-
Notifications
You must be signed in to change notification settings - Fork 30
Home
This repository keeps the last publicly available grsecurity® test patch alive by forward-porting it to newer kernel versions. It is therefore no longer an official version of the grsecurity® patch, hence the branding "unofficial".
This repo looks like an outdated version of vanilla Linux only. Where's the unofficial grsec port?!?
You're probably looking at the wrong branch. Have a look at the linux-4.9.x-unofficial_grsec branch instead.
Kernel v4.9.x is kinda old. I need a newer one. Are you going to forward port the patch to the next LTS kernel, e.g. to v4.14?
No. It's neither simple to forward-port such a huge patch to a new major kernel version, nor is it my intention to do so. In the end, it would just be a slightly more broken version of the v4.9 counterpart that bit-rots even faster. So no, I won't do that, sorry.
Yes. The main goal of this repository is simply to provide a reasonably secured kernel to the users depending on such a thing since the grsecurity project has stopped releasing the patches for the general public. It's far from perfect, nonetheless better than nothing.
Yes, that's the plan. According to kernel.org v4.9 gets EOL in January 2019. However, v4.9 is also the kernel used in Debian stretch. According to their website, it should be maintained until 2020 at least, possibly until 2022 even.
No, not really. It's just about keeping the last state alive by merging in the latest stable version of the v4.9 kernel series. Minor enhancements may happen, but don't expect anything worth talking about.
No. This repository just keeps track of the v4.9 upstream stable tree. No further security fixes beyond what was already included in the last grsecurity patch.
First you need git clone the repo, like this:
$ git clone --single-branch --branch=linux-4.9.x-unofficial_grsec \
git://github.com/minipli/linux-unofficial_grsec.git
$ cd linux-unofficial_grsec
Afterwards, to update, just git pull like this:
$ cd linux-unofficial_grsec
$ git pull
Sure, have a look at the releases page.
Please open an issue and attach the kernel log, or, if you're unable to get that, at least a photo of the kernel panic.
I'm a long time PaX and grsecurity® user, occasional contributor that misses the public availability of the test patch. It contains many security features that are lacking in Linux; that won't end up upstream in a foreseeable future. But, instead of complaining, I keep this code base alive -- mainly for personal use but also for others to spare them the porting work. So my main intentions are selfish -- I want an up2date grsec patched kernel. But I also don't want to leave others, that are unable to do the porting themselves, in the dark. For them this repository might be a suitable alternative instead of falling back to the security provided by vanilla Linux.
You have to answer that question for yourself. But you can at least verify that no-one tampered with the git repo or the patches you downloaded. The key I use to sign the git tags and patches is 92435BA4.