XX_grsecurity

From http://www.grsecurity.net/

You need an ACL system if you want to restrict access
to files, capabilities, resources, or sockets to ALL 
users, including root.  This is what is called a 
Mandatory Access Control (MAC) model.  The other 
features of grsecurity are only effective at fending
off attackers trying to gain root, so the ACL system
is used to fill in this gap. 

Least privilege can be granted to processes, which
in turn forces attackers to reevaluate their methods
of attack, since gaining access to the root account
no longer means that they have full access to the 
system.  Access can be explicitly granted to
processes that need it, in such a way that root acts
as any other user. 

Though grsecurity and its ACL system are in no means
perfect security, they greatly increase the
difficulty of successfully compromising the system.

Patching:  Overall very straight forward, one p->nice to task_nice(p) change
and the Config.in had several "define bool" instead of "define_bool" issues.

-------------------------------------------------------------------------------
