grsec kernel false positive?

[pigen]

Hello,

Not so long ago I changed my default debian kernel to more secure grsec kernel.
After changing, the needrestart always notifies me, that I should restart the server, to apply new kernel:

Pending kernel upgrade

Newer kernel available
The currently running kernel version is 4.8.0-2-grsec-amd64 which is not the expected kernel version 4.8.0-2-grsec-amd64 (corsac@debian.org) #1 SMP Debian 4.8.15-2+grsec201701031913+1~bpo8+1 (2017-01-28)???+??a+???+??.

Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting.

My system info:
root@franky.local:/home/pigen# uname -a
Linux franky.local 4.8.0-2-grsec-amd64 #1 SMP Debian 4.8.15-2+grsec201701031913+1~bpo8+1 (2017-01-28) x86_64 GNU/Linux

root@franky.local:/home/pigen# lsb_release -a

• No LSB modules are available.
• Distributor ID: Debian
• Description: Debian GNU/Linux 8.7 (jessie)
• Release: 8.7
• Codename: jessie

root@franky.local:/home/pigen# dpkg -l | grep grsec

• ii gradm2 3.0201408301734-1 amd64 Administration program for the grsecurity2 RBAC based ACL system
• ii linux-grsec-base 11bpo8+1 all Linux image base package, grsec featureset
• ii linux-image-4.8.0-2-grsec-amd64 4.8.15-2+grsec201701031913+1bpo8+1 amd64 Linux 4.8 for 64-bit PCs, Grsecurity protection
• ii linux-image-grsec-amd64 11bpo8+1 amd64 Linux image meta-package, grsec featureset

root@franky.local:/home/pigen# dpkg -l | grep needrestart
ii needrestart 1.2-8+deb8u1 all check which daemons need to be restarted after library upgrades

Is this because the original debian kernel had an upgrade?

BR,
Tamás

[liske]

There was a fix in needrestart 2.10 to workaround the broken grsec kernels (see also issue #46). There is needrestart 2.11 available for jessie in the bpo repository.