Suggestion to kernel module

Wed Jun 16 21:21:29 GMT 2004

rants:

well theoretically this is the worklist split up by the person who 
supports the kernel modules currently:

2.6-mm		nestu
2.6-vanilla	nestu
2.4-om		sofar
2.4-stable	niki
2.4-vanilla	niki(/tchan?)
2.4-grsec	niki

the extension would therefore be:
2.4-pax		?
2.6-pax		?

as for whomever wants to write these new kernels... feel free. It would 
be interesting to see at least (I though pax was in grsec... isn't it?)

second of all I don't see the need to upgrade the -om kernel module 
which I wrote and maintain. The simple reason is that openmosix is 
inheritantly insecure and should not even run anywhere else than on a 
private subnet. This reliefs the need for a "patched up" version really. 
Note that porting/merging the -om kernel patches takes considerable time 
that I'm investing and have the testing abilities for (right now my -om 
cluster counts 19 nodes).

that leaves the -vanilla (which is .26) and other 2.4 kernels... they 
really need a bump badly. I have informed niki already that my one host 
running his -grsec kernel v26 has dissappeared off-radar already 3x and 
is now back running .25... If anyone has a solution... please tell me.

most urgently I'd like to see the -stable kernel and -vanilla merged. 
There is no need to run these two separately indeed, but the extended 
fixes are nice. Perhaps these can go inside the same kernel but with an 
optional patch? (-stable patches, -extended functionality patches and 
3rd degree aggressive patches?)

one last thing: unless we can go 100% 2.6 (with kernel headers and full 
rebuild AND all apps) it's insane to try to make -grsec and -om kernels 
for 2.6. This will make people think they can only run a 100% 2.6 
system, and they will fail miserably. I don't think that would be a good 
move now, so anyone requiring something more than just a play-kernel 
should either try themselves or stay far from 2.6 for now (you won't see 
me updating my cluster or -grsec boxes to 2.6... they have work to do!)

hmmm more thoughts coming... think it over first...

sofar

Jerry Lundström wrote:
> Hey all,
> 
> I want thinking of putting some load off niki and here is my suggestion.
> 
> linux-2.4   
> linux-2.6
>     Standard linux kernel packages with no extra patches.
> 
> linux-2.4-grsec
> linux-2.6-grsec
>     Linux kernel with grsec (http://www.grsecurity.net/) patchset, NOTE: 
> only supported version from grsec will be used. (ex. grsec right now for 
> 2.6 is 2.6.5)
> 
> linux-2.4-pax
> linux-2.6-pax
>     Linux kernel with PaX (http://pax.grsecurity.net/) patchset, NOTE: 
> same here, only the supported version.
> 
> 
> I think its good to have support for both 2.4 and 2.6 (I cant for ex 
> change to 2.6 yet since I need openafs) and we can add more module like 
> linux-2.[46]-openmosix/linux-2.[46]-lunar etc etc.

> Also, critical patchset like the resent non-root crash bug should be 
> applied on all packages.