When you start compiling your kernel with menuconfig, or xconfig you can find the Grsecurity / Pax settings under security -> grsecurity. It's advised to use the Arch build system (ABS) for compilation as it will produce packages which can be managed with pacman. Pacman is a realy nice package manager, if you learn how to use it you won't regret . This is the wiki page for pacman: https://wiki.archlinux.org/index.php/Pacman This is the Arch wiki page for ABS: https://wiki.archlinux.org/index.php/Arch_Build_System And this one is for compiling kernels with ABS: https://wiki.archlinux.org/index.php/Kernels/Arch_Build_System The documentation of Arch is realy the best you can find within the linux world, it's mostly up to date, and all the things you need are stated out very clearly. Good luck, and use DuckDuckGo or Google to find your answers.
I presume you compiled the kernel without enabling PAX soft mode. With soft mode enabled, you will at least have a running X.
Thats correct, i took a note not to disable it on Arch unless i know what the consequenses are. Thanks again.
The problem with not being able to save documents in Libreoffice in Arch was related to the gtk3 engine, used by default. I switched it to gtk2, and the problems are gone now. However i'm not exactly sure what the relation to Pax or grsecurity is. You can switch Libreoffice to gtk2 by editing /etc/profile.d/libreoffice-fresh.sh (just uncomment the gtk2 line)
Softmode isn't required to have functioning X Unless you compiled your own Kernel with "Restrict mprotect()" enabled (which you shouldn't anyway).
By soft mode I meant PAGEEXEC, EMULTRAP, MPROTECT, RANDMMAP and SEGMEXEC turned off by default and enforced on a per ELF object basis. Of course all of these are not required to have a functioning X, only disabling MPROTECT will do; I was just talking in a broader context.
Thanks for the clarification! Can somebody tell me how the sandboxing works with Grsecurity? Do you need to use chroot for that?
Thank you very much for this. I'm actually considering using this repo on Jessie, though I'm not sure who this guy really is. Does anyone have info on him? I'll wait to see if the MX community (which includes some Debian developers) can backport the entire grsec base to Jessie. Otherwise I'll use this Corsac repo.