Support 2.6.16.X Kernel Series

Discuss and suggest new grsecurity features

Support 2.6.16.X Kernel Series

Postby sega01 » Mon Jan 01, 2007 11:08 am

Hey,

First off, I want to thank you for all of the hard, unpaid, work that you have put into GRSecurity. I am not only suggesting this because I, and many others would like it, but because it would loosen your work load. You push out a very impressive security patch, I feel that this would better it

I know that this has been asked many, many, many, times - but I will make my own case for it.

I am the lead developer for Zenserver (not released yet) and wanted to include the GRSecurity patch in the distribution. I have been very impressed with GRSecurity, and was originally planning to use the 2.4 kernel tree. I'm fairly old school, and once thought that 2.4 was the way-to-go for servers. Everyone told me that 2.4 was just too outdated, and recommended I use 2.6.16.X since it is a stable 2.6 tree. I did lots of research, and found that there are many new features in 2.6 - everything from new drivers, to NUMA, hyperthreading, and more. 2.6.16.X is probably just as, if not more, stable than 2.4.X. The 2.4 kernel is getting very little treatment, and it generally takes a while for them to release a stable 2.4 kernel with a security update. Updating to the latest "stable" release on the 2.6 tree is not very wise, as each 2.6 release has many new changes. 2.6.16.X on the other hand, is like the 2.4 kernel with only driver, bug, and security updates. If you read the changelog ( http://www2.kernel.org/pub/linux/kernel ... -2.6.16.37 ) for the 2.6.16.X tree, it is very active - many people use it for it's reliability. Suprisingly, against my original logic - I have found even the very fresh 2.6 kernels to be very stable.

After reading some previous posts, you stated that 2.6 was very unstable. Since you feel this way, and rebuild you patch to one of the newest, least stable 2.6.X kernels, your user base will probably dwindle away - they must update to a completely new, and different 2.6.X release each time you release an update. Not only would it make it easier on you to support one 2.6.X release, but more distributions would use it. Even if you don't support the well-maintained 2.6.16 release, please consider consistently maintaining a 2.6.X release instead of having to rebuild your code to fit the new features, and forcing users to move to different kernels.

I would really like to use GRSecurity, but I might have to look elsewhere if I can not keep a stable 2.6.X release.

Keep up the good work!

Thanks,
sega01 (Teran McKinney)
sega01
 
Posts: 1
Joined: Mon Jan 01, 2007 10:42 am

Return to grsecurity development