I want to try the hardened Kernel, with a pretty recent COPR repo existing, including hardened_malloc and kernel-hardened.
- I cant install the hardened kernel, as I get “error multiple kernels found in /usr/lib/modules”
- I would like to be able to use my deployments, one with hardened kernel, one without
- I would probably need to replace the default malloc with the hardened malloc
Are these packages more secure than the default ones? The kernel is actually newer than Fedoras default one, so this gives me hope.
I know GrapheneOS devs doing lots of work on these things, and afaik these packages are derived from that.
rpm-ostree override replace ./kernel*.rpm
but the problem is, that nonlocal overrides are not yet implemented.
rpm-ostree override remove kernel kernel-core kernel-modules kernel-headers kernel-devel kernel-modules-extra --install kernel-hardened
This looks scary but should work, if the Kernel package is correctly built.
What packages would I need to replace to use the hardened_malloc?
I just tried
rpm-ostree override remove kernel kernel-core kernel-modules kernel-modules-extra glibc-common glibc --install kernel-hardened hardened_malloc
got these dependency errors:
rpcbind-1.2.6-3.rc2.fc37.x86_64 requires glibc-common, but none of the providers can be installed
Along with some local RPM needing many to-be-removed rpms
Has anyone experience with these packages? Any breakages, performance issues e.g.?