Live CD kernels

John Richard Moser nigelenki at comcast.net
Sun Jan 30 22:17:10 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can we see Hoary liveCDs with experimental kernels on them?  Normal
users will just boot, but a submenu to grub to supply experimental
kernels would allow a longer release test cycle for kernels even though
they won't be supported until at least Hoary+1.  This would be good for QA.

I'm specifically thinking of Martin Pitt's experimental hardened
kernels.  He maintains a set of packages that install Linux-2.6.10 with
grsecurity on Hoary, and mark up several files (most likely for roughly
15 or 20 packages, a lot of which probably aren't in main) to work with PaX.

Some of the GrSecurity protections will have to be disabled at least
until real boot, at which point they can be enabled via sysctl settings
(make sure you use pivot_root() to set the real root, which I believe
happens on Morphix).  The LiveCD filesystems themselves will also need
to be marked up before being squashfs'd or cloop'd using pitti's tools
to actually work.

Martin, do you think you could get some work done to allow the
experimental Hoary LiveCDs to house your hardened kernels and allow the
user to test them?  It would give an opportunity for a longer period of
testing, and would also give you an idea of what needs to be done to
make LiveCDs function with them.  This information will be useful after
Hoary if you decide to move to them for the following release.

This should just be considered as an opportunity task, not a primary or
secondary priority; considerations for security hardening aren't going
to be looked at any further until AFTER Hoary's release, so there are
more urgent matters for Ubuntu's developers to handle for the timebeing.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB/bFGhDd4aOud5P8RAsiWAJ953hGUUnKzwhkJuPNopd6HfJblTgCcCUSp
yOZHUsfFYzlDcg9weQ0p044=
=w+f3
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list