On 12/10/2016 03:06 PM, Chris Laprise wrote: > On 12/10/2016 03:36 PM, Reg Tiangha wrote: >> I haven't tried it myself yet, but it looks like the coldkernel crew >> pushed out experimental support for Debian templates to one of their >> test branches yesterday: >> >> https://github.com/coldhakca/coldkernel/tree/0.9a >> >> Has anyone out there tried it yet? Thoughts, tips or tricks? >> > > I look forward to building this soon. Two questions: > > 1. What probability it will work with Debian 9 Stretch? > > 2. How does this compare to using newer (4.8+) kernels and AppArmor, > which are two easy options for Qubes users? > > Chris >
Well, I'm currently in the middle of compiling it; haven't had to compile a kernel since my Gentoo days and I've forgotten how long it used to take. One piece of advice at this point: If you're using a fresh template, you'll definitely want to allocate more space to /home; the default 2GB isn't enough. I've doubled it to 4G and am keeping an eye on how much it grows. I can't remember how much disk space it used to take to compile an old Gentoo kernel so I'll be babysitting this one until it's done. In the meantime: 1) I would assume it would work; their instructions imply Debian 7+, but I suppose the only way to find out if it would work on a Debian 9 template under Qubes would be to compile it and find out. 2) I've never used a Gresecurity kernel before (I almost did under Gentoo but at the time, the kernel they were using was an older one lacking a driver I needed so I ended up going with the vanilla sources instead), but here's how the gresecurity folks feel in terms of how they would stack up: https://grsecurity.net/compare.php If you want to try a regular 4.8 kernel either in dom0 or in a vm, there's already one (4.8.12) in the Qubes unstable repository that you can play with right now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o2i7ab%24o46%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
