Hello,
What is the status of this? It has been a looong time ago since last update. I am also interested in having a Debian kernel with the grsec+pax featureset and I am sure that many sysadmins would appreciate this possibility. There is a huge user base of grsec from hosting companies. I agree that this RBAC thing may be not interesting for everybody giving the fact that it duplicates some functionality (we already have SELinux and TOMOYO). So if you really feel so strong about removing this feature from the debian-grsec-kernel it can be easily done just by setting CONFIG_GRKERNSEC_NO_RBAC=y in the .config (there is no need to ask upstream to split the patch). Anyway I think RBAC is a nice feature and it don't hurts: Its far easier to use than SElinux [1] and we already have in Debian the user-space tools to work with it: CC'ing Laszlo Boszormenyi (maintainer of linux-patch-grsecurity2, paxctl and gradm2) I would like to see this moving forward, so I volunteer myself to help with the maintenance of this featureset. Regards! [1] http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Carlos Alberto Lopez Perez http://neutrino.es Igalia - Free Software Engineering http://www.igalia.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
signature.asc
Description: OpenPGP digital signature