I am considering to package LKRG for Debian buster, Whonix, Kicksecure and Qubes Debian templates.
(Inside Qubes OS. Using Qubes VM kernel, i.e. kernel by Debian. See related.)
Initially it will be an opt-in package to encourage wider testing. Should that work well, installation of LKRG by default will be considered.
Current status: I’ve successfully compiled and load the LKRG module in a Qubes Debian standalone VM using Qubes VM kernel.
Outreach:
- Contacted upstream LKRG developers privately. To paraphrase: “We don’t oppose you packaging it. As long as LKRG exists, there will always be a free and libre version. There is no pro version yet. A hypothetical future pro version would not change that.” In my words: “there won’t be a grsecurity alike situation where everything gets closed down”.
- LKRG mailing list: LKRG Debian 10 buster / Debian packaging
- LKRG mailing list: module loading / systemd bug report / suggestion
- Debian request for packaging: Linux Kernel Runtime Guard - LKRG