From: | Michael Orlitzky <mjo@g.o> | ||
---|---|---|---|
To: | gentoo-project@l.g.o | ||
Subject: | Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream | ||
Date: | Fri, 23 Jun 2017 18:48:08 | ||
Message-Id: | ff99db04-f761-0ea7-5b8c-22d47a9a325f@gentoo.org | ||
In Reply to: | Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream by "Toralf Förster" |
1 | On 06/23/2017 01:49 PM, Toralf Förster wrote: |
2 | > |
3 | > I do wonder, if the PAX marking logic could detect a running |
4 | > non-hardened kernel and therefore silently skip the step ? |
5 | > |
6 | |
7 | If it did that, you'd have to "emerge -e @world" every time you booted |
8 | into a hardened kernel after running a vanilla one. To add to the |
9 | trouble, that "emerge" would probably fail due to things being killed by |
10 | PaX. |