Arch Linux package for the Linux Kernel and modules with grsecurity/PaX patches.
Shell Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Dockerfile
PKGBUILD
README.md
config.x86_64
custom-options
linux-grsec.install
linux-grsec.preset
module-blacklist.conf
sysctl.conf
update.rb

README.md

grsecurity logo

linux-grsec

Arch Linux package for the Linux Kernel and modules with grsecurity/PaX patches.

Kernel configuration

Configure (with menuconfig) and exit afterwards:

MENUCONFIG=1 makepkg

The configuration will be in src/linux-3.*/.config. In the PKGBUILDs build function (line 91 ff.), the configuration interface is changeable.

To configure and build the kernel afterwards:

MENUCONFIG=2 makepkg

grsecurity option configuration

Many options are configurable by sysctl in /etc/sysctl.d/05-grsecurity.conf. After kernel.grsecurity.grsec_lock is activated, there are no changes possible anymore.

If you do not use KMS graphics, you have to disable kernel.grsecurity.disable_priv_io.

There are six groups, which control grsecurity functions:

  • tpe
  • audit
  • socket-deny-all
  • socket-deny-client
  • socket-deny-server
  • proc-trusted