| 1 |
Matt Poletiek wrote: |
| 2 |
|
| 3 |
>> > What do I lose by disabling it? If I am reading this correctly all the |
| 4 |
>> > grsec features will be on by default if sysctl support is disabled? |
| 5 |
|
| 6 |
>> The reason it's killing the hardened features is you can do |
| 7 |
>> something like "sysctl -w someHardenedFeature=0" to disable it. I'm |
| 8 |
>> sure others will have a much better explanation, but I believe |
| 9 |
>> disabling sysctl will be the quick and proper fix. |
| 10 |
|
| 11 |
> If I make the change will I have to recompile the toolchain&userland? |
| 12 |
> Just booting the new kernel didnt fix anything. |
| 13 |
|
| 14 |
Enabling or disabling grsec's sysctl support requires only a kernel |
| 15 |
compile and reboot into the new kernel. Your experience simply shows |
| 16 |
that sysctl support wasn't the problem. |
| 17 |
|
| 18 |
Cheers |
| 19 |
|
| 20 |
Andrew |
Archives