1 |
On 12/26/2010 03:46 AM, pageexec@××××××××.hu wrote: |
2 |
> On 26 Dec 2010 at 1:59, Michael Orlitzky wrote: |
3 |
> |
4 |
>> I've got (at least) two servers that lose their root partition after |
5 |
>> this upgrade. One of them has an HP cciss SCSI RAID controller; the |
6 |
>> other has a single IDE hard drive. Assuming the problem is something |
7 |
>> common, I'll stick to describing the one with the array for now. |
8 |
> |
9 |
> which grsec is this ebuild based on? my guess is that it's a recent PaX/UDEREF |
10 |
> hardening that's causing this and should be mostly fixed now except for the |
11 |
> IP checksum code fix which i'll release soon. in the meantime you can disable |
12 |
> UDEREF. if you don't have it enabled then i don't know what it is, we'll need |
13 |
> more debugging, let me know. |
14 |
|
15 |
The hardened-patches contains the following: |
16 |
|
17 |
4423_grsec-remove-protected-paths.patch |
18 |
4420_grsecurity-2.2.1-2.6.36.2-201012121726.patch |
19 |
4435_grsec-kconfig-gentoo.patch |
20 |
4421_grsec-remove-localversion-grsec.patch |
21 |
4425_grsec-pax-without-grsec.patch |
22 |
4430_grsec-kconfig-default-gids.patch |
23 |
4422_grsec-mute-warnings.patch |
24 |
|
25 |
I do have UDEREF enabled: |
26 |
|
27 |
# grep UDEREF .config |
28 |
CONFIG_PAX_MEMORY_UDEREF=y |
29 |
|
30 |
I can try disabling it when I'd be willing to drive to work and reboot |
31 |
the thing. |