[alpine-devel] vserver kernels with grsec

Natanael Copa
Details
Message ID
<1281708726.23726.65.camel@ncopa-desktop.nor.wtbts.net>
Sender timestamp
1281708726
DKIM signature
missing
Download raw message
Hi,

There are a really nasty bug in linux kernel that will allow a normal
user kill the entire box, including vserver hosts. I'm thinking we maybe
should go back to using the vserver+grsec patch for the alpine-vserver
iso.

We would disable some of the (redundant?) chroot restrictions, or maybe
all, by default so the vserver guests would work as expected.

Currently, its pretty nice to have a non grsecurity kernel for
reference. We would probably need a vanilla kernel in addition.

What do you think?

-nc



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---