From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RRlro-0000Kg-CE for garchives@archives.gentoo.org; Sat, 19 Nov 2011 14:26:04 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A2A0A21C036; Sat, 19 Nov 2011 14:25:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id D907C21C024 for ; Sat, 19 Nov 2011 14:25:25 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-238-39.buffalo.res.rr.com [74.77.238.39]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id 296CE1B4007 for ; Sat, 19 Nov 2011 14:25:25 +0000 (UTC) Message-ID: <4EC7BC52.4000308@gentoo.org> Date: Sat, 19 Nov 2011 09:25:22 -0500 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20111029 Thunderbird/7.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened References: <4EC5C06B.5080700@sblan.net> <4EC5D637.5040204@gentoo.org> <4EC5D8F3.4060407@sblan.net> <4EC5DC15.6010609@gentoo.org> <4EC65D77.2060503@sblan.net> In-Reply-To: <4EC65D77.2060503@sblan.net> X-Enigmail-Version: 1.4a1pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 989c7a19-bf80-4636-9435-6fbc6daa7623 X-Archives-Hash: 2925dfa8711adb658865ef1aed3c1ef2 On 11/18/2011 08:28 AM, Stan Sander wrote: > On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote= : >> El 18/11/11 05:02, Stan Sander escribi=F3: >>> I actually have the grsecurity turned off in the kernel right now, >>> though PAX is enabled. I'm still trying to transition to running >>> SELinux, then I'll turn on the grsecurity stuff. I have gradm becaus= e I >>> intend to eventually use it and I re-emerged it just in case. BTW I= am >>> still booting and running in permissive mode for SELinux. >> Just to be on the safe side, have you enabled auditing? If you have tr= y >> starting the kernel with a high logging level (so most messages get >> logged) and check if there are any complains on the screen. >> > I'll give that a go, though I may not be able to work on it again until > tomorrow. >=20 Don't waste any more time on 3.0.9. It has a problem with inserting modules and will be removed from the tree in a few hours. Play with hardened-sources-3.1.1 which will be there in its place. I'm testing it now. As an aside, please don't use ~arches on production system because part of the testing process is seeing what feedback I get from the community on those kernels. Only when I've heard nothing bad, and run a kernel myself for a while, do I mark it stable. So I encourage people to play with ~arches in non-critical environments and let me know. But do expect the occasional breakage. --=20 Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535