| 1 |
Hi Folks- |
| 2 |
|
| 3 |
I've read a little discussion in the archive on this subject (such as |
| 4 |
http://www.mail-archive.com/gentoo-hardened@l.g.o/msg00338.html) |
| 5 |
but not much and not recently. |
| 6 |
|
| 7 |
I've also read a little discussion in non-gentoo forums: |
| 8 |
http://linux.slashdot.org/article.pl?sid=05/11/01/0444221 |
| 9 |
|
| 10 |
As I try to do this, it's just dawned on me that by going strictly with |
| 11 |
gentoo packages, I can have a kernel running from either: |
| 12 |
|
| 13 |
xen-sources (which patches the kernel for xen but not for |
| 14 |
SELinux/PaX/GRSecurity) |
| 15 |
|
| 16 |
or |
| 17 |
|
| 18 |
hardened-sources (which patches the kernel for SELinux/PaX/GRSecurity |
| 19 |
but not for xen) |
| 20 |
|
| 21 |
If I wanted all four of the Xen/SELinux/PaX/GRSecurity patch sets |
| 22 |
incorporated into a kernel, any recommendations for doing this? |
| 23 |
|
| 24 |
Ideas: |
| 25 |
|
| 26 |
1) start with xen-sources and apply the hardened patches by hand (seems |
| 27 |
like it might be daunting) |
| 28 |
|
| 29 |
2) start with hardened-sources and apply the xen patches by hand (also |
| 30 |
seems daunting though maybe a tad less so) |
| 31 |
|
| 32 |
3) start with vanilla-sources and apply gentoo patches, hardened |
| 33 |
patches, and xen patches by hand (and any others I think I need) |
| 34 |
|
| 35 |
4) don't even bother with gentoo kernel packages and just handle the |
| 36 |
kernel as a software package that's not in portage and get the vanilla |
| 37 |
kernel tarball and desired patches and do the patching myself by hand |
| 38 |
|
| 39 |
Has anyone done anything like this? Is it silly to even think that the |
| 40 |
hand-applied patches will apply without rejects? |
| 41 |
|
| 42 |
Or should I be doing a strictly Xen kernel as the host kernel and if I |
| 43 |
want SELinux/PaX/GRSecurity, put that in a guest kernel? But doesn't |
| 44 |
the guest kernel also have to be patched for xen? In which case the |
| 45 |
original question of getting a kernel patched with all four still applies. |
| 46 |
|
| 47 |
I'm so confused.... |
| 48 |
|
| 49 |
Thanks. |
| 50 |
|
| 51 |
-Kevin |
| 52 |
-- |
| 53 |
gentoo-hardened@g.o mailing list |
Archives