1 |
2011.Szeptember 3.(Szo) 21:46 időpontban Anthony G. Basile ezt írta: |
2 |
> It does look like the same issue again. I don't think we really solved |
3 |
> it, but just found a workaround which you specify above. |
4 |
|
5 |
It's definitely back. |
6 |
|
7 |
> It turns out that you can compile it static and change mode upon booting |
8 |
> by echoing values to /sys/class/net/bond0/bonding/mode. I do that on |
9 |
> two systems running ancient 2.6.34 kernels, but this should work on |
10 |
> 3.0.x. You can try that. |
11 |
|
12 |
The problem is, that if I put some echo lines in the preup phase of the |
13 |
network setup, it returns with an error message, that the file cannot be |
14 |
written to. After I could manually do it, it is already up, and the kernel |
15 |
denies to modify the running interface. |
16 |
|
17 |
Additionally these grsec lines can be also seen in the logs. |
18 |
|
19 |
> However, it bothers me that we don't understand what's going on. You |
20 |
> can try disabling GRKERNSEC_MODHARDEN and rebooting to see if grsec is |
21 |
> denying some udev trigger. But modharden should only prevent non-root |
22 |
> processes from autoloading. I can't test on mine because they are on |
23 |
> high availability clusters. |
24 |
|
25 |
Disabling MODHARDENED would definitely make the grsec messages disappear. |
26 |
I'll try to figure out what happens regarding reading and writing the bond |
27 |
mode during boot. |
28 |
|
29 |
Compiling it in the kernel with modified defaults solves all problem, but |
30 |
it's not a real solution. |
31 |
|
32 |
Thanks for your time: |
33 |
Dw. |
34 |
-- |
35 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
36 |
Attila Toth MD, Radiologist, +36-20-825-8057 |