grsecurity forums

Hi

We wanted to appliy grsec patch 2.9.1 on kernel 3.4.39 that obviously failed (it works for kernel 3.4.7, though).
I also heard that the grsecurity community does not really focus on kernel 3.4 but on 3.6 that is marked as EOL
in the meantime.
Before we talk about the technical part why it failed for kernel 3.4.39, I'm rather more interested in the focus of
the community. We are not interested in upgrading to kernel 3.4 if you do not "really" support it.

The reason why we don't use kernel 3.2 is because we experienced some issues (that no one else seems to have
or they don't worry about them) and kernel 3.4 has some features we rely on.

Thank you for your feedback!

Best regards
Stefan

the current situation is this:

2.6.32.x: i stopped backporting PaX changes earlier this year but spender keeps backporting both grsec changes and vanilla fixes (even those that don't make it into the official stable series) for some more time.
3.2.x: this is our current stable series that we'll continue to support for probably 2 years more. this means that both PaX and grsec changes and the vanilla fixes we spot get backported here.
3.8.x: this is our current test series that we'll stop supporting once we move to 3.9, etc.

so to answer your question, we stopped supporting both 3.4 and 3.6 at the time we moved to 3.5 and 3.7, respectively. if you're looking for using a particular series with support from us then it should be 3.2 and if as you say, it has problems, you should let the kernel devs know as it's a long term supported kernel for them as well. if you really need 3.4 then your best option would be to take the current grsec 3.2.x patch and forward port it to 3.4 but this is going to be quite some work. if you need 3.6 or similar you should probably backport from 3.8. of course after the initial backward/forward port you'd have to keep up with our changes but that's usually much less work.