X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@lists.alpinelinux.org
Received: from mail.wtbts.no (mail.wtbts.no [213.234.126.131])
	by lists.alpinelinux.org (Postfix) with ESMTP id AC8643617A1C
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Aug 2010 14:15:12 +0000 (UTC)
Received: from [10.65.65.1] (unknown [10.65.65.1])
	by mail.wtbts.no (Postfix) with ESMTP id A577512C03E
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Aug 2010 16:08:52 +0200 (CEST)
Subject: [alpine-devel] vserver kernels with grsec
From: Natanael Copa <ncopa@alpinelinux.org>
To: Alpine Development <alpine-devel@lists.alpinelinux.org>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 13 Aug 2010 16:12:06 +0200
Message-ID: <1281708726.23726.65.camel@ncopa-desktop.nor.wtbts.net>
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2 
Content-Transfer-Encoding: 7bit

Hi,

There are a really nasty bug in linux kernel that will allow a normal
user kill the entire box, including vserver hosts. I'm thinking we maybe
should go back to using the vserver+grsec patch for the alpine-vserver
iso.

We would disable some of the (redundant?) chroot restrictions, or maybe
all, by default so the vserver guests would work as expected.

Currently, its pretty nice to have a non grsecurity kernel for
reference. We would probably need a vanilla kernel in addition.

What do you think?

-nc



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---