[arch-general] End of official PaX and grsecurity support in Arch Linux
Daniel Micay
danielmicay at gmail.com
Sat Apr 29 19:19:48 UTC 2017
On Sat, 2017-04-29 at 17:03 +0000, Alexander Harrigan wrote:
> I found someone from opensuse started to maintain grsec patches for
> 4.9 kernel
> series [1]. Maybe it will be possible to add linux-lts-grsec package
> to AUR
> based on Daniel's PKGBUILD and config with RANDSTRUCT enabled linked
> to new
> upstream source.
>
> [1] https://github.com/kdave/grsecurity-patches/tree/master/wip
As I mentioned, it can't be called PaX or grsecurity. I also don't think
it makes sense to expend time on this. It won't support new hardware and
systemd will probably increase the minimum kernel version before the 4.9
LTS is end-of-life. Effort spent on 4.9 is effort not spent on anything
that will actually last. If someone decides to do this, they'll also be
taking responsibility for maintaining PaX exceptions, etc. and handling
any bugs caught by the features or false positives. There will be new
issues introduced as the LTS gets changes backported to it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170429/71f4f67b/attachment.asc>
More information about the arch-general
mailing list