Received: from mx1.tetrasec.net (mx1.tetrasec.net [66.245.176.36])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 4B0BC782BF6
	for <alpine-user@lists.alpinelinux.org>; Tue, 31 Mar 2020 10:02:35 +0000 (UTC)
Received: from mx1.tetrasec.net (mail.local [127.0.0.1])
	by mx1.tetrasec.net (Postfix) with ESMTP id 66AC26612C;
	Tue, 31 Mar 2020 10:02:34 +0000 (UTC)
Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: alpine@tanael.org)
	by mx1.tetrasec.net (Postfix) with ESMTPSA id 837B66612B;
	Tue, 31 Mar 2020 10:02:33 +0000 (UTC)
Date: Tue, 31 Mar 2020 12:02:29 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Marco Sulla <alpine_users_list@marco.sulla.e4ward.com>
Cc: alpine-user@lists.alpinelinux.org
Subject: Re: How does Alpine Linux harden its kernel?
Message-ID: <20200331120229.514f90b3@ncopa-desktop.copa.dup.pw>
In-Reply-To: <CABbU2U-w34QfSGg4wZKxvCoYgtqLRj9Z0SKHipDPNaSdHdBeAQ@mail.gmail.com>
References: <CABbU2U-w34QfSGg4wZKxvCoYgtqLRj9Z0SKHipDPNaSdHdBeAQ@mail.gmail.com>
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 31 Mar 2020 11:43:01 +0200
Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:

> Hello all. I discovered Alpine Linux, and it seems the unique active
> Linux distro that applies hardening patches to the Linux kernel.
> 
> The problem is I do not understand where Alpine applies its patches to
> the kernel. Where is the code?
> 
> PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> continue to apply PaX patches?

Hi!

We no longer harden the kernel, due to grsecurity nor pax not being
available for public.

It sounds like we need to update the documentation somewhere.

-nc