|Main Archive Page > Month Archives > ubuntu-hardened archives|
On Thu, Mar 27, 2008 at 05:26:43AM -0700, Jeff Schroeder wrote:
> On Wed, Mar 26, 2008 at 10:08 PM, Daniel Guido <firstname.lastname@example.org> wrote:
> > As long as I have everyone's attention for a little bit, can we work
> > on getting a grsecurity kernel build into multiverse? Ubuntu would be
> > teh win if we had that.
> Not that I'm the right person to ask, but I've heard Ben Collins from
> Canonical echo that it doesn't make sense (from a maintainability
> standpoint) for them to keep adding more kernels. A grsecurity kernel
> should go into Universe but probably won't.
> Did you know that the Security team takes proactive security features
> from other distros and upstream to put into Ubuntu?  Also, instead
> of a seperate kernel, they are splitting grsecurity into individual
> patches and slowly integrating those . You are more than welcome to
> create a PPA of your own and upload grsecurity kernels.
>  https://wiki.ubuntu.com/HardyServerSecurity
We could really use some help extracting the GRsec patches that are still useful (much of the functionality has already made it into upstream through various paths). I would love to gather a list of all the features people would like to see so they can get broken out and we can start sending them to lkml. I propose starting:
and from there, list the features, the CONFIG names, and what it'd take to extract them for mainline inclusion.
-Kees -- Kees Cook Ubuntu Security Team -- ubuntu-hardened mailing list email@example.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened