1 |
On 11/18/2011 08:28 AM, Stan Sander wrote: |
2 |
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote: |
3 |
>> El 18/11/11 05:02, Stan Sander escribió: |
4 |
>>> I actually have the grsecurity turned off in the kernel right now, |
5 |
>>> though PAX is enabled. I'm still trying to transition to running |
6 |
>>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I |
7 |
>>> intend to eventually use it and I re-emerged it just in case. BTW I am |
8 |
>>> still booting and running in permissive mode for SELinux. |
9 |
>> Just to be on the safe side, have you enabled auditing? If you have try |
10 |
>> starting the kernel with a high logging level (so most messages get |
11 |
>> logged) and check if there are any complains on the screen. |
12 |
>> |
13 |
> I'll give that a go, though I may not be able to work on it again until |
14 |
> tomorrow. |
15 |
> |
16 |
|
17 |
Don't waste any more time on 3.0.9. It has a problem with inserting |
18 |
modules and will be removed from the tree in a few hours. Play with |
19 |
hardened-sources-3.1.1 which will be there in its place. I'm testing it |
20 |
now. |
21 |
|
22 |
As an aside, please don't use ~arches on production system because part |
23 |
of the testing process is seeing what feedback I get from the community |
24 |
on those kernels. Only when I've heard nothing bad, and run a kernel |
25 |
myself for a while, do I mark it stable. |
26 |
|
27 |
So I encourage people to play with ~arches in non-critical environments |
28 |
and let me know. But do expect the occasional breakage. |
29 |
|
30 |
|
31 |
-- |
32 |
Anthony G. Basile, Ph.D. |
33 |
Gentoo Linux Developer [Hardened] |
34 |
E-Mail : blueness@g.o |
35 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
36 |
GnuPG ID : D0455535 |