grsec patch support for longterm kernel 3.4

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

grsec patch support for longterm kernel 3.4

Postby kellerste » Fri Apr 12, 2013 8:05 am

Hi

We wanted to appliy grsec patch 2.9.1 on kernel 3.4.39 that obviously failed (it works for kernel 3.4.7, though).
I also heard that the grsecurity community does not really focus on kernel 3.4 but on 3.6 that is marked as EOL
in the meantime.
Before we talk about the technical part why it failed for kernel 3.4.39, I'm rather more interested in the focus of
the community. We are not interested in upgrading to kernel 3.4 if you do not "really" support it.

The reason why we don't use kernel 3.2 is because we experienced some issues (that no one else seems to have
or they don't worry about them) and kernel 3.4 has some features we rely on.

Thank you for your feedback!

Best regards
Stefan
kellerste
 
Posts: 1
Joined: Fri Apr 12, 2013 7:50 am

Re: grsec patch support for longterm kernel 3.4

Postby PaX Team » Fri Apr 12, 2013 11:17 am

the current situation is this:

2.6.32.x: i stopped backporting PaX changes earlier this year but spender keeps backporting both grsec changes and vanilla fixes (even those that don't make it into the official stable series) for some more time.
3.2.x: this is our current stable series that we'll continue to support for probably 2 years more. this means that both PaX and grsec changes and the vanilla fixes we spot get backported here.
3.8.x: this is our current test series that we'll stop supporting once we move to 3.9, etc.

so to answer your question, we stopped supporting both 3.4 and 3.6 at the time we moved to 3.5 and 3.7, respectively. if you're looking for using a particular series with support from us then it should be 3.2 and if as you say, it has problems, you should let the kernel devs know as it's a long term supported kernel for them as well. if you really need 3.4 then your best option would be to take the current grsec 3.2.x patch and forward port it to 3.4 but this is going to be quite some work. if you need 3.6 or similar you should probably backport from 3.8. of course after the initial backward/forward port you'd have to keep up with our changes but that's usually much less work.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support

cron