site  contact  subhomenews

Intending to move to 5.10 LTS kernel

December 14, 2020 — BarryK

EasyOS Buster-series and Dunfell-series use the 5.4.x kernel. Debian Buster 10 is actually based on the 4.19.x kernel, but I have no issues with using the 5.4.x kernel.

However, when I tested a 5.8.x kernel, python was broken, so stayed with 5.4.x. I was very interested in 5.8, due to improved security possibilities with /proc in containers.

I was reminded about the 5.8 kernel a few days ago, when someone mentioned it has improved support for recent AMD CPUs.

For the last couple of days I have been looking at dropping the CAP_SYS_ADMIN Linux capability in the "Copy session to RAM & disable drives" mode. I have a patch that removes ability to mount filesystems from CAP_SYS_ADMIN, to a new capability, CAP_SYS_MOUNT -- I have written about this before. The patch has been modified somewhat for the 5.4 kernel, with some logic changes.

However, Xorg fails to run, with this in /var/log/Xorg.0.log:

modeset(0): drmsetmaster failed: permission denied

This is due to CAP_SYS_ADMIN having been dropped. I can see that the drm_set_master_ioctl() function in the kernel looks like the culprit, and rather than mess around with patching the 5.4 kernel, I see changes for 5.8, that might fix the problem:

I see that the kernel developers have extracted some more bits of CAP_SYS_ADMIN to separate capabilities in the 5.9 kernel. So rather than create patches for the 5.4, 5.8, or 5.9 kernels, might be better to go for the 5.10 kernel.

The intention is that I will move EasyOS from the Buster-series to the Bullseye-series, Debian Bullseye being the next stable release of Debian, expected to be released sometime in first half of 2021 I think. I also guess that it will be based on the 5.10 kernel, as that is a Long Term Support (LTS) release.

Some info about the 5.10 kernel: is currently at 5.10-rc7. 

Tags: easy