Consider adding the Bonding module to the SD grsec kernel

[nathandyer]

Description

Currently, the grsec kernel does not include the Bonding module necessary for combining multiple network interfaces into one. Although SecureDrop is a relatively low-bandwidth application, there are organizations that elect to make use of bonding, and in those scenarios they risk losing network access (and having the SecureDrop installation fail) once the system reboots into the current grsec kernel.

How will this impact SecureDrop users?

By adding this support, organizations who make use of bonded network interfaces would be able proceed with an installation as expected.

How would this affect SecureDrop's threat model?

No threat model changes or additional risks that I can think of.

User Stories

As an administrator, I want the grsec kernel to include the bonding module, so I can make use of bonded network interfaces to increase overall network throughput.

[legoktm]

So we're building the module:

kernel-builder/configs/config-securedrop-5.15

Line 2547 in 017b79e

CONFIG_BONDING=m

$ dpkg -c linux-image-5.15.135-1-grsec-securedrop_5.15.135-1-grsec-securedrop-1_amd64.deb | grep bonding
drwxr-xr-x root/root         0 2011-06-29 16:23 ./lib/modules/5.15.135-1-grsec-securedrop/kernel/drivers/net/bonding/
-rw-r--r-- root/root    422057 2011-06-29 16:23 ./lib/modules/5.15.135-1-grsec-securedrop/kernel/drivers/net/bonding/bonding.ko

Maybe it's not being enabled somehow?