> So linux-grsec supports no out-of-tree module? No requirement on dkms > for it, then. Fine by me.
NVIDIA is the one of the few that would make sense because the PaX upstream actually maintains a patch for it: https://www.grsecurity.net/~paxguy1/nvidia-drivers-361.28-pax.patch If I was going to package it, I would definitely avoid DKMS. DKMS doesn't interact well with grsecurity. The modules need to be built with the same GCC used to compile the kernel. There are GCC plugins and the GCC ABI varies based on version and configuration (i.e. gcc-multilib won't work either). It's not really the same thing as repackaging the nvidia driver for another kernel though. I'll end up having to update the patch myself when it breaks because I'll be one of the first people trying to use it when I rebuild nvidia-grsec after linux-grsec. I just haven't felt like taking on that responsibility.
signature.asc
Description: This is a digitally signed message part
