| View previous topic :: View next topic |
| Author |
Message |
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
 Posted: Mon Feb 11, 2008 5:46 am Post subject: 2.6.24-dark3: Splicer |
 |
|
Emergency fast-release (built, boot tested and ran for a couple hours now) to fix the security problem in vmsplice. Also fixes issues with realtime-lsm causing build failures due to improper/lack-of ifdefs on the sysctl bits (sorry about that folks, I forgot to build test without it).
| Quote: |
Release: 2.6.24-dark3
Patchset produced by: predatorfreak
Comments: Fix build problems caused by not enabling realtime-lsm, add a security patch for vmsplice.
Build and boot-test certified: Built with a modified Arch Linux kernel26 config, booted on my system, seems to run fine.
Additional Information: To adjust the CFS granularity, use sysctl kernel.sched_granularity_ns = VAL, where VAL is the proper value.
Realtime LSM can be controlled through sysctl kernel.rt_any (if set to 1, any process can become realtime, unrestricted), sysctl kernel.rt_gid
(when set to a valid group ID number, any programs run in that group or by a user in that group can become realtime) and sysctl kernel.rt_mlock
(when set to 1, programs affected by the previous two options can utilise mlock).
Patch list:
mainline/patch-2.6.24.1
mainline/plug-vmsplice-security-hole.patch
assorted-fixes/gcc-4.3.0-compilation-fix-2.patch
ck/mm-swap_prefetch-41.patch
ck/mm-lots_watermark.diff
ck/mm-kswapd_inherit_prio-1.patch
ck/mm-prio_dependant_scan-2.patch
ck/mm-background_scan-2.patch
ck/mm-filesize_dependant_lru_cache_add.patch
ck/kconfig-expose_vmsplit_option.patch
genpatches/2700_usbaudio-logitech-id.patch
dark/powertop-2.6.24.patch
dark/netfilter-ipset-and-u32.patch
dark/realtime-lsm-static.patch
dark/dark-tag.patch
|
Download patch: http://www.dcaf-security.org/dark-sources/patch-2.6.24-dark3.patch.bz2
Download broken-out: http://www.dcaf-security.org/dark-sources/broken-out-2.6.24-dark3.tar.bz2
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up.
Last edited by predatorfreak on Mon Feb 11, 2008 5:02 pm; edited 1 time in total |
|
| Back to top |
|
 |
hirakendu
Guru
Joined: 24 Jan 2007
Posts: 386
Location: san diego
|
| Posted: Mon Feb 11, 2008 8:12 am Post subject: |
|
|
ah, i guess in your emergency fastness, the thread was named 2.6.23 instead of 2.6.24  . aside, hopefully one day i'll start using hardened gentoo  .
_________________
Helium Sources || Gentoo Minimal Livecd |
|
| Back to top |
|
|
tranquilcool
Veteran
Joined: 25 Mar 2005
Posts: 1179
|
| Posted: Mon Feb 11, 2008 11:48 am Post subject: |
|
|
compiles and is running great.
thanks!
_________________
this is a strange strange world. |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Mon Feb 11, 2008 5:02 pm Post subject: |
|
|
| hirakendu wrote: | | ah, i guess in your emergency fastness, the thread was named 2.6.23 instead of 2.6.24 ;). aside, hopefully one day i'll start using hardened gentoo :). |
Yep, guess I went a tad TOO fast.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
PLum
Tux's lil' helper
Joined: 20 May 2004
Posts: 108
Location: /dev/world/poland/gliwice
|
| Posted: Mon Feb 11, 2008 6:34 pm Post subject: |
|
|
| hey predatorfreak, how about refreshing the archlinux PKGBUILD ? |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Mon Feb 11, 2008 7:36 pm Post subject: |
|
|
| PLum wrote: | | hey predatorfreak, how about refreshing the archlinux PKGBUILD ? |
Don't run Arch anymore, can't test it. My policy is generally to never endorse or make things that I cannot test which package my work.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
PLum
Tux's lil' helper
Joined: 20 May 2004
Posts: 108
Location: /dev/world/poland/gliwice
|
| Posted: Tue Feb 12, 2008 2:50 pm Post subject: |
|
|
| predatorfreak wrote: |
Don't run Arch anymore, can't test it. My policy is generally to never endorse or make things that I cannot test which package my work. |
oh why ?, then i will try to make one and if it works post link here ... |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Tue Feb 12, 2008 6:05 pm Post subject: |
|
|
| PLum wrote: | | predatorfreak wrote: |
Don't run Arch anymore, can't test it. My policy is generally to never endorse or make things that I cannot test which package my work. |
oh why ?, then i will try to make one and if it works post link here ... |
I don't support things packaging my work which I cannot test for stability and quality reasons, I left Arch because they broke too many packages on me regularly.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
|
Unsupported Software
