grsecurity forums

[pdh0710]

(Please excuse my English)

Hi... I am a newbie for grsecurity and have a basic question.

I'm planning to install grsecurity in a Ubuntu 14.04 system. The kernel verion of Ubuntu 14.04 is 3.13
and most recent grsecurity stable is for kernel 3.14.23 (grsecurity-3.0-3.14.23-201410312212.patch).
So I think grsecurity is good for enhancing security of Ubuntu 14.04. Am I right?

However I wonder... If Ubuntu updates its kernel(Ubuntu frequently updates and patches its kernel),
what happens? The kernel update will be also good for grsecurity installed Ubuntu? Or will make
kernel panic?

[N8Fear]

grsecurity is a kernel patch and as such applied to the sources of the kernel before compiling it. You should match kernel version and grsecurity patch version, e.g. if you want to use grsecurity-3.0-3.14.23-201410312212.patch you should apply that to the 3.14.23 sources.
Unless Ubuntu provides grsecurity patched kernels you don't have to care about ubuntu's kernels (as you don't use them anyways).

[pdh0710]

Thank you, N8Fear. I can understand more clearly.

Then, suppose that I installed grsecurity in Ubuntu 14.04, using kernel 3.14.23 and grsecurity-3.0-3.14.23-201410312212.patch.
After then, Linux kernel is updated to 3.14.24 (Linux kernels are frequently updated, too). What should I do? Just wait for
grsecurity new version for kernel 3.14.24? Or do something else?

[spender]

Just wait for grsecurity to update. Generally updates are made the same day as upstream and all the important security fixes have already been applied weeks prior to them appearing in the updated upstream -stable kernel.

-Brad

[pdh0710]

O.K. I can understand that I do not have to worry about kernel update.
Thank you, Brad.