thestinger

These results are with glibc malloc on x86_64. The last public PaX and grsecurity patches don't support arm64 which is one of the two architectures (x86_64 kernels including x32/x86_32 and arm64 kernels including armv7 userspace) focused on by linux-hardened. There isn't anything other than x86_64 to compare across all 3 kernels although linux-hardened has the same end result for both x86_64 and arm64 (with slightly different starting points) and there are few mainline differences. The linux-hardened implementation of ASLR is a very minimal modification of the mainline implementation to fix the weaknesses compared to grsecurity. The intention is to upstream all of these changes, although care needs to be taken to properly justify them to avoid getting anything rejected unnecessarily.

Explanation of differences between kernels:

• Mainline and linux-hardened base randomization entropy for the mmap base and executable to the vm.mmap_rnd_bits sysctl for 64-bit and

devdsp

#!/usr/bin/perl

use strict;
use warnings;
use AnyEvent::I3 qw(:all);

my $i3 = i3();
$i3->connect->recv or die "Error connecting to i3";

my $output = undef;

alcol80

gdisk /dev/sda # make 1 partition

mkfs.vfat -n BOOT /dev/sda1
mkfs.btrfs -L root /dev/sdb
mkfs.btrfs -L docker /dev/sdc 

mount -t btrfs -o noatime,discard,ssd,autodefrag,compress=lzo,space_cache /dev/sdb /mnt/
btrfs subvolume create /mnt/nixos
umount /mnt/
mount -t btrfs -o noatime,discard,ssd,autodefrag,compress=lzo,space_cache,subvol=nixos /dev/sdb /mnt/

sqs

# When running Docker (0.8-0.11.1) on an Ubuntu 14.04 or Amazon Linux host,
# using btrfs, the btrfs partition fills up when building a container with
# docker-in-docker.
#
# STEPS TO REPRODUCE:
# 1. Launch a new EC2 instance with Ubuntu 14.04, 64-bit, m3.large.
# 2. Log in with `ssh -i /path/to/key.pem ubuntu@ec2-hostname`.
# 3. Copy this script to the EC2 instance and run it.
# 4. Wait ~3 minutes, and you'll see the error at the bottom.
#