It would also be nice to have apparmor in the `linux-libre` kernel, it's currently enabled for i686 and x86 but not for armv7h

The thing is that Parabola kernels [linux-libre, -lts, -pck (based on -zen) and -hardened for instance, and -pae from Arch32] try yo follow as closely as they can to their Arch{32,ARM} counterparts in terms of patches, PKGBUILD and config. The only modifications I do are the ones made by deblob-config

That means that if Arch enables CONFIG_SECURITY_APPARMOR for their stable kernels, our stable kernels will have it too. If their lts kernels don't, ours won't have it. If ArchARM doesn't have CONFIG_SECURITY_APPARMOR, out armv7h kernels won't have it.

I'd like to add new super-cool kernels, but there are two issues: 1) maintaining them takes up a lot of time (which I don't have much of it), and 2) armv7h kernels take much longer than i686/x86_64 ones, so it becomes a PITA.

Now, if anyone is willing to, someone could copy-paste linux-libre{-lts} and just modify a bit the config files to enable apparmor, then the maintainer would just have to follow my linux-libre devel and he would make the necessary changes to the new kernel.

Thanks Megver.
Fair enough, keeping as close as possible to the distros on which parabola is based will make maintenance a lot better in the long run.

So I wanted to post an issue or discussion on archlinuxarm.org, and there's no issues or bug reporting. They have a github but their issues are turned off. Anyone have any idea what the best way to submit issues is? Seems convoluted...

the arch-arm website has a "contact" page

https://archlinuxarm.org/about/contact

Thanks, so I asked the question their IRC. Didn't get too much interest other than 'you can build your own kernels quite easily btw'. Which I've done before, but it's nicer for the community if there's already a built kernel with some of these extra security features
So:
1) Can I help with maintaining? I'd love to see an ARM parabola kernel with apparmor. Not sure how helping out would work.
2) armv7h kernels take longer... compiling?

thebigfrog wrote:

Thanks, so I asked the question their IRC. Didn't get too much interest other than 'you can build your own kernels quite easily btw'.

ALARM sucks. In all ways.

So:
1) Can I help with maintaining? I'd love to see an ARM parabola kernel with apparmor. Not sure how helping out would work.
2) armv7h kernels take longer... compiling?

Sure, everyone is welcomed to help. And yes, it takes MUCH longer to compile. I build them in a Core i7 vPro computer, with 4GB of RAM, and the thing takes like almost 24hr to build. That's why I do not launch kernel updates immediately after they are available. Some times I even skip some versions (specially with PCK, which is the kernel that takes the longest to compile, so don't imagine how is building it for ARM... takes like 35-36 hours)

beefcake is idle most of the time - craving to do those tough jobs

thebigfrog -

in case you did not know this, the 'linux-libre-xtreme' kernel has apparmor enabled IIRC, only it is not LTS

Thanks bill, I tried out `linux-libre-xtreme` to see what it's like

Works great on an iMX6 box I have, but weird stuff happens with my lime2 card, which is based on the A20.
Average system load goes up from basically nothing (0.04) to 0.2, and temperature jumps up about 10C, really weird. I think it's maybe to do with frequency scaling, I guess I should post a separate bug report for this.

I'm gonna try and compile a newer 4.9 lts in the meantime. What's the easiest way to cross-compile from an x86 ubuntu machine? an Arch VM?

i think the scripts in the 'parabola-vmbootstrap' package are
the recommended way to create a cross-build environment on
parabola