| 1 |
On 11/18/2011 08:28 AM, Stan Sander wrote: |
| 2 |
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote: |
| 3 |
>> El 18/11/11 05:02, Stan Sander escribió: |
| 4 |
>>> I actually have the grsecurity turned off in the kernel right now, |
| 5 |
>>> though PAX is enabled. I'm still trying to transition to running |
| 6 |
>>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I |
| 7 |
>>> intend to eventually use it and I re-emerged it just in case. BTW I am |
| 8 |
>>> still booting and running in permissive mode for SELinux. |
| 9 |
>> Just to be on the safe side, have you enabled auditing? If you have try |
| 10 |
>> starting the kernel with a high logging level (so most messages get |
| 11 |
>> logged) and check if there are any complains on the screen. |
| 12 |
>> |
| 13 |
> I'll give that a go, though I may not be able to work on it again until |
| 14 |
> tomorrow. |
| 15 |
> |
| 16 |
|
| 17 |
Don't waste any more time on 3.0.9. It has a problem with inserting |
| 18 |
modules and will be removed from the tree in a few hours. Play with |
| 19 |
hardened-sources-3.1.1 which will be there in its place. I'm testing it |
| 20 |
now. |
| 21 |
|
| 22 |
As an aside, please don't use ~arches on production system because part |
| 23 |
of the testing process is seeing what feedback I get from the community |
| 24 |
on those kernels. Only when I've heard nothing bad, and run a kernel |
| 25 |
myself for a while, do I mark it stable. |
| 26 |
|
| 27 |
So I encourage people to play with ~arches in non-critical environments |
| 28 |
and let me know. But do expect the occasional breakage. |
| 29 |
|
| 30 |
|
| 31 |
-- |
| 32 |
Anthony G. Basile, Ph.D. |
| 33 |
Gentoo Linux Developer [Hardened] |
| 34 |
E-Mail : blueness@g.o |
| 35 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 36 |
GnuPG ID : D0455535 |
Archives