SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Pat has released for stable the most recent kernel 4.4.189 with the latest mitigations for Spectre. http://www.slackware.com/changelog/s...php?cpu=x86_64 Follow the instructions for loading.
I do have one need beyond Pat's general config for his conmpile, it does not include FANOTIFY_ACCESS_PERMISSIONS=Y, which is needed for checking malware during on-access for both CLAMAV and Sophos Antivirus for Linux. I understand some features can be setup as a module for later loading, but this feature is either on or off, it is off, so on-access scanning fails. My limited knowledge is telling me that only a new config and kernel build will resolve this setting.
Short of recompiling from source, which I've been doing for over a year, is there a way to simply turn that feature on during the system boot load of the kernel, maybe something in init?
Short of recompiling from source, which I've been doing for over a year, is there a way to simply turn that feature on during the system boot load of the kernel, maybe something in init?
There's nothing I'm aware of that can change this feature in the kernel. I believe it is only configurable when compiling.
I do have one need beyond Pat's general config for his compile, it does not include FANOTIFY_ACCESS_PERMISSIONS=Y, which is needed for checking malware during on-access for both CLAMAV and Sophos Antivirus for Linux. I understand some features can be set up as a module for later loading, but this feature is either on or off, it is off, so on-access scanning fails. My limited knowledge is telling me that only a new config and kernel build will resolve this setting.
Short of recompiling from source, which I've been doing for over a year, is there a way to simply turn that feature on during the system boot load of the kernel, maybe something in init?
Appreciate advice, Cheers, Brian
Has been added to the kernel-source packages in -current according to the latest ChangLogs:
Quote:
Fri Aug 16 19:20:41 UTC 2019
k/kernel-source-4.19.67_smp-noarch-1.txz: Upgraded. FANOTIFY_ACCESS_PERMISSIONS n -> y
k/kernel-source-4.19.67-noarch-1.txz: Upgraded. FANOTIFY_ACCESS_PERMISSIONS n -> y
Last edited by mats_b_tegner; 08-17-2019 at 04:45 PM.
That is encouraging. I wonder if Pat will add it to the stable 4.4.x releases also? Cheers, BrianA_MN
Well now, normally I won't add new features to a stable release, but I was actually entertaining that idea when the next 4.4.x fixing a CVE comes out. The option is getting tested in -current, seems like all the other distros have enabled it for a while... any objections?
Well now, normally I won't add new features to a stable release, but I was actually entertaining that idea when the next 4.4.x fixing a CVE comes out. The option is getting tested in -current, seems like all the other distros have enabled it for a while... any objections?
I certainly don't have any objection! Thanks for considering it. Cheers, BrianA_MN
Well now, normally I won't add new features to a stable release, but I was actually entertaining that idea when the next 4.4.x fixing a CVE comes out. The option is getting tested in -current, seems like all the other distros have enabled it for a while... any objections?
No objection from me, and I'd go as far as suggesting that you ship a 4.19 kernel in 14.2. I have been using that and shipping it in Slint since five months with no issue reported (admittedly from a very small users base). Maybe on the occasion of a new CVE fix appearing here? This, as firmware updates, could help people with a relatively new hardware not yet supported by 4.4.x to install Slackware 14.2.
Last edited by Didier Spaier; 08-19-2019 at 03:41 AM.
No objection from me, and I'd go as far as suggesting that you ship a 4.19 kernel in 14.2. I have been using that and shipping it in Slint since five months with no issue reported (admittedly from a very small users base). Maybe on the occasion of a new CVE fix appearing here? This, as firmware updates, could help people with a relatively new hardware not yet supported by 4.4.x to install Slackware 14.2.
4.19.x has an EOL of December 2020 though, whereas 4.4.x's EOL is Feb 2022, so from that perspective at least it makes sense to stay with 4.4.x.
Something definitive's going to have to happen with 15.0 though: 5.4 has been confirmed LTS but its EOL is Dec 2021. Now that's no way long enough for Slackware 15.0 and earlier than I, for one, expected.
I think Pat's going to have to change kernels during 15.0 or release 15.1 soon thereafter, since waiting to see what happens with the 5.9 kernel would mean 15.0 not releasing until 2021, or late 2020 at the earliest.
Last edited by Lysander666; 08-19-2019 at 06:15 AM.
4.19.x has an EOL of December 2020 though, whereas 4.4.x's EOL is Feb 2022, so from that perspective at least it makes sense to stay with 4.4.x.
I suggested 4.19.x because that's what Pat provides for -current , so the same kernels could be provided for both -current and 14.2: no more work but still would help users with new hardware and not wanting or able to run -current.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.