1 |
Rumen Yotov wrote: |
2 |
|
3 |
> The hardened-grsec2-PaX kernel works OK /exept grsec not starting after |
4 |
> 2.6.5-r5- i'll check that later/, but for some time /two days/ the |
5 |
> rsbac-kernel can't boot - can't boot (mount /) and stays there - |
6 |
> hard-lock. |
7 |
|
8 |
1. Try to add |
9 |
|
10 |
CONFIG_RSBAC_DEBUG=y |
11 |
|
12 |
to you kernel config - will give you more details on rsbac work |
13 |
|
14 |
2. You can boot with non-rsbac kernel and delete all rsbac.dat/ dirs |
15 |
from ALL partitions. This will force rsbac to start from scratch, |
16 |
so if there is problems from previous versions they will gone |
17 |
|
18 |
3. Try to disable PaX, RSBAC, both and see when your system hangs. |
19 |
|
20 |
4. Compile vanilla kernel with RSBAC only, so no other patches included |
21 |
to be sure it's the RSBAC problem (there was some XFS problems with |
22 |
2.6.7 vanilla for example, also your grsec [pax included in it] |
23 |
not working) |
24 |
|
25 |
5. You can try ebuilds from http://dev.gentoo.org/~zhware/rsbac/v1.2.3/ |
26 |
they have newer PaX than official sources |
27 |
|
28 |
And one advice: maybe better to stay with 2.4 kernels, specially if it |
29 |
is a server. The RSBAC is binary compatible for 2.4 and 2.6 branches |
30 |
so later (when 2.6 become more stable) you can switch. |
31 |
|
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |