The .config, the part inherent to PAX and GRSecurity is
avalilable in this post:
It's not my post but it includes the same .config I have
and the "writer" has the same PAX problem I have with the
same 220.127.116.11 patch.
I'm used to apply, successfully, this patch
so I know how to configure it, I used the official documentation,
so it's probably a bug and not a kernel misconfiguration;
in the past PAX has always been working as paxtest reveals,
in fact all programs needing an executable stack needed tuning
I found the problem also in the last "test patch".
Testing code is not stable, so it's normal it could be buggy,
but a soo big bug in a "security kernel patch
released since months it's surely a serious problem.
It's paradoxical: you want to increase security,
you use a security stable patch and you rebuild the kernel
and all external driver (boring work on a desktop)
then you get a no-protected kernel,
quite frustrating, don't you?
Changing configuration increasing GRsecurity level to custom
and tuning manually, gives me a kernel oops on reboot :-/
There's also SElinux, but it's not well supported in Feisty and
if you choose tuning like removing upstart and so on you'll get
problem anyway as I read.
Apparmor is not secure as GRSecurity and it gives some installing problems yet.
The only serious alternative is RSBAC, but it's too hard for
a desktop and it takes me too much time in configuring, at this
moment I only have basic protection :-/