Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Miroslav Rovis <miro.rovis@××××××××××××××.hr>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Unofficial grsec kernel install WAS: Technical repercussions of grsecurity removal
Date: Tue, 09 May 2017 14:30:06
Message-Id: 20170509142841.GA5528@g0n.xdwgrp
In Reply to: Re: [gentoo-hardened] Technical repercussions of grsecurity removal by Miroslav Rovis
1 On 170509-01:31+0200, Miroslav Rovis wrote:
2 > On 170508-22:49+0200, Miroslav Rovis wrote:
3 > > ...
4 > > I'll be back with an ebuild to discuss.
5 > > ...
6 > > On 170508-22:07+0200, Mathias Krause wrote:
7 > > > On 8 May 2017 at 20:08, Miroslav Rovis <miro.rovis@××××××××××××××.hr> wrote:
8 > ...
9 > > > > Unofficial forward ports of the last publicly available grsecurity patch
10 > > > > https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
11 > > > >
12 > > > > which I cloned into my machine.
13 ...
14
15 I managed to install:
16
17 $ uname -r
18 4.9.27-hardened-unofficial_grsec-170509_14
19 $
20
21 The issues I had were trivial, only some familiarizing with the methods.
22
23 So far, booting into the new kernel, and deployment, all is fine,
24 absolutely regular (*so far*).
25
26 If anybody would need it, I can try and make a step by step notes the
27 next time I do the building in my Air-Gapped, which is soon. Much
28 later will be harder to reproduce the steps correctly without actually
29 doing it.
30
31 Here's my ebuild, and the genpatches and hardened-patches listing, if it
32 helps (often developers discuss here, which is fine, but I'm writing
33 this for users).
34
35 hardened-sources-4.9.27.ebuild
36
37 # ls -ABRgo /usr/portage/distfiles/{hardened-patches-4.9.27-1.extras.tar.bz2,genpatches-4.9-27.base.tar.xz}
38 -rw-r--r-- 1 536200 2017-05-09 13:02 /usr/portage/distfiles/genpatches-4.9-27.base.tar.xz
39 -rw-r--r-- 1 1997214 2017-05-09 14:08 /usr/portage/distfiles/hardened-patches-4.9.27-1.extras.tar.bz2
40 #
41
42 ls -ABRgo genpatches-4.9-27/
43 genpatches-4.9-27/:
44 total 2432
45 -rw-r--r-- 1 5412 2017-04-18 14:29 0000_README
46 -rw-r--r-- 1 114367 2017-04-18 14:29 1000_linux-4.9.1.patch
47 -rw-r--r-- 1 141140 2017-04-18 14:29 1001_linux-4.9.2.patch
48 -rw-r--r-- 1 264856 2017-04-18 14:29 1002_linux-4.9.3.patch
49 -rw-r--r-- 1 58683 2017-04-18 14:29 1003_linux-4.9.4.patch
50 -rw-r--r-- 1 177665 2017-04-18 14:29 1004_linux-4.9.5.patch
51 -rw-r--r-- 1 149694 2017-04-18 14:29 1005_linux-4.9.6.patch
52 -rw-r--r-- 1 71811 2017-04-18 14:29 1006_linux-4.9.7.patch
53 -rw-r--r-- 1 64550 2017-04-18 14:29 1007_linux-4.9.8.patch
54 -rw-r--r-- 1 78333 2017-04-18 14:29 1008_linux-4.9.9.patch
55 -rw-r--r-- 1 73914 2017-04-18 14:29 1009_linux-4.9.10.patch
56 -rw-r--r-- 1 60460 2017-04-18 14:29 1010_linux-4.9.11.patch
57 -rw-r--r-- 1 21015 2017-04-18 14:29 1011_linux-4.9.12.patch
58 -rw-r--r-- 1 34344 2017-04-18 14:29 1012_linux-4.9.13.patch
59 -rw-r--r-- 1 220480 2017-04-18 14:29 1013_linux-4.9.14.patch
60 -rw-r--r-- 1 96906 2017-04-18 14:29 1014_linux-4.9.15.patch
61 -rw-r--r-- 1 52098 2017-04-18 14:29 1015_linux-4.9.16.patch
62 -rw-r--r-- 1 195764 2017-04-18 14:29 1016_linux-4.9.17.patch
63 -rw-r--r-- 1 29223 2017-04-18 14:29 1017_linux-4.9.18.patch
64 -rw-r--r-- 1 101849 2017-04-18 14:29 1018_linux-4.9.19.patch
65 -rw-r--r-- 1 17310 2017-04-18 14:29 1019_linux-4.9.20.patch
66 -rw-r--r-- 1 148261 2017-04-18 14:29 1020_linux-4.9.21.patch
67 -rw-r--r-- 1 207889 2017-04-18 14:29 1021_linux-4.9.22.patch
68 -rw-r--r-- 1 40950 2017-04-18 14:29 1022_linux-4.9.23.patch
69 -rw-r--r-- 1 2369 2017-04-18 14:29 1500_XATTR_USER_PREFIX.patch
70 -rw-r--r-- 1 717 2017-01-12 13:09 1510_fs-enable-link-security-restrictions-by-default.patch
71 -rw-r--r-- 1 3056 2017-04-18 14:29 2300_enable-poweroff-on-Mac-Pro-11.patch
72 -rw-r--r-- 1 1205 2017-04-18 12:46 2900_dev-root-proc-mount-fix.patch
73
74 ls -ABRgo 4.9.27/
75 4.9.27/:
76 total 9404
77 -rw-r--r-- 1 2240 2017-05-09 13:04 0000_README
78 -rw-r--r-- 1 101631 2017-04-22 17:58 1023_linux-4.9.24.patch
79 -rw-r--r-- 1 25435 2017-05-09 14:08 1024_linux-4.9.25.patch
80 -rw-r--r-- 1 57956 2017-05-09 14:08 1025_linux-4.9.26.patch
81 -rw-r--r-- 1 29538 2017-05-09 14:07 1026_linux-4.9.27.patch
82 -rw-r--r-- 1 9352316 2017-05-09 11:57 4420_grsecurity-3.1-4.9.27-201705082100.patch
83 -rw-r--r-- 1 665 2016-11-10 01:55 4425_grsec_remove_EI_PAX.patch
84 -rw-r--r-- 1 1359 2017-01-01 18:15 4426_default_XATTR_PAX_FLAGS.patch
85 -rw-r--r-- 1 1444 2017-02-15 14:14 4427_force_XATTR_PAX_tmpfs.patch
86 -rw-r--r-- 1 303 2015-08-14 08:04 4430_grsec-remove-localversion-grsec.patch
87 -rw-r--r-- 1 1528 2016-08-14 12:16 4435_grsec-mute-warnings.patch
88 -rw-r--r-- 1 641 2015-08-14 08:04 4440_grsec-remove-protected-paths.patch
89 -rw-r--r-- 1 4184 2016-12-14 13:33 4450_grsec-kconfig-default-gids.patch
90 -rw-r--r-- 1 2616 2016-12-14 13:32 4465_selinux-avc_audit-log-curr_ip.patch
91 -rw-r--r-- 1 2553 2017-02-15 14:14 4470_disable-compat_vdso.patch
92 -rw-r--r-- 1 1467 2017-01-16 22:22 4475_emutramp_default_on.patch
93
94 Regards!
95 --
96 Miroslav Rovis
97 Zagreb, Croatia
98 https://www.CroatiaFidelis.hr

Attachments

File name MIME type
hardened-sources-4.9.27.ebuild text/plain
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups