[grsec] aufs2.1 vs grsecurity
pageexec at freemail.hu
pageexec at freemail.hu
Sun Feb 20 07:16:41 EST 2011
On 19 Feb 2011 at 15:39, Dean Takemori wrote:
> I notice that there exist aufs2 and aufs2.1 patches for the SystemRescueCD project
> (www.sysresccd.org) for various kernels
>
> http://kernel.sysresccd.org/sysresccd-1.6.4/
> http://kernel.sysresccd.org/sysresccd-2.0.1/
do these use grsec at all?
> But it's not clear to me what the "most correct" or most futureproof way to merge
> three moving targets (kernel, grsec and aufs2.1) together.
>
> Suggestions or comments anyone?
PaX constifies the fields of struct address_space_operations to prevent exactly what
aufs/etc want to do. obviously you can't have it both ways, something has to give ;).
if you want aufs, revert this chunk in PaX.
More information about the grsecurity
mailing list