OVH Community, your new community space.

How to compile stuff in spite of OVH custom kernels?


tobltobs
27-01-2017, 08:40
Actually, I would consider a "frankenstein" an app that does things forbidden by grsecurity, because those practices, with or without grsecurity, are considered really bad ones.
Then OVH should state somewhere visible on their website, that using g++ is considered bad practice and isn't supported by their custom kernels.
alvaroag
27-01-2017, 05:34
Hi.

For an MG-128, you should have no problem when using a Vanilla kernel. On other models(such as HOSTING ranges) it could be more troublesome, because those models require a NIC driver which is not part of a default kernel, so you have to either use the OVH kernel, or use a vanilla kernel and compile the driver by yourself.

OVH kernels ARE compilable; many users have done it without problem, just downloading source & config from OVH FTP. If you provide me with the commands you tried to compile it with, I may be able to help you.

I won't consider those as "frankenstein" kernels.... grsecurity is a really good set of patches. I would even says it does more for security than SELinux.... Actually, I would consider a "frankenstein" an app that does things forbidden by grsecurity, because those practices, with or without grsecurity, are considered really bad ones.
tobltobs
26-01-2017, 23:39
I tried to compile OpenCV on a MG-128-S Debian 8 server. But the Grsecurity patch of the custom OVH kernels did prevent this.
I was able to replace the kernel [1] with a vanilla kernel and then succeeded in compiling OpenCV.

I then tried to find out if running a not ovh custom kernel might be problematic. However it seems to be impossible to get an answer for this.
In the forums you can find such non helpful answers as
It's about security, stability, optimization ...
or
If the server comes back online it should be ok
.
A support request was answered with
... nor can we provide any support for it.[2]
.

Running a server with a "maybe not supported" kernel isn't a choice for me. Therefore I am looking for a way to be able to compile stuff in spite of Grsecurity.

My questions are:
- Are there any options to tame make so that Grsecuritys paranoia is not triggered? (I already tried it with -j1)
- Or can the Grsecurity config be modified?


[1] To replace the kernel I used:
Code:
# apt-get install linux-image-amd64
# cd  /etc/grub.d 
# mv 06_OVHkernel 99_OVHkernel 
# update-grub
[2] I am bit shocked that OVH seems to think that it is normal to rent out servers with some frankenstein kernels which even can't compile stuff. Seriously?