this also worked under debian9 stretch…

it now also works for Centos7/Redhat.

in this example i try to compile the latest kernel from kernel.org on CentOS7

it compiles… and boots up…

hit ESC or other keys to see the verbose kernel output instead of the loading bar…

hostn[user@CentOS7 ~]$ hostnamectl; # tested on
   Static hostname: CentOS7
         Icon name: computer-vm
           Chassis: vm
        Machine ID: ad6f3410bf2346ec97a6fdc05dc4a607
           Boot ID: 672a7c82474a4053861f07e5f29222b5
    Virtualization: microsoft
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-514.26.1.el7.x86_64
      Architecture: x86-64

su; # become root
yum update; # update system
reboot;
cd /usr/src/
wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.12.tar.xz
tar fxvJ linux-4.12.tar.xz
ln -sv linux-4.12 linux
cd linux

cp /boot/config-3.10.0-514.el7.x86_64 .config; # reuse the currently used kernel.config
make clean
make menuconfig; # all i modified here is under General -> Custom string cuztom

time make -j4
make modules_install
make install

Makefile:933: "Cannot use CONFIG_STACK_VALIDATION, please install libelf-dev, libelf-devel or elfutils-libelf-devel"
sh ./arch/x86/boot/install.sh 4.12.0cuztom arch/x86/boot/bzImage \
 System.map "/boot"

modules and kernel install fine – after reboot i can select the new kernel 4.12 and it boots up fine.

[user@CentOS7 ~]$ hostnamectl
   Static hostname: CentOS7
         Icon name: computer-vm
           Chassis: vm
        Machine ID: ad6f3410bf2346ec97a6fdc05dc4a607
           Boot ID: 58e86772e8b34dab97bd2428e7592413
    Virtualization: microsoft
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 4.12.0cuztom
      Architecture: x86-64

CONGRATULATIONS! 🙂

….not sure what those messages are about:

full error message:

SELinux is preventing /usr/libexec/accounts-daemon from using the dac_read_search capability.

*****  Plugin dac_override (91.4 confidence) suggests   **********************

If sie berprfen wollen, ob Domne diesen Zugriff bentigt oder Sie eine Datei mit den falschen Berechtigungen auf Ihrem System haben
Then aktivieren Sie die vollstndige Audit-Funktion, um die Pfad-Information der problematischen Datei zu erhalten. Dann reproduzieren Sie den Fehler erneut.
Do

Volle Audit-Funktion aktivieren
# auditctl -w /etc/shadow -p w
Versuchen Sie AVC zu reproduzieren. Fhren Sie dann folgendes aus
# ausearch -m avc -ts recent
Falls PATH record ersichtlich ist, berprfen Sie Eigentmer/ Berechtigungen der Datei und korrigieren Sie dies,
anderenfalls melden Sie dies an Bugzilla.

*****  Plugin catchall (9.59 confidence) suggests   **************************

If sie denken, dass accounts-daemon standardmig dac_read_search Berechtigung haben sollten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, knnen Sie ein lokales Richtlinien-Modul erstellen.
Do
allow this access for now by executing:
# ausearch -c 'accounts-daemon' --raw | audit2allow -M my-accountsdaemon
# semodule -i my-accountsdaemon.pp

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:system_r:accountsd_t:s0
Target Objects                Unknown [ capability ]
Source                        accounts-daemon
Source Path                   /usr/libexec/accounts-daemon
Port                          
Host                          CentOS7
Source RPM Packages
Target RPM Packages
Policy RPM                    selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     CentOS7
Platform                      Linux CentOS7 4.12.0cuztom #1 SMP Mon Jul 3
                              12:01:05 CEST 2017 x86_64 x86_64
Alert Count                   6
First Seen                    2017-07-03 15:13:18 CEST
Last Seen                     2017-07-03 15:13:52 CEST
Local ID                      286945cd-6cfc-4233-a5b4-747cfe5afe79

Raw Audit Messages
type=AVC msg=audit(1499087632.710:111): avc:  denied  { dac_read_search } for  pid=782 comm="accounts-daemon" capability=2  scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:system_r:accountsd_t:s0 tclass=capability permissive=0


Hash: accounts-daemon,accountsd_t,accountsd_t,capability,dac_read_search


important or simply cool and probably related links 🙂

watch Linus Torvalds at work at kernel.org: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

https://www.heise.de/ct/artikel/Die-Neuerungen-von-Linux-4-12-3712705.html

Among the material likely coming for Linux 4.13 that we have already covered on Phoronix includes:

– Initial AMD Raven Ridge graphics support (sans no display due to no DC/DAL yet), Vega fixes, and other updates.

Many Allwinner DRM changes.

DRM sync objects are landing.

Raspberry Pi / VC4 improvements.

Various updates to the Intel DRM driver.

Large directory support for EXT4.

XPad updates and Google Rose Touchpad support.

AES-128-CBC support in Fscrypt, the file-system generic crypto code currently utilized by EXT4 and F2FS.

– Possibly the AMD SME/SEV security features supported by new EPYC CPUs.

– Continued push for more HDMI CEC drivers.

Stay tuned for thorough Linux 4.13 kernel feature coverage once the merge window opens following the 4.12 debut.

src: http://www.phoronix.com/scan.php?page=news_item&px=Linux-4.13-Early-Look

admin