List Archive: gentoo-hardened
I started getting these messages after an upgrade from
hardened-sources-2.6.20-r10 to 2.6.22.r8. Nothing changed from the old
config. I just did "make oldconfig" and answered N to everything since
they weren't relevant. In particular, nothing in PAX or GrSec menus
were changed, though whenever I get big nasty messages like this I
suspect one of them. Can anyone give me some direction as to how to fix
this or what might be causing it? I can post the full configs if need be.
Thanks,
Brian
# dmesg
Oct 29 21:30:14 tux-mc Bad page state in process 'cactid'
Oct 29 21:30:14 tux-mc page:c1467da0 flags:0x40000001 mapping:00000000
mapcount:0 count:0
Oct 29 21:30:14 tux-mc Trying to fix it up, but a reboot is needed
Oct 29 21:30:14 tux-mc Backtrace:
Oct 29 21:30:14 tux-mc [<c044a16f>] [<c044ab14>] [<c0453e2c>]
[<c045512c>] [<c04145ba>] [<c04319d2>] [<c0432ad3>] [<c04212d3>]
[<c04143e0>] [<c06e5e65>] [<c06e007b>] [<c06e0000>] [<c0402a98>]
=======================
Oct 29 21:30:15 tux-mc Bad page state in process 'cactid'
Oct 29 21:30:15 tux-mc page:c159a480 flags:0x40000001 mapping:00000000
mapcount:0 count:0
Oct 29 21:30:15 tux-mc Trying to fix it up, but a reboot is needed
Oct 29 21:30:15 tux-mc Backtrace:
Oct 29 21:30:15 tux-mc [<c044a16f>] [<c044ab14>] [<c0453e2c>]
[<c045512c>] [<c04145ba>] [<c06c995a>] [<c04143e0>] [<c06e5e65>]
[<c046007b>] [<c06e0000>] =======================
# uname -a
Linux tux-mc 2.6.22-hardened-r8 #1 SMP Mon Oct 29 21:05:58 CDT 2007 i686
Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux
# some .config sections
#
# Security options
#
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
# CONFIG_GRKERNSEC_HARDENED is not set
CONFIG_GRKERNSEC_CUSTOM=y
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=10005
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=10006
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=10004
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=10003
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=10002
#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_ON is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=5
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
# CONFIG_PAX_KERNEXEC is not set
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
|
| Attachment: |
|
smime.p7s (S/MIME Cryptographic Signature)
|
|
