similar to: Linux-grsecurity on Xen dom0

I've been working with Asterisk for about 2 months now and am doing well. However I decided to switch platforms from Fedora Core 1, that my predacessor was using, to Gentoo, for obvious reasons. It just seems faster and less "bloated" everything I need, nothing I don't. Anyways, I've read what the Wiki had to say about it and I was only confused on one thing, putting

Hello everybody For network simulation purposes I am trying to run a Linux image with a PAX enabled grsec kernel on a Gentoo xen-3.1.1 with HVM. While the image boots flawlessly on real hardware the kernel does not really like the fully virtualized Xen/Qemu environment. It does not succeed to boot (for dmesg see attachment). I first tried with the grsec- patched 2.6.14.6 sources but it

Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz

Hi list! I''m trying to run 2.4.29-xenU with grsec. Jacob Gorm Hansen said couple of weeks ago, that grsec should work with xen when pax is disabled.. Well, to get the kernel compiling there''s some source hacking that needs to be done.. I''ll describe what I did and what error I got: I downloaded xen-2.0-testing-src.tgz and extracted it. I edited the toplevel Makefile

I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have used GrSecurity together with a

Hi, this happens since a few days on a Gentoo hardened system using a grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10 users though: --8<-- kernel: grsec: From 192.168.0.1: denied resource overstep by \ requesting 537325568 for RLIMIT_AS against limit 536870912 \ for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \ gid/egid:30006/30006, parent

>This is pretty surprising. When a domU is actually running, dom0 isn''t >really involved (other than for IO), so its surprising grsec makes a >difference. >Do you get any console output from the guest before it crashes? I''m >wandering if its actually been built incorrectly by the domain builder >running in dom0. I don''t get any output from the guest

Hello, my dom0 is an alpinelinux installed with kernel 3.10.14-1-grsec and xen 4.2.2. My domU is an opensuse 12.3 with all patches installed. The system works great, but when I do only switch xen from 4.2.2 to 4.3.0 (packages from http://nl.alpinelinux.org/alpine/edge/main/x86_64/) then my kernel in the domU does an Oops and the drivers for my dvb card aren''t loaded successfully. When I

Hi This is jesse. I am running exim as my mail server on cygwin. But i need imap/pop3 for accessing mail. I found that dovecot works on cygwin with some code change. So can i know how to compile dovecot on cygwin. This is important ANYBODY ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo!

If I patch the 2.4.14 kernel with the grsecurity patch first I get errors while patching the ext3 patch. the link for the grsecuritypatch is http://www.grsecurity.net/download.htm (which ever patch I do first works fine..the onther patch fails) this is the error I get fro patching the ext3 patch second (I get an error inthe same place if I patch the grsecurity patch second) Hunk #1 FAILED at

version dovecot-1.0-test27: Jul 9 21:49:07 server dovecot: IMAP(testtest): mprotect() failed with index file /home/testtest/mail/.imap/INBOX/dovecot.index: Permission denied with version 0.99.10.6 i have no such troubles ... ? tx4hlp, joachim

https://bugs.freedesktop.org/show_bug.cgi?id=73473 Priority: medium Bug ID: 73473 Assignee: nouveau at lists.freedesktop.org Summary: Potential crash bug in src/gallium/auxiliary/rtasm/rtasm_execmem.c Severity: critical Classification: Unclassified OS: Linux (All) Reporter: jaak at ristioja.ee

I have a Asus laptop, from the new generation, and my network driver is present in the kernel since version 2.6.32(Jmicron). Is there any CentOS with this kernel? I tried to compile myself, but I failed. Is a bit harder than I thought. Is there any testing version of CentOS or some backports? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL:

hi, can i use shorewall with configured stealth match. it described as followed: Enabling this option will drop all syn packets coming to unserved tcp ports as well as all packets coming to unserved udp ports. If you are using your system to route any type of packets (ie. via NAT) you should put this module at the end of your ruleset, since it will drop packets that aren''t going to

Hello, now on my box I have Shorewall 2.0.7 who work fine but I want upgrade kernel to version 2.6.10 + Grsecurity, somebody have any problem with shorewall on this kernel? I read on one site that on this kernel APF don`t want work, APF users must change MONOKERN="0" to MONOKERN="1"! Shorewall? Thanks Sorry if my english bad! -- Best regards, Ratko

Hy all! I'm new to this group, I welcome everyone. OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a, compiled from source State: Samba up, and running Problem: I've got hundreads of unix users, and I don't want to import them one by one using smbpasswd. I've got a book from O'reilly wich is told to be the official. It says, this thing can be done by using the

Hy again! OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a status: samba up, and running Problem: If I use a usrname/password on client machines, (win98 and winxp/2k) I could not log on as an other user to the machine, only if I logout, or reboot the client. I1ve read in O'reilly's samba book, that there is an option revalidate. But testparm says, it is unknown. How can I

I'm using a simple mbox config with regular Unix users and pam authentication. I'm also using grsecurity. That's why I see what dovecot does in which users' name. As times goes by and new versions are coming I can frustratedly see, that more and more tasks are performed as root. Why? When I used 1.x series of Dovecot, imap process started in the name of the user whose mbox was

Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook <keescook at chromium.org> --- drivers/gpu/drm/nouveau/nouveau_ttm.c | 28 ++++++++++++++-------------- 1 file changed,

Hi, I''m trying to get PaX (http://pax.grsecurity.net) working on a 64-bit paravirt_ops guest under xen. One of the features that PaX uses under a 64-bit kernel is the NX bit. I''m using the paxtest utility (available at http://paxgrsecurity.net) to test whether the NX bit is working. On a host with NX support, a 64-bit 2.6.18 xen kernel has a working NX bit. Under a vanilla