Arch Linux package for the Linux Kernel and modules with grsecurity/PaX patches.
Configure (with menuconfig) and exit afterwards:
MENUCONFIG=1 makepkg
The configuration will be in src/linux-3.*/.config. In the PKGBUILDs build
function (line 91 ff.), the configuration interface is changeable.
To configure and build the kernel afterwards:
MENUCONFIG=2 makepkg
Many options are configurable by sysctl in /etc/sysctl.d/05-grsecurity.conf.
After kernel.grsecurity.grsec_lock is activated, there are no changes possible
anymore.
If you do not use KMS graphics, you have to disable
kernel.grsecurity.disable_priv_io.
There are six groups, which control grsecurity functions:
- tpe
- audit
- socket-deny-all
- socket-deny-client
- socket-deny-server
- proc-trusted