search for: grsec

Hi list! I''m trying to run 2.4.29-xenU with grsec. Jacob Gorm Hansen said couple of weeks ago, that grsec should work with xen when pax is disabled.. Well, to get the kernel compiling there''s some source hacking that needs to be done.. I''ll describe what I did and what error I got: I downloaded xen-2.0-testing-src.tgz and extra...

Hello everybody For network simulation purposes I am trying to run a Linux image with a PAX enabled grsec kernel on a Gentoo xen-3.1.1 with HVM. While the image boots flawlessly on real hardware the kernel does not really like the fully virtualized Xen/Qemu environment. It does not succeed to boot (for dmesg see attachment). I first tried with the grsec- patched 2.6.14.6 sources but it is also t...

...ething with rights ? > > >> Selinux is disabled on the host, and accessmode to the share is set to > > >> passthrough in both cases. > > >> > > >> Here's my working Qemu line: > > >> qemu > > >> -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 \ > > >> > > >> -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img \ > > >> -fsdev > > >> local,id=r,path=/srv/overlay/run/irc,security_model=passthrough \ > > >&gt...

...irt do that render the OS on the share >> broken - Something with rights ? >> Selinux is disabled on the host, and accessmode to the share is set to >> passthrough in both cases. >> >> Here's my working Qemu line: >> qemu >> -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 \ >> >> -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img \ >> -fsdev >> local,id=r,path=/srv/overlay/run/irc,security_model=passthrough \ >> -device virtio-9p-pci,fsdev=r,mount_tag=root \...

...a fully functionnal OS... So I'm wondering what could libvirt do that render the OS on the share broken - Something with rights ? Selinux is disabled on the host, and accessmode to the share is set to passthrough in both cases. Here's my working Qemu line: qemu -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img -fsdev local,id=r,path=/srv/overlay/run/irc,security_model=passthrough -device virtio-9p-pci,fsdev=r,mount_tag=root -nographic -m 256M -machine pc-i440fx-2.1,ac...

...a fully functionnal OS... So I'm wondering what could libvirt do that render the OS on the share broken - Something with rights ? Selinux is disabled on the host, and accessmode to the share is set to passthrough in both cases. Here's my working Qemu line: qemu -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img -fsdev local,id=r,path=/srv/overlay/run/irc,security_model=passthrough -device virtio-9p-pci,fsdev=r,mount_tag=root -nographic -m 256M -machine pc-i440fx-2.1,accel=kvm -net...

...in __journal_drop_transaction() at fs/jbd/checkpoint.c:613: "transaction->t_forget == NULL" ------------[ cut here ]------------ kernel BUG at fs/jbd/checkpoint.c:613! invalid operand: 0000 [#1] SMP CPU: 2 EIP: 0060:[<c01f8404>] Not tainted VLI EFLAGS: 00010282 (2.6.10-grsec+gg3+e+fhs6b+nfs+gr0501+++p4+c4a+gr6b-reslog-v6.189) EIP is at __journal_drop_transaction+0x128/0x290 eax: 00000071 ebx: d1abf680 ecx: c04ea524 edx: 00000286 esi: f6877400 edi: 00000013 ebp: d1abf680 esp: f5e59dc0 ds: 007b es: 007b ss: 0068 Process kjournald (pid: 1086, threadinfo=f...

Hi, this happens since a few days on a Gentoo hardened system using a grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10 users though: --8<-- kernel: grsec: From 192.168.0.1: denied resource overstep by \ requesting 537325568 for RLIMIT_AS against limit 536870912 \ for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \ gid/egid:30006/30006,...

...are > >> broken - Something with rights ? > >> Selinux is disabled on the host, and accessmode to the share is set to > >> passthrough in both cases. > >> > >> Here's my working Qemu line: > >> qemu > >> -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 \ > >> > >> -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img \ > >> -fsdev > >> local,id=r,path=/srv/overlay/run/irc,security_model=passthrough \ > >> -device virtio-9p-pci...

>This is pretty surprising. When a domU is actually running, dom0 isn''t >really involved (other than for IO), so its surprising grsec makes a >difference. >Do you get any console output from the guest before it crashes? I''m >wandering if its actually been built incorrectly by the domain builder >running in dom0. I don''t get any output from the guest console at all. If I do something like ''...

...CC| |netfilter@linuxace.com Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From netfilter@linuxace.com 2006-04-12 02:17 MET ------- > This is with 2.6.14.6-grsec and I'm going to test with 2.6.16.3-grsec soon. Good...this was fixed in 2.6.15 -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi This is jesse. I am running exim as my mail server on cygwin. But i need imap/pop3 for accessing mail. I found that dovecot works on cygwin with some code change. So can i know how to compile dovecot on cygwin. This is important ANYBODY ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo!

...a fully functionnal OS... So I'm wondering what could libvirt do that render the OS on the share broken - Something with rights ? Selinux is disabled on the host, and accessmode to the share is set to passthrough in both cases. Here's my working Qemu line: qemu -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img -fsdev local,id=r,path=/srv/overlay/run/irc,security_model=passthrough -device virtio-9p-pci,fsdev=r,mount_tag=root -nographic -m 256M -machine pc-i440fx-2.1,ac...

Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz [192.168.0.11] Apr 26 19:20:...

...m wondering what could libvirt do that render the OS on the share > broken - Something with rights ? > Selinux is disabled on the host, and accessmode to the share is set to > passthrough in both cases. > > Here's my working Qemu line: > qemu > -kernel /srv/overlay/kernels/grsec-3.14.33-101/vmlinuz-3.14.33-101.el6.x86_64 \ > > -initrd /srv/overlay/kernels/grsec-3.14.33-101/initramfs-3.14.33-101.el6.x86_64.img \ > -fsdev > local,id=r,path=/srv/overlay/run/irc,security_model=passthrough \ > -device virtio-9p-pci,fsdev=r,mount_tag=root \ > -nographic...

I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have u...

...To: laforge@netfilter.org ReportedBy: vapier@gentoo.org if you have a kernel with say a '-g' in it, then KERNEL_DIR will include the '-g' in it, CFLAGS will include the '-g' in it, and then the grep will think you have -g in your CFLAGS for example, if you use the grsec or gentoo patchset: $ uname -r 2.6.19.1-grsec $ uname -r 2.6.19-gentoo-r2 then your CFLAGS will look like: -O2 -Wall -Wunused -I"/lib/modules/2.6.19.1-grsec/build"/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.7\" and the greedy check grep will incorrectly flag this: egrep -e ...

Hello, my dom0 is an alpinelinux installed with kernel 3.10.14-1-grsec and xen 4.2.2. My domU is an opensuse 12.3 with all patches installed. The system works great, but when I do only switch xen from 4.2.2 to 4.3.0 (packages from http://nl.alpinelinux.org/alpine/edge/main/x86_64/) then my kernel in the domU does an Oops and the drivers for my dvb card aren''t...

Hi, I found the following in my logfiles: The failure is not reproducable at the moment. System is delivering mails to mailboxes with no problems at all. It is a production installation with medium load. dovecot --version: 1.1.7 OS: Linux (Gentoo/x86 stable) - grsec enabled kernel deliver.log: deliver(user at example.tld): Panic: file istream-tee.c: line 144 (i_stream_tee_read): assertion failed: (ret > 0) deliver(user at example.tld): Error: Raw backtrace: /usr/libexec/dovecot/deliver [0x80c8032] -> /usr/libexec/dovecot/deliver(default_f...

...(only one user is taken in account for the domain quota and not all the user). The domain SQL database is broken with value of only one user for the whole domain quota. So how to achieve rebuild domain quota correctly with doveadm ? Thanks a lot. Samuel. Debian Jessie Dovecot : 2.2.13 custom grsec kernel :Linux postfix 3.14.50-grsec-1 ########################## dovecot -n : # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14.50-grsec-1 x86_64 Debian 8.1 nfs4 auth_mechanisms = plain login auth_verbose = yes dict { quota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf quota_domain = m...