On mer., 2011-12-28 at 05:45 +0100, Carlos Alberto Lopez Perez wrote: > Hello, > > > What is the status of this? It has been a looong time ago since last update.
Sorry for the delay. As the BTS doesn't automatically CC the submitter, please keep me on CC: when replying to this bug. For sid, I keep updating the kernels from time to time, you can see the grsec-patches (against the sid svn branch) at http://anonscm.debian.org/gitweb/ and binary packages can be found at http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/sid/ (I don't upload every built kernel there since it's a bit huge. For squeeze, I'm a bit lagging but I should update both the relevant branch in grsec-patches and the repository. I don't give a status update each time I update the repositories in order not to flood people, and I still hope some positive answer from the kernel team (until it's obvious it's too late for Wheezy). > > > I am also interested in having a Debian kernel with the grsec+pax > featureset and I am sure that many sysadmins would appreciate this > possibility. There is a huge user base of grsec from hosting companies. Thanks for the support. > > > I agree that this RBAC thing may be not interesting for everybody giving > the fact that it duplicates some functionality (we already have SELinux > and TOMOYO). > > > So if you really feel so strong about removing this feature from the > debian-grsec-kernel it can be easily done just by setting > CONFIG_GRKERNSEC_NO_RBAC=y in the .config (there is no need to ask > upstream to split the patch). This was mostly about upstreaming things, in fact. But disabling an option doesn't make the patch smaller. > > > Anyway I think RBAC is a nice feature and it don't hurts: Its far easier > to use than SElinux [1] and we already have in Debian the user-space > tools to work with it: > > CC'ing Laszlo Boszormenyi > (maintainer of linux-patch-grsecurity2, paxctl and gradm2) Note that linux-patch-grsecurity2 should really be removed now. > > > > I would like to see this moving forward, so I volunteer myself to help > with the maintenance of this featureset. > Thanks for that :) -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part