Archives
Archives
| From: | "Anthony G. Basile" <blueness@g.o> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | [gentoo-hardened] BFS scheduler and GRSEC/PaX patches | ||
| Date: | Thu, 31 Mar 2011 18:04:06 | ||
| Message-Id: | 4D94B980.8050103@gentoo.org | ||
| In Reply to: | Re: [gentoo-hardened] Hardened meeting log 2011-03-23 20:00 UTC by "Anthony G. Basile" |
||
| 1 | Hi everyone, |
| 2 | |
| 3 | I've merged together the BFS scheduler patch by Con Kolivas [1], and the |
| 4 | grsecurity patch[2]. There were some innocent mismatches and some not |
| 5 | so innocent. I hacked up the BFS patch so that it applies *after* the |
| 6 | hardened-sources patches which includes the grsecurity patch. |
| 7 | |
| 8 | You can get the hacked up BFS patch at |
| 9 | |
| 10 | http://dev.gentoo.org/~blueness/misc/hardened-bfs-2.6.38.patch |
| 11 | |
| 12 | GPG: http://dev.gentoo.org/~blueness/misc/hardened-bfs-2.6.38.patch.asc |
| 13 | |
| 14 | These are only available for 2.6.38. To apply, first |
| 15 | |
| 16 | emerge =sys-kernel/hardened-sources-2.6.38 |
| 17 | |
| 18 | then cd into /usr/src/linux-2.6.38-hardened and |
| 19 | |
| 20 | patch -p 1 < /path-to/hardened-bfs-2.6.38.patch |
| 21 | |
| 22 | Compile and enjoy(?) WARNING: This is untested in the wild. It works |
| 23 | on in a VM but should be considered unstable. Let me know if your |
| 24 | system doesn't blow up. |
| 25 | |
| 26 | For those of you unfamiliar, BFS scheduler reduces latency on desktop |
| 27 | systems, especially under heavy load. So now you can run your desktop |
| 28 | fast and hard. (I'm sure there's a bad pun in there somewhere :) |
| 29 | |
| 30 | Refs |
| 31 | |
| 32 | [1] http://users.on.net/~ckolivas/kernel/ |
| 33 | [2] http://grsecurity.net/ |
| 34 | |
| 35 | |
| 36 | -- |
| 37 | Anthony G. Basile, Ph.D. |
| 38 | Gentoo Developer |