Rhel5 kernel + pax

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Rhel5 kernel + pax

Postby unixro » Fri Oct 26, 2007 1:45 pm

Hi there,
i want to have rhel5 kernel + pax but i can't find older patches for 2.6.18. Can anyone give me any hints with this?
unixro
 
Posts: 3
Joined: Fri Oct 26, 2007 8:15 am

Postby Kp » Fri Oct 26, 2007 8:26 pm

Generally, it is best to stay current. Is there a reason you need to use a 2.6.18 kernel with RHEL5? If not, you should consider using the most current kernel for which a stable GRsecurity / PaX patch is available.
Kp
 
Posts: 46
Joined: Tue Sep 20, 2005 12:56 am

Postby unixro » Sat Oct 27, 2007 4:07 am

Generally yes, but if after putting a new kernel with latest patches and then i have to change more of the services on the server then, it's best to install a new one rather then rebuilding it all over.
unixro
 
Posts: 3
Joined: Fri Oct 26, 2007 8:15 am

Postby PaX Team » Sun Oct 28, 2007 6:41 am

unixro wrote:Generally yes, but if after putting a new kernel with latest patches and then i have to change more of the services on the server then, it's best to install a new one rather then rebuilding it all over.
what kernel changes require you to change userland?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby unixro » Mon Oct 29, 2007 5:15 am

I guess on rhel5 almost none (or iptables ) but, if i want that on rhel4 then most probably udev, iptables and others.
unixro
 
Posts: 3
Joined: Fri Oct 26, 2007 8:15 am

Postby PaX Team » Mon Oct 29, 2007 7:39 am

unixro wrote:I guess on rhel5 almost none (or iptables ) but, if i want that on rhel4 then most probably udev, iptables and others.
i see, but i think iptables should be backwards compatible with older kernels (so that you can still boot the old one in case of problems), however i'm not sure about udev. i was actually more interested in the services that fail on a newer kernel.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support

cron