grsecurity forums

Hello,

I'd like to apply grsec's patches to the latest Ubuntu 10 kernel (https://launchpad.net/ubuntu/+source/linux/2.6.32-14.20), using my custom .config.

I cannot simply patch vanilla because Ubuntu's version (vanilla kernel + ubuntu patches) is needed for certain functionalities & stability in ubuntu. And I cannot install a pre-built .deb because I need to customize the configuration...

Is there a way to apply grsec to ubuntu's kernel or should I forget about using it in ubuntu? :-\

Thanks.

I wonder what "certain functionalities & stability in ubuntu" you need. On the ubuntu system I have the vanilla kernel with grsecurity patch works fine (after I editted /etc/fstab).

Grsecurity is not supported with the Ubuntu kernel.

Well, mainly fixes for regressions (e.g. https://bugs.launchpad.net/ubuntu/+sour ... bug/510937), better partition management functionality (e.g. viewtopic.php?f=3&t=2242#p9527), etc. Of course you *can* use vanilla but you lose these patches.

Since I want to install grsec on my desktop pc (not a server), if I had to choose only one between fixes (ubuntu's patches) and hardening (grsec's patches) I'd probably choose the fixes, but I hope I can have both...

As for the "better partition management":
The real problem there was that ubuntu uses a grub2-script which is not capable of adding the right information needed to start (not a kernel problem).
If you have only one harddrive in your pc the extra options in fstab yield no advantage.

On the contrary!

Ok, thanks for clarifying - but what about regressions? (extra delay on boot etc.) If only those patches were included in "vanilla" kernel...

Those regressions are a matter of priority. If you think it's important to start 5 seconds faster you might need them.
The same goes for all patches, you need to decide yourself where your priorities are.

You could try a grsecurity kernel as optional (not default) kernel if you start, just to try it out.
You will find there are more hurdles to take.