1 |
On Mon, 2004-06-07 at 00:07, Lars Kneschke wrote: |
2 |
|
3 |
> Jun 7 04:57:39 ProxyLK grsec: From 192.168.4.229: denied attempt to mount |
4 |
> /dev/loop0 as |
5 |
> /storage/catalyst/tmp/default/livecd-stage2-x86-20040604/var/tmp/genkernel/initrd-mount |
6 |
> from chroot by (mount:14881) UID(0) EUID(0), parent (genkernel:4372) UID(0) |
7 |
> EUID(0) |
8 |
> |
9 |
> Hm, now i just need to find out, how i can disable this feature. |
10 |
|
11 |
That should be a sysctl setting you can change (if you have sysctl |
12 |
features enabled). If you want to open up all the chroot settings, you |
13 |
could have it set with these options: |
14 |
|
15 |
kernel.grsecurity.chroot_findtask = 0 |
16 |
kernel.grsecurity.chroot_deny_sysctl = 0 |
17 |
kernel.grsecurity.chroot_caps = 0 |
18 |
kernel.grsecurity.chroot_execlog = 0 |
19 |
kernel.grsecurity.chroot_restrict_nice = 0 |
20 |
kernel.grsecurity.chroot_deny_mknod = 0 |
21 |
kernel.grsecurity.chroot_deny_chmod = 0 |
22 |
kernel.grsecurity.chroot_enforce_chdir = 0 |
23 |
kernel.grsecurity.chroot_deny_pivot = 0 |
24 |
kernel.grsecurity.chroot_deny_chroot = 0 |
25 |
kernel.grsecurity.chroot_deny_fchdir = 0 |
26 |
kernel.grsecurity.chroot_deny_mount = 0 |
27 |
kernel.grsecurity.chroot_deny_unix = 0 |
28 |
kernel.grsecurity.chroot_deny_shmat = 0 |
29 |
|
30 |
Those should all disable any grsec related chroot restrictions for you. |
31 |
Although, I'd recommend you change those settings back after you're done |
32 |
building. Perhaps some of the hardened folks might know of a better |
33 |
method than this? |
34 |
|
35 |
Cheers, |
36 |
-- |
37 |
Lance Albertson <ramereth@g.o> |
38 |
Gentoo Infrastructure |
39 |
|
40 |
--- |
41 |
GPG Public Key: <http://www.ramereth.net/lance.asc> |
42 |
Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 |
43 |
|
44 |
ramereth/irc.freenode.net |