[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    [qubes-devel] Re: Running coldkernel/grsecurity in Whonix on Qubes: I found a way, but...
From:       Reg Tiangha <reg () reginaldtiangha ! com>
Date:       2017-04-09 1:43:32
Message-ID: occ3ju$gja$1 () blaine ! gmane ! org
[Download RAW message or body]

On 04/08/2017 06:42 PM, WillyPillow wrote:
> 
> I posted something similar in the coldkernel thread a few months ago..
> The fastest way is actually just to apt install busybox ;) 
> 
> --WillyPillow 

Man, how did I miss that??

Well, the only thing left is getting it to run under dom0, I guess. I
actually tried a couple of months ago, merging both the gresecurity
patches, and the patches that Qubes uses, but it kernel panicked on boot
and I didn't investigate any further than that and instead just choose
to run Kernel 4.10 on my machines. It might be worth revisiting, I
suppose. But I wonder if all those Xen patches really needed? I mean,
some of them are for XSAs that are pretty old, and while most of them
still patch in, I'd assume that the later kernel versions would have
already included them or similar mitigations?? Or if not, why haven't
they been ported to upstream by now? I mean, these coldkernels run fine
in VMs without the Qubes patches so I'm a little confused on what they
do and whether or not they're really necessary. I've just been applying
them to my dom0 4.10 kernels out of habit, but it gets tricky when
trying to apply them *after* applying the grsecurity patches since after
that, each Xen/Qubes kernel patch pretty much has to be applied manually
since a lot of the files get changed because of grsecurity.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/occ3ju%24gja%241%40blaine.gmane.org. \
For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]