kees at ubuntu.com
Thu Mar 27 17:17:24 GMT 2008
On Thu, Mar 27, 2008 at 05:26:43AM -0700, Jeff Schroeder wrote:
> On Wed, Mar 26, 2008 at 10:08 PM, Daniel Guido <dguido at gmail.com> wrote:
> > As long as I have everyone's attention for a little bit, can we work
> > on getting a grsecurity kernel build into multiverse? Ubuntu would be
> > teh win if we had that.
> Not that I'm the right person to ask, but I've heard Ben Collins from
> Canonical echo that it doesn't make sense (from a maintainability
> standpoint) for them to keep adding more kernels. A grsecurity kernel
> should go into Universe but probably won't.
> Did you know that the Security team takes proactive security features
> from other distros and upstream to put into Ubuntu?  Also, instead
> of a seperate kernel, they are splitting grsecurity into individual
> patches and slowly integrating those . You are more than welcome to
> create a PPA of your own and upload grsecurity kernels.
>  https://wiki.ubuntu.com/HardyServerSecurity
We could really use some help extracting the GRsec patches that are
still useful (much of the functionality has already made it into
upstream through various paths). I would love to gather a list of all
the features people would like to see so they can get broken out and we
can start sending them to lkml. I propose starting:
and from there, list the features, the CONFIG names, and what it'd take
to extract them for mainline inclusion.
Ubuntu Security Team
More information about the ubuntu-hardened