| 1 |
Rumen Yotov wrote: |
| 2 |
|
| 3 |
> The hardened-grsec2-PaX kernel works OK /exept grsec not starting after |
| 4 |
> 2.6.5-r5- i'll check that later/, but for some time /two days/ the |
| 5 |
> rsbac-kernel can't boot - can't boot (mount /) and stays there - |
| 6 |
> hard-lock. |
| 7 |
|
| 8 |
1. Try to add |
| 9 |
|
| 10 |
CONFIG_RSBAC_DEBUG=y |
| 11 |
|
| 12 |
to you kernel config - will give you more details on rsbac work |
| 13 |
|
| 14 |
2. You can boot with non-rsbac kernel and delete all rsbac.dat/ dirs |
| 15 |
from ALL partitions. This will force rsbac to start from scratch, |
| 16 |
so if there is problems from previous versions they will gone |
| 17 |
|
| 18 |
3. Try to disable PaX, RSBAC, both and see when your system hangs. |
| 19 |
|
| 20 |
4. Compile vanilla kernel with RSBAC only, so no other patches included |
| 21 |
to be sure it's the RSBAC problem (there was some XFS problems with |
| 22 |
2.6.7 vanilla for example, also your grsec [pax included in it] |
| 23 |
not working) |
| 24 |
|
| 25 |
5. You can try ebuilds from http://dev.gentoo.org/~zhware/rsbac/v1.2.3/ |
| 26 |
they have newer PaX than official sources |
| 27 |
|
| 28 |
And one advice: maybe better to stay with 2.4 kernels, specially if it |
| 29 |
is a server. The RSBAC is binary compatible for 2.4 and 2.6 branches |
| 30 |
so later (when 2.6 become more stable) you can switch. |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives