about compiling the kernel with grsecurity and pax

[cmoshe]

hi,
i'm trying to understand the consequences of compiling the kernel with patch of grsecurity and pax.
1.after the installing of the patched kernel, can i update the kernel with apt-get update or it can break my system ?
every version of the kernel needs to be compiling ?
2.what other consequences can be ?

thanks.

[muppetman]

1) After installing your own custom grsecurity patch, you can still do apt-get update as per normal. It won't try and update your kernel though, so you'll have to ensure you keep on top of any serious security issues with the kernel you're using (though the fact you'll have patched it with grsec could help to mitigate the risk somewhat)

You will have to always recompile new kernels with the grsecurity patch.

2) The other problems you might have is, depending on what grsec/pax options you enable, some programs that generate code at runtime might stop working. This can be fixed using the paxctl utility.

The Grsecurity Wikibook "Application-specific settings" page will cover most of this issues off on a regular Linux system. I would link to it, but I must have 15 posts or more and this is my first.

Good luck, post back with questions and I can try to help, or join #grsecurity on oftc.

Good luck!