch-dev-public] providing grsecurity in [community]

Daniel Micay danielmicay at gmail.com
Sat Apr 19 18:28:30 EDT 2014

On 19/04/14 06:23 PM, Tom Gundersen wrote:
> On Sat, Apr 19, 2014 at 11:58 PM, Daniel Micay <danielmicay at gmail.com> wrote:
>> On 19/04/14 05:25 PM, Tom Gundersen wrote:
>>> In short, work on grsec if you want, but please let's not use that as
>>> an excuse to discourage people from working on similar features for
>>> the main kernel.
>> For example, if someone opens a bug asking to enable CONFIG_AUDIT again,
>> will it really be accepted? The workaround for containers landed in systemd.
>> http://cgit.freedesktop.org/systemd/systemd/commit/?id=24fb111
> That is clearly not an acceptable long-term solution. As far as I know
> audit is being fixed upstream to make this temporary work-around
> unnecessary.
> -t

It's enough for CONFIG_AUDIT to be enabled in our kernel without
breaking containers. It's not enough to have it work in containers, but
it's already not working in containers today because it was disabled.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140419/f059a363/attachment.asc>

More information about the arch-dev-public mailing list