Grsecurity update - 3.14.17-100

  • 3.14.17-100
    • Update to grsecurity-3.0-3.14.17-201408212334
      Diff from the previous version on my Git repo

I've jumped the packaging of several versions since 3.14.15-102 but all the branches are available in my Git repo


It appears that pcid detection is broken on latest 3.14 tree. UDEREF will make udev segfault and make the init process exit before completing boot.
The solution to fallback on slow and weak UDEREF - which in my opinion is better than having no UDEREF at all - is to pass nopcid flag to your kernel command line.
The issue has been reported to PAX team and we're waiting for a fix :)

# dmesg | grep UDEREF 
PAX: slow and weak UDEREF enabled

As usual RPMs are available using the YUM repository, and don't hesitate to contact me if you find any issue.