From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q5ME2-0002MR-DA for garchives@archives.gentoo.org; Thu, 31 Mar 2011 18:04:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 775F51C047 for ; Thu, 31 Mar 2011 18:04:05 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2D2201C02A for ; Thu, 31 Mar 2011 17:27:32 +0000 (UTC) Received: from [192.168.3.7] (cpe-67-242-155-38.buffalo.res.rr.com [67.242.155.38]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id 706CF1B4126 for ; Thu, 31 Mar 2011 17:27:31 +0000 (UTC) Message-ID: <4D94B980.8050103@gentoo.org> Date: Thu, 31 Mar 2011 13:27:28 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110322 Lightning/1.0b3pre Lanikai/3.1.9 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] BFS scheduler and GRSEC/PaX patches References: <201103291317.13552.zorry@gentoo.org> <4D9201DF.4040104@orlitzky.com> <4D926205.6090700@gentoo.org> <4D928324.5060904@orlitzky.com> <4D931A6F.5020805@gentoo.org> In-Reply-To: <4D931A6F.5020805@gentoo.org> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 925f75467534309229c3921d6963837b Hi everyone, I've merged together the BFS scheduler patch by Con Kolivas [1], and the grsecurity patch[2]. There were some innocent mismatches and some not so innocent. I hacked up the BFS patch so that it applies *after* the hardened-sources patches which includes the grsecurity patch. You can get the hacked up BFS patch at http://dev.gentoo.org/~blueness/misc/hardened-bfs-2.6.38.patch GPG: http://dev.gentoo.org/~blueness/misc/hardened-bfs-2.6.38.patch.asc These are only available for 2.6.38. To apply, first emerge =sys-kernel/hardened-sources-2.6.38 then cd into /usr/src/linux-2.6.38-hardened and patch -p 1 < /path-to/hardened-bfs-2.6.38.patch Compile and enjoy(?) WARNING: This is untested in the wild. It works on in a VM but should be considered unstable. Let me know if your system doesn't blow up. For those of you unfamiliar, BFS scheduler reduces latency on desktop systems, especially under heavy load. So now you can run your desktop fast and hard. (I'm sure there's a bad pun in there somewhere :) Refs [1] http://users.on.net/~ckolivas/kernel/ [2] http://grsecurity.net/ -- Anthony G. Basile, Ph.D. Gentoo Developer