[2016-03-15 19:49:25 -0400] Daniel Micay: > > To me the issue is people pushing new kernels to the repos but not > > being > > able to provide the same level of support that we have for mainline. > > Offloading out-of-tree module rebuilds to end users instead of doing > > it > > ourselves is clearly not the right solution. > > > > So I say: remove each non-mainline kernel of which the maintainer is > > unwilling to support the corresponding out-of-tree modules. After > > all, > > as Allan points out, rebuilding them is a simple script job... > > > > Cheers. > > In general, out-of-tree modules aren't compatible with linux-grsec. It > is not enough to simply rebuild them. It would require actively keeping > them compatible by maintaining patches for them and possibly working > with the upstreams for the out-of-tree modules for cases where bugs are > being uncovered rather than false positives / tweaks for compatibility. > > Some out-of-tree modules aren't going to be compatible with the chosen > configuration at all, similar to how Xen support is disabled in favour > of having the hardening features marked as incompatible with it. > > The NVIDIA driver and broadcom-wl need to be patched and and VirtualBox > is semi-incompatible with the chosen configuration. AFAIK, users would > need to rebuild the kernel with a couple options disabled for all the > VirtualBox features to work.
So linux-grsec supports no out-of-tree module? No requirement on dkms for it, then. Fine by me. -- Gaetan
signature.asc
Description: PGP signature
