| 1 |
On Mon, 2004-06-07 at 00:07, Lars Kneschke wrote: |
| 2 |
|
| 3 |
> Jun 7 04:57:39 ProxyLK grsec: From 192.168.4.229: denied attempt to mount |
| 4 |
> /dev/loop0 as |
| 5 |
> /storage/catalyst/tmp/default/livecd-stage2-x86-20040604/var/tmp/genkernel/initrd-mount |
| 6 |
> from chroot by (mount:14881) UID(0) EUID(0), parent (genkernel:4372) UID(0) |
| 7 |
> EUID(0) |
| 8 |
> |
| 9 |
> Hm, now i just need to find out, how i can disable this feature. |
| 10 |
|
| 11 |
That should be a sysctl setting you can change (if you have sysctl |
| 12 |
features enabled). If you want to open up all the chroot settings, you |
| 13 |
could have it set with these options: |
| 14 |
|
| 15 |
kernel.grsecurity.chroot_findtask = 0 |
| 16 |
kernel.grsecurity.chroot_deny_sysctl = 0 |
| 17 |
kernel.grsecurity.chroot_caps = 0 |
| 18 |
kernel.grsecurity.chroot_execlog = 0 |
| 19 |
kernel.grsecurity.chroot_restrict_nice = 0 |
| 20 |
kernel.grsecurity.chroot_deny_mknod = 0 |
| 21 |
kernel.grsecurity.chroot_deny_chmod = 0 |
| 22 |
kernel.grsecurity.chroot_enforce_chdir = 0 |
| 23 |
kernel.grsecurity.chroot_deny_pivot = 0 |
| 24 |
kernel.grsecurity.chroot_deny_chroot = 0 |
| 25 |
kernel.grsecurity.chroot_deny_fchdir = 0 |
| 26 |
kernel.grsecurity.chroot_deny_mount = 0 |
| 27 |
kernel.grsecurity.chroot_deny_unix = 0 |
| 28 |
kernel.grsecurity.chroot_deny_shmat = 0 |
| 29 |
|
| 30 |
Those should all disable any grsec related chroot restrictions for you. |
| 31 |
Although, I'd recommend you change those settings back after you're done |
| 32 |
building. Perhaps some of the hardened folks might know of a better |
| 33 |
method than this? |
| 34 |
|
| 35 |
Cheers, |
| 36 |
-- |
| 37 |
Lance Albertson <ramereth@g.o> |
| 38 |
Gentoo Infrastructure |
| 39 |
|
| 40 |
--- |
| 41 |
GPG Public Key: <http://www.ramereth.net/lance.asc> |
| 42 |
Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 |
| 43 |
|
| 44 |
ramereth/irc.freenode.net |
Archives