David Ross is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
David Ross @david_ross

I just switched to . It's a kernel provided by in the Arch Community repo.

Adds improved address space randomization for user space processes, restricts access to kernel logs & pointers, and various compil time config options. wiki.archlinux.org/index.php/S

Was terrifying removing linux and linux-headers. It broke, but I managed to correct Grub.

Β· Web Β· 2 Β· 4

I blogged about it. Mostly in case I stuffed it up like that again!!

Don't be overconfident people. I didn't break anything (thankfully) but do make use of the scripts available.


*I might be reading a book on the Linux Kernel and prematurely starting to think I was all clever and stuff. πŸ˜† 😹

Don't follow me I'm lost too etc.

@david_ross I haven't tried the hardened but am pretty sure you do not need to remove the original one. I have linux and linux-zen kernel installed and chose during boot which one I want to use. So if an update of linux-zen get corrupted I can easily just boot the original kernel. Many do this with linux-lts kernel. I have also made custom kernels in the past.

So I would recommend that not uninstalling the original... as it is not needed. It is good to have multiple installed.

@shellkr thanks for the info, it's really helpful to me. So you define the preferred kernel how? In Grub?

@david_ross You chose it in the boot menu when you start up.. either via Grub or other manager like systemd-boot.

@shellkr ah right yeah. One of those cases of seeing something so often you forget it's even there!

@david_ross Yeah, and remember. You can always arch-chroot back into a install and fix it via usb-stick or whatever. Just mount the system partition and reinstall/fix the issue and reboot.

It's almost impossible to render an Arch install unable to recover. ;)

@david_ross one of my rar golden rules: never touch the kernel πŸ˜‚

@crowd42 I've been learning Rust, so on a basic level at least understanding the user and systems spaces more deeply has some benefit.

@david_ross I currently have both linux and linux-hardened installed, with -hardened as default. The funny thing is, I did it because I needed user namespaces, which are too insecure to enable by default, and upstream has no sysctl knob, but -hardened does. So I run -hardened to get a less secure system.