Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
FAQ for the linux-unofficial_grsec git repository
What's this repo all about?
This repository keeps the last publicly available grsecurity® test patch alive by forward-porting it to newer kernel versions. It is therefore no longer an official version of the grsecurity® patch, hence the branding "unofficial".
This repo looks like an outdated version of vanilla Linux only. Where's the unofficial grsec port?!?
You're probably looking at the wrong branch. Have a look at the linux-4.9.x-unofficial_grsec branch instead.
Kernel v4.9.x is kinda old. I need a newer one. Are you going to forward port the patch to the next LTS kernel, e.g. to v4.14?
No. It's neither simple to forward-port such a huge patch to a new major kernel version, nor is it my intention to do so. In the end, it would just be a slightly more broken version of the v4.9 counterpart that bit-rots even faster. So no, I won't do that, sorry.
So this thing is v4.9 LTS only?
Yes. The main goal of this repository is simply to provide a reasonably secured kernel to the users depending on such a thing since the grsecurity project has stopped releasing the patches for the general public. It's far from perfect, nonetheless better than nothing.
Will you maintain this repository until v4.9 gets EOL?
Yes, that's the plan. According to kernel.org v4.9 gets EOL in January 2019. However, v4.9 is also the kernel used in Debian stretch. According to their website, it should be maintained until 2020 at least, possibly until 2022 even.
Will you develop new features or enhance existing ones?
No, not really. It's just about keeping the last state alive by merging in the latest stable version of the v4.9 kernel series. Minor enhancements may happen, but don't expect anything worth talking about.
Will this port include additional backports of security relevant fixes, like grsecurity used to do?
No. This repository just keeps track of the v4.9 upstream stable tree. No further security fixes beyond what was already included in the last grsecurity patch.
How to get the latest version?
First you need
git clone the repo, like this:
$ git clone --single-branch --branch=linux-4.9.x-unofficial_grsec \ git://github.com/minipli/linux-unofficial_grsec.git $ cd linux-unofficial_grsec
Afterwards, to update, just
git pull like this:
$ cd linux-unofficial_grsec $ git pull
I'm used to download patches. Can you help me?
Sure, have a look at the releases page.
My kernel has panic'ed. What should I do?
Please open an issue and attach the kernel log, or, if you're unable to get that, at least a photo of the kernel panic.
Who are you and why are you doing this?
I'm a long time PaX and grsecurity® user, occasional contributor that misses the public availability of the test patch. It contains many security features that are lacking in Linux; that won't end up upstream in a foreseeable future. But, instead of complaining, I keep this code base alive -- mainly for personal use but also for others to spare them the porting work. So my main intentions are selfish -- I want an up2date grsec patched kernel. But I also don't want to leave others, that are unable to do the porting themselves, in the dark. For them this repository might be a suitable alternative instead of falling back to the security provided by vanilla Linux.
Can I trust you?
You have to answer that question for yourself. But you can at least verify that no-one tampered with the git repo or the patches you downloaded. The key I use to sign the git tags and patches is 92435BA4.