Hi Folks- I've read a little discussion in the archive on this subject (such as http://www.mail-archive.com/[email protected]/msg00338.html) but not much and not recently.
I've also read a little discussion in non-gentoo forums: http://linux.slashdot.org/article.pl?sid=05/11/01/0444221 As I try to do this, it's just dawned on me that by going strictly with gentoo packages, I can have a kernel running from either: xen-sources (which patches the kernel for xen but not for SELinux/PaX/GRSecurity) or hardened-sources (which patches the kernel for SELinux/PaX/GRSecurity but not for xen) If I wanted all four of the Xen/SELinux/PaX/GRSecurity patch sets incorporated into a kernel, any recommendations for doing this? Ideas: 1) start with xen-sources and apply the hardened patches by hand (seems like it might be daunting) 2) start with hardened-sources and apply the xen patches by hand (also seems daunting though maybe a tad less so) 3) start with vanilla-sources and apply gentoo patches, hardened patches, and xen patches by hand (and any others I think I need) 4) don't even bother with gentoo kernel packages and just handle the kernel as a software package that's not in portage and get the vanilla kernel tarball and desired patches and do the patching myself by hand Has anyone done anything like this? Is it silly to even think that the hand-applied patches will apply without rejects? Or should I be doing a strictly Xen kernel as the host kernel and if I want SELinux/PaX/GRSecurity, put that in a guest kernel? But doesn't the guest kernel also have to be patched for xen? In which case the original question of getting a kernel patched with all four still applies. I'm so confused.... Thanks. -Kevin -- [email protected] mailing list
