site
contact
newsIntending to move to 5.10 LTS kernel
EasyOS Buster-series and Dunfell-series use the 5.4.x kernel.
Debian Buster 10 is actually based on the 4.19.x kernel, but I have no
issues with using the 5.4.x kernel.
However, when I tested a 5.8.x kernel, python was broken, so stayed
with 5.4.x. I was very interested in 5.8, due to improved security
possibilities with /proc in containers.
I was reminded about the 5.8 kernel a few days ago, when someone mentioned it has improved support for recent AMD CPUs.
For the last couple of days I have been looking at dropping the
CAP_SYS_ADMIN Linux capability in the "Copy session to RAM & disable
drives" mode. I have a patch that removes ability to mount filesystems
from CAP_SYS_ADMIN, to a new capability, CAP_SYS_MOUNT -- I have written
about this before. The patch has been modified somewhat for the 5.4
kernel, with some logic changes.
However, Xorg fails to run, with this in /var/log/Xorg.0.log:
modeset(0): drmsetmaster failed: permission denied
This is due to CAP_SYS_ADMIN having been dropped. I can see that the
drm_set_master_ioctl() function in the kernel looks like the culprit,
and rather than mess around with patching the 5.4 kernel, I see changes
for 5.8, that might fix the problem:
https://github.com/torvalds/linux/commit/45bc3d26c95a8fc63a7d8668ca9e57ef0883351c
https://stackoverflow.com/questions/29708596/drmdropmaster-requires-root-privileges
I see that the kernel developers have extracted some more bits of
CAP_SYS_ADMIN to separate capabilities in the 5.9 kernel. So rather than
create patches for the 5.4, 5.8, or 5.9 kernels, might be better to go
for the 5.10 kernel.
The intention is that I will move EasyOS from the Buster-series to
the Bullseye-series, Debian Bullseye being the next stable release of
Debian, expected to be released sometime in first half of 2021 I think. I
also guess that it will be based on the 5.10 kernel, as that is a Long
Term Support (LTS) release.
Some info about the 5.10 kernel:
https://www.zdnet.com/article/linux-5-10-will-be-the-next-long-term-support-linux-kernel/
...it is currently at 5.10-rc7.
Tags: easy