On Sunday 19 March 2006 20:42, Thomas Eschenbacher wrote: > Chris PeBenito wrote: > > [...] > > > > Unfortunately this is your problem: > >>kernel "2.6.14-hardened-r5", > >>XFS as root filesystem > > > > please see: > > http://marc.theaimsgroup.com/?l=gentoo-hardened&m=113433863728029&w=2 > > > > XFS should be fixed in 2.6.16. > > Thanks for your quick reply! > So it seems that I have the following options: > > A) wait some weeks (or months?) until 2.6.16-hardened is out, run in > permissive mode meanwhile. > > B) take the sources of kernel 2.6.16-rc6, apply the SELinux patch > against it and replace the "fs/xfs" directory of my old > 2.6.14-hardened-r5 source tree with the one from the new version. Will > this "backport" work, is this compatible? > > C) switch to a different filesystem. My only options seem to be: > 1. ext2/ext3 -> I hate running e2fsck, no options. > 2. reiserfs -> officially unsupported for SELinux > 3. XFS -> obviously doesn't work in this version > 4. JFS -> any experience? > > Any suggestions or other alternatives? > > Thomas Hi, Choise A) seems to be a middle way between B) and C). IMHO B) is worst (if it even works), as it seems that most if not all hardened projects will skip 2.6.15 (too many changes etc., put your reasons here) and go to 2.6.16. So B) will very probably break things. Better try 2.6.16_rc6+patches. PaX has a patch for 2.6.16_rc6-test3 (IIRC) so eventually grsec2 will catch up for 2.6.16. SElinux also goes to 2.6.16_rc6, think RSBAC will follow this path too. Path C) seems to be the quickest path by now. Why not use 'ext3' as a filesystem? HTH.Rumen
pgpEkPej608UV.pgp
Description: PGP signature
