Feature #8604
Evaluate a grsec kernel from corsac's APT repository in Tails
0%
Description
corsac’s repo lives there: http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/
The testing procedure is roughly the same as for Feature #8600, except that instead of adding .deb’s to config/chroot_local-packages/
, one should add corsac’s repo to config/chroot_sources
, and maybe tweak APT pinning in config/chroot_apt/preferences
.
Subtasks
Related issues
Related to Tails - |
Rejected | 2015-01-07 | |
Related to Tails - |
Rejected | 2015-01-08 |
History
#1 Updated by intrigeri 2015-01-08 11:47:28
- related to
Feature #8600: Evaluate a grsec kernel from spender's build service in Tails added
#2 Updated by intrigeri 2015-01-08 12:16:26
- related to
Feature #8605: Compare Debian kernel configuration with the one used in Corsac's grsec kernels added
#3 Updated by intrigeri 2015-01-08 12:26:41
- related to
Feature #8415: Migrate from aufs to overlayfs added
#4 Updated by BitingBird 2015-03-30 22:52:35
#5 Updated by intrigeri 2015-04-05 16:30:19
> See http://www.corsac.net/?rub=blog&post=1573
TL;DR:
- Yves-Alexis has finally updated the packages in his personal APT repo. That’s still a 3.2 kernel.
- Jessie’s kernel (3.16) isn’t a long-term branch, so there won’t be a grsec patch maintained for it
- forward-porting grsec patches from 3.14 (long-term branch) to 3.16 isn’t trivial
- Yves-Alexis has looked at Mempo’s custom kernel, and wasn’t more convinced by the build process than I was
- Yves-Alexis will probably “solve” the problem for himself, and may stop publishing .deb’s; he is hesitating between tracking 3.14 and using 3.19 + upgrading until a new LTS branch appears
To sum up, Yves-Alexis’ APT repo can be useful for the initial evaluation of grsecurity in Tails, but it likely won’t cut it as a long-term solution.
#6 Updated by intrigeri 2015-05-27 10:54:23
Update from corsac on that topic: http://www.corsac.net/?rub=blog&post=1575
> * Yves-Alexis will probably “solve” the problem for himself, and may stop publishing .deb’s; he is hesitating between tracking 3.14 and using 3.19 + upgrading until a new LTS branch appears
Yves-Alexis has published scripts, configuration (and binary packages) for Linux 3.14.
> To sum up, Yves-Alexis’ APT repo can be useful for the initial evaluation of grsecurity in Tails, but it likely won’t cut it as a long-term solution.
That’s still the case.
#7 Updated by intrigeri 2015-06-12 22:07:22
If these kernels lack aufs support, but support overlayfs, then this work will need to be based on feature/8415-overlayfs.
#8 Updated by intrigeri 2016-01-05 16:47:00
- Status changed from Confirmed to Rejected
Now that grsec landed in Debian, I guess this is not relevant anymore. Sorry if I got it wrong!
#9 Updated by intrigeri 2017-01-01 11:27:17
- related to deleted (
)Feature #8415: Migrate from aufs to overlayfs