grsecurity forums

[akorn]

I'd like to merge grsecurity with 2.4.23aa1, but there are some pretty hairy conflicts I don't know how to sort out (e.g. aa1 changes PID allocation and restructures sched.c to the extent you would hardly recognize it).

Has anyone else attempted this? Or is anyone willing to help?

[Sleight of Mind]

I think the -ck patch series includes (the most important) stuff from -aa. Maybe you should check that one out, since a -ck1-grsec patch is already available.

[akorn]

Thanks for the advice, but it's too late now: I'm already pretty far into merging -aa1 with grsec-2.0-rc4 diff by diff. So far, I only skipped two or three patches because the merge would have been too involved.

I wonder if what I finally concoct will work.

[Sleight of Mind]

usually merging 2 patch series gives plenty of rejects, but most are very simple to solve. The few that are left are usually a bit harder to solve and might require some programming skills, sometimes whole files are changed and finding the correct spots to put the grsec ifdef's in really need some thinking
If i remember correctly aa changes some stuff in kernel/ dramaticly, some stuff is even in other files now, so make sure to check the stuff in that dir.

gl with merging

[akorn]

There are a few patches in aa that are really beyond my skills to merge with grsec; for example, some PID assignment race fix which apparently completely does away with some of the data structures grsec expects; or the task_unmapped_base stuff that conflicts horribly with PaX.

Other than these, it really is pretty straightforward.