Hello,
I'd like to apply grsec's patches to the latest Ubuntu 10 kernel (https://launchpad.net/ubuntu/+source/linux/2.6.32-14.20), using my custom .config.
I cannot simply patch vanilla because Ubuntu's version (vanilla kernel + ubuntu patches) is needed for certain functionalities & stability in ubuntu. And I cannot install a pre-built .deb because I need to customize the configuration...
Is there a way to apply grsec to ubuntu's kernel or should I forget about using it in ubuntu? :-\
Thanks.
Applying grsec to Ubuntu kernel
6 posts
• Page 1 of 1
Applying grsec to Ubuntu kernel
by rez » Mon Feb 22, 2010 1:35 pm
- rez
- Posts: 5
- Joined: Mon Feb 22, 2010 1:17 pm
Re: Applying grsec to Ubuntu kernel
by specs » Mon Feb 22, 2010 2:05 pm
I wonder what "certain functionalities & stability in ubuntu" you need. On the ubuntu system I have the vanilla kernel with grsecurity patch works fine (after I editted /etc/fstab).
Grsecurity is not supported with the Ubuntu kernel.
Grsecurity is not supported with the Ubuntu kernel.
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
Re: Applying grsec to Ubuntu kernel
by rez » Mon Feb 22, 2010 3:01 pm
Well, mainly fixes for regressions (e.g. https://bugs.launchpad.net/ubuntu/+sour ... bug/510937), better partition management functionality (e.g. viewtopic.php?f=3&t=2242#p9527), etc. Of course you *can* use vanilla but you lose these patches.
Since I want to install grsec on my desktop pc (not a server), if I had to choose only one between fixes (ubuntu's patches) and hardening (grsec's patches) I'd probably choose the fixes, but I hope I can have both...
Since I want to install grsec on my desktop pc (not a server), if I had to choose only one between fixes (ubuntu's patches) and hardening (grsec's patches) I'd probably choose the fixes, but I hope I can have both...
- rez
- Posts: 5
- Joined: Mon Feb 22, 2010 1:17 pm
Re: Applying grsec to Ubuntu kernel
by specs » Mon Feb 22, 2010 6:58 pm
As for the "better partition management":
The real problem there was that ubuntu uses a grub2-script which is not capable of adding the right information needed to start (not a kernel problem).
If you have only one harddrive in your pc the extra options in fstab yield no advantage.
On the contrary!
The real problem there was that ubuntu uses a grub2-script which is not capable of adding the right information needed to start (not a kernel problem).
If you have only one harddrive in your pc the extra options in fstab yield no advantage.
On the contrary!
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
Re: Applying grsec to Ubuntu kernel
by rez » Tue Feb 23, 2010 2:12 am
Ok, thanks for clarifying - but what about regressions? (extra delay on boot etc.) If only those patches were included in "vanilla" kernel...
- rez
- Posts: 5
- Joined: Mon Feb 22, 2010 1:17 pm
Re: Applying grsec to Ubuntu kernel
by specs » Tue Feb 23, 2010 2:23 am
Those regressions are a matter of priority. If you think it's important to start 5 seconds faster you might need them.
The same goes for all patches, you need to decide yourself where your priorities are.
You could try a grsecurity kernel as optional (not default) kernel if you start, just to try it out.
You will find there are more hurdles to take.
The same goes for all patches, you need to decide yourself where your priorities are.
You could try a grsecurity kernel as optional (not default) kernel if you start, just to try it out.
You will find there are more hurdles to take.
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
6 posts
• Page 1 of 1