Hello all. I discovered Alpine Linux, and it seems the unique active
Linux distro that applies hardening patches to the Linux kernel.

The problem is I do not understand where Alpine applies its patches to
the kernel. Where is the code?

PS: I know that Alpine Linux does not use anymore grsecurity. Does it
continue to apply PaX patches?

On Tue, 31 Mar 2020 11:43:01 +0200
Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:

> Hello all. I discovered Alpine Linux, and it seems the unique active
> Linux distro that applies hardening patches to the Linux kernel.
> 
> The problem is I do not understand where Alpine applies its patches to
> the kernel. Where is the code?
> 
> PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> continue to apply PaX patches?

Hi!

We no longer harden the kernel, due to grsecurity nor pax not being
available for public.

It sounds like we need to update the documentation somewhere.

-nc

But did you not apply custom patches made by yourselves? I see that in
the source code that pax utilities are used. And it seems Apline use
linux-hardened.

On Tue, 31 Mar 2020 at 12:02, Natanael Copa <ncopa@alpinelinux.org> wrote:
>
> On Tue, 31 Mar 2020 11:43:01 +0200
> Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:
>
> > Hello all. I discovered Alpine Linux, and it seems the unique active
> > Linux distro that applies hardening patches to the Linux kernel.
> >
> > The problem is I do not understand where Alpine applies its patches to
> > the kernel. Where is the code?
> >
> > PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> > continue to apply PaX patches?
>
> Hi!
>
> We no longer harden the kernel, due to grsecurity nor pax not being
> available for public.
>
> It sounds like we need to update the documentation somewhere.
>
> -nc

On Tue, 31 Mar 2020 12:10:47 +0200
Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:

> But did you not apply custom patches made by yourselves? I see that in
> the source code that pax utilities are used. And it seems Apline use
> linux-hardened.

We used the testing patches from grsecurity and maintained our own fork
of it for a while. But it was not possible to continue at some point
(which was expected). Now we have dropped the linux-hardened kernel in
favor of the vanilla linux-lts.

I recommend that you ask (and pay for) grsecurity for a proper hardened
kernel.

-nc

> 
> On Tue, 31 Mar 2020 at 12:02, Natanael Copa <ncopa@alpinelinux.org> wrote:
> >
> > On Tue, 31 Mar 2020 11:43:01 +0200
> > Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:
> >  
> > > Hello all. I discovered Alpine Linux, and it seems the unique active
> > > Linux distro that applies hardening patches to the Linux kernel.
> > >
> > > The problem is I do not understand where Alpine applies its patches to
> > > the kernel. Where is the code?
> > >
> > > PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> > > continue to apply PaX patches?  
> >
> > Hi!
> >
> > We no longer harden the kernel, due to grsecurity nor pax not being
> > available for public.
> >
> > It sounds like we need to update the documentation somewhere.
> >
> > -nc  

wicht part of the wiki said that? i'll investigate it and later applied
updates

El mar., 31 de mar. de 2020 a la(s) 06:02, Natanael Copa (
ncopa@alpinelinux.org) escribió:

> On Tue, 31 Mar 2020 11:43:01 +0200
> Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:
>
> > Hello all. I discovered Alpine Linux, and it seems the unique active
> > Linux distro that applies hardening patches to the Linux kernel.
> >
> > The problem is I do not understand where Alpine applies its patches to
> > the kernel. Where is the code?
> >
> > PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> > continue to apply PaX patches?
>
> Hi!
>
> We no longer harden the kernel, due to grsecurity nor pax not being
> available for public.
>
> It sounds like we need to update the documentation somewhere.
>
> -nc
>

Thank you for the information. I have no intention to apply a patch to
the linux kernel which code is not publicly available.

On Tue, 31 Mar 2020 at 12:30, Natanael Copa <ncopa@alpinelinux.org> wrote:
>
> On Tue, 31 Mar 2020 12:10:47 +0200
> Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:
>
> > But did you not apply custom patches made by yourselves? I see that in
> > the source code that pax utilities are used. And it seems Apline use
> > linux-hardened.
>
> We used the testing patches from grsecurity and maintained our own fork
> of it for a while. But it was not possible to continue at some point
> (which was expected). Now we have dropped the linux-hardened kernel in
> favor of the vanilla linux-lts.
>
> I recommend that you ask (and pay for) grsecurity for a proper hardened
> kernel.
>
> -nc
>
> >
> > On Tue, 31 Mar 2020 at 12:02, Natanael Copa <ncopa@alpinelinux.org> wrote:
> > >
> > > On Tue, 31 Mar 2020 11:43:01 +0200
> > > Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:
> > >
> > > > Hello all. I discovered Alpine Linux, and it seems the unique active
> > > > Linux distro that applies hardening patches to the Linux kernel.
> > > >
> > > > The problem is I do not understand where Alpine applies its patches to
> > > > the kernel. Where is the code?
> > > >
> > > > PS: I know that Alpine Linux does not use anymore grsecurity. Does it
> > > > continue to apply PaX patches?
> > >
> > > Hi!
> > >
> > > We no longer harden the kernel, due to grsecurity nor pax not being
> > > available for public.
> > >
> > > It sounds like we need to update the documentation somewhere.
> > >
> > > -nc
>