hi!
would it possible to provide smaller patches instead of the huge grsecurity-patch?
one for e.g: pax, grsec, rbac...
applying the entire patch to a non-vanilla kernel is really hard.
and sometimes it don't need pax or rbac.
thanks,
//richard
splitting up the patch
4 posts
• Page 1 of 1
splitting up the patch
by derRichard » Sun Jan 01, 2006 6:12 am
- derRichard
- Posts: 10
- Joined: Fri Aug 29, 2003 3:15 pm
Re: splitting up the patch
by PaX Team » Sun Jan 01, 2006 3:27 pm
possible - yes, will it actually happen - no. the reasons are several, such as lack of developer time, motivation, complexity of the task (there're several cross-dependencies between features, it's not that easy to provide patches that you can cherry-pick, at least not without effectively maintaining branches).derRichard wrote:would it possible to provide smaller patches instead of the huge grsecurity-patch?
one for e.g: pax, grsec, rbac...
applying it to a new vanilla kernel is hard enough as wellapplying the entire patch to a non-vanilla kernel is really hard.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Picking patches
by Kp » Sun Jan 01, 2006 7:10 pm
If you and spender ever change your minds, what about providing the patches with dependency lists, instead of trying to fully separate them? For instance, must have RBAC before PaX can be installed, but the user could stop after applying just RBAC. Though you'd still have to do some work to break up the pieces, that'd be easier than trying to have each subsystem selectable independently of any other.
On a related note, how many people are involved in the GRsecurity project - just spender and PaX team? Also, how many people are behind the alias PaX team?
On a related note, how many people are involved in the GRsecurity project - just spender and PaX team? Also, how many people are behind the alias PaX team?
- Kp
- Posts: 46
- Joined: Tue Sep 20, 2005 12:56 am
4 posts
• Page 1 of 1