| 1 |
I see… I’m sorry to hear that. |
| 2 |
|
| 3 |
The grsecurity-sources overlay seems to be tracking minipli’s unofficial port. So that’s what you already got as a recommendation, with the convenience of ebuilds to match. |
| 4 |
|
| 5 |
It looks like the latest release from minipli’s is based off of Linux 4.9.74 (early January ; the last one before Spectre / Meltdown mitigations got merged into upstream kernels), with the latest upstream version today being 4.9.91. So minipli’s kernel is starting to be quite a bit behind upstream too. He did mention that it would take him a significant amount of time to forward port with KAISER / KPTI. So he might just be working on it, still. |
| 6 |
|
| 7 |
Minipli’s kernel might still be your best option after all, but I haven’t reviewed the patches that made it to upstream between 4.9.74 and 4.9.91 so I’m not sure what you’d be missing out on at the moment by choosing to go with it. |
| 8 |
|
| 9 |
|
| 10 |
Best, |
| 11 |
|
| 12 |
– Guillaume Ceccarelli |
| 13 |
|
| 14 |
> On Mar 30, 2018, at 17:37, Robert Sharp <selinux@×××××××××××××××.org> wrote: |
| 15 |
> |
| 16 |
> I requested a quote from GRsecurity and they told me that although they are looking at providing a package for personal customers they don't have one at the moment. They recommended minipli as the next best thing... |
| 17 |
> |
| 18 |
> What about the grsecurity-source overlay? |
| 19 |
> |
| 20 |
> On 29/03/18 11:47, Guillaume Ceccarelli wrote: |
| 21 |
>> Hi all, |
| 22 |
>> |
| 23 |
>> I’ve been a grsecurity customer for a little over two years now, and my use of it is as a small business, on Gentoo server installations. While I can’t disclose the amount of money I’m paying publicly because every deal is customized, I would encourage you to get in touch using the contact form on grsecurity.net <http://grsecurity.net/> and ask for a quote if you haven’t already. |
| 24 |
>> |
| 25 |
>> You might just end up with an arrangement you can afford, and grsec is still certainly worth having today. Not only for the feature set, but also for the constant looking over the mainline Linux kernel code, including fixing and backporting more fixes than the regular kernel stable releases, and for knowledge / emails giving context to important kernel vulnerabilities when they occur. |
| 26 |
>> |
| 27 |
>> |
| 28 |
>> Best, |
| 29 |
>> |
| 30 |
>> – Guillaume Ceccarelli |
| 31 |
>> |
| 32 |
>> On 28 Mar 2018, at 20:22, R0b0t1 <r030t1@×××××.com <mailto:r030t1@×××××.com>> wrote: |
| 33 |
>> |
| 34 |
>>> On Wed, Mar 28, 2018 at 12:40 PM, Alex Efros <powerman@××××××××.name <mailto:powerman@××××××××.name>> wrote: |
| 35 |
>>>> Hi! |
| 36 |
>>>> |
| 37 |
>>>> On Wed, Mar 28, 2018 at 06:06:00PM +0100, Robert Sharp wrote: |
| 38 |
>>>>> Does anyone know of a good, post GRSecurity guide to reasonable security |
| 39 |
>>>>> for the kernel? In the absence of anything else I will have to go back |
| 40 |
>>>>> to the KSPP list and start removing stuff until I can get a stable kernel. |
| 41 |
>>>> |
| 42 |
>>>> I'm using https://github.com/minipli/linux-unofficial_grsec <https://github.com/minipli/linux-unofficial_grsec>, but it lacks |
| 43 |
>>>> Spectre and Meltdown mitigation at the moment (see issues). Still, I |
| 44 |
>>>> believe it's the best we can have now (better is probably paid GrSec, but |
| 45 |
>>>> AFAIK it's impossible or too costly to buy it for home or small business). |
| 46 |
>>>> |
| 47 |
>>> |
| 48 |
>>> Previous contributors have access to the code, but it doesn't seem |
| 49 |
>>> like there is any way to go that route anymore. |
| 50 |
>>> |
| 51 |
> |
Archives