> cool, thanks! I think it would be important that packages that have an issue
> running under grsec all do what they need to do on installation to make sure
> the correct configs are in place to actually work under grsec. This is often
> left out, making proper security expensive and difficult to track down.
lets be clear, you d have to check for each and every new version of
each and every binary you ship to add this "allowed to skack exec or
whatever other dirty memory trick" flag whenever the upstream added a
bug or a backdoor.
quite a bunch of work, imo this have to be the responsibility of the
sysadmin to see the problem ( easy in the grsec log whenever something
goes wrong ) and choose to allow/trust this binary, and / or report a
bug to devuan and/or upstream.
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>