Displaying 20 results from an estimated 1000 matches similar to: "Linux-grsecurity on Xen dom0"
2004 Aug 26
1
GRSecurity and ALSA on a Gentoo Server
I've been working with Asterisk for about 2 months now and am doing
well. However I decided to switch platforms from Fedora Core 1, that my
predacessor was using, to Gentoo, for obvious reasons. It just seems
faster and less "bloated" everything I need, nothing I don't.
Anyways, I've read what the Wiki had to say about it and I was only
confused on one thing, putting
2007 Oct 26
1
Linux grsec Guest on HVM Xen 3.1.1
Hello everybody
For network simulation purposes I am trying to run a Linux image with
a PAX enabled grsec kernel on a Gentoo xen-3.1.1 with HVM. While the
image boots flawlessly on real hardware the kernel does not really
like the fully virtualized Xen/Qemu environment. It does not succeed
to boot (for dmesg see attachment). I first tried with the grsec-
patched 2.6.14.6 sources but it
2003 Apr 27
1
dovecot and grsecurity (problem with resource limits)
Howdy folks !
I just added Dovecot as a standard package to Devil-Linux and ran into a
problem with resource limits.
Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems
with common exploits, it also reports violations of rlimits.
The following messages show up in the log, but it seems that the IMAP
Server works fine:
Apr 26 19:20:04 src at gate imap-login: Login: hz
2005 Jan 26
1
Compiling xenlinux 2.4.29 with grsec.. help needed
Hi list!
I''m trying to run 2.4.29-xenU with grsec. Jacob Gorm Hansen said couple of
weeks ago, that grsec should work with xen when pax is disabled..
Well, to get the kernel compiling there''s some source hacking that needs to
be done.. I''ll describe what I did and what error I got:
I downloaded xen-2.0-testing-src.tgz and extracted it. I edited the toplevel
Makefile
2003 Jun 15
1
Dovecot will not run on secure kernel.
I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch.
I downloaded the RPM yesterday and installed it.
When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0)
I have never seen this problem in the 3 years I have used GrSecurity together with a
2008 Jan 15
2
Out of memory [repost as a new thread]
Hi,
this happens since a few days on a Gentoo hardened system using a
grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10
users though:
--8<--
kernel: grsec: From 192.168.0.1: denied resource overstep by \
requesting 537325568 for RLIMIT_AS against limit 536870912 \
for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \
gid/egid:30006/30006, parent
2007 Sep 25
2
FW: Xen Kernel Debug Tools
>This is pretty surprising. When a domU is actually running, dom0 isn''t
>really involved (other than for IO), so its surprising grsec makes a
>difference.
>Do you get any console output from the guest before it crashes? I''m
>wandering if its actually been built incorrectly by the domain builder
>running in dom0.
I don''t get any output from the guest
2013 Oct 06
3
pci-passthrough to a pv domu worked in xen 4.2.2, but not in 4.3.0
Hello,
my dom0 is an alpinelinux installed with kernel 3.10.14-1-grsec and xen
4.2.2.
My domU is an opensuse 12.3 with all patches installed.
The system works great, but when I do only switch xen from 4.2.2 to
4.3.0 (packages from http://nl.alpinelinux.org/alpine/edge/main/x86_64/)
then my kernel in the domU does an Oops and the drivers for my dvb card
aren''t loaded successfully.
When I
2008 Jan 15
4
Dovecot With cygwin
Hi
This is jesse. I am running exim as my mail server on
cygwin. But i need imap/pop3 for accessing mail. I
found that dovecot works on cygwin with some code
change. So can i know how to compile dovecot on
cygwin. This is important
ANYBODY
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo!
2001 Nov 11
1
problems when patching 2.4.14
If I patch the 2.4.14 kernel with the grsecurity patch first I get
errors while patching the ext3 patch.
the link for the grsecuritypatch
is http://www.grsecurity.net/download.htm
(which ever patch I do first works fine..the onther patch fails)
this is the error I get fro patching the ext3 patch second
(I get an error inthe same place if I patch the grsecurity patch second)
Hunk #1 FAILED at
2004 Jul 09
2
permission problem ??
version dovecot-1.0-test27:
Jul 9 21:49:07 server dovecot: IMAP(testtest): mprotect() failed with index
file /home/testtest/mail/.imap/INBOX/dovecot.index: Permission denied
with version 0.99.10.6 i have no such troubles ... ?
tx4hlp, joachim
2014 Jan 10
11
[Bug 73473] New: Potential crash bug in src/gallium/auxiliary/rtasm/rtasm_execmem.c
https://bugs.freedesktop.org/show_bug.cgi?id=73473
Priority: medium
Bug ID: 73473
Assignee: nouveau at lists.freedesktop.org
Summary: Potential crash bug in
src/gallium/auxiliary/rtasm/rtasm_execmem.c
Severity: critical
Classification: Unclassified
OS: Linux (All)
Reporter: jaak at ristioja.ee
2010 May 30
3
CentOS with Kernel 2.6.32 built-in
I have a Asus laptop, from the new generation, and my network driver is
present in the kernel since version 2.6.32(Jmicron). Is there any CentOS
with this kernel? I tried to compile myself, but I failed. Is a bit harder
than I thought.
Is there any testing version of CentOS or some backports?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2004 Sep 07
1
stealt match grsecurity
hi,
can i use shorewall with configured stealth match. it described as followed:
Enabling this option will drop all syn packets coming to unserved tcp
ports as well as all packets coming to unserved udp ports. If you
are using your system to route any type of packets (ie. via NAT)
you should put this module at the end of your ruleset, since it will
drop packets that aren''t going to
2005 Jan 30
1
Kernel 2.6.10
Hello,
now on my box I have Shorewall 2.0.7 who work fine but I want upgrade
kernel to version 2.6.10 + Grsecurity, somebody have any problem with
shorewall on this kernel?
I read on one site that on this kernel APF don`t want work, APF users
must change MONOKERN="0" to MONOKERN="1"!
Shorewall?
Thanks
Sorry if my english bad!
--
Best regards,
Ratko
2003 Apr 29
1
Importing all users from /etc/shadow automatically (addtosmbpass not found)
Hy all! I'm new to this group, I welcome everyone.
OS: Debian Woody 3.0, kernel 2.4.20-grsecurity
Samba: 2.2.8a, compiled from source
State: Samba up, and running
Problem: I've got hundreads of unix users, and I don't want to import them one
by one using smbpasswd. I've got a book from O'reilly wich is told to be the
official. It says, this thing can be done by using the
2003 Apr 29
1
Windoze don't forget username/password (revalidate=yes why not working?)
Hy again!
OS: Debian Woody 3.0, kernel 2.4.20-grsecurity
Samba: 2.2.8a
status: samba up, and running
Problem: If I use a usrname/password on client machines, (win98 and winxp/2k)
I could not log on as an other user to the machine, only if I logout, or reboot
the client. I1ve read in O'reilly's samba book, that there is an option
revalidate. But testparm says, it is unknown. How can I
2012 Feb 23
1
How to achieve proper privilege separation?
I'm using a simple mbox config with regular Unix users and pam
authentication.
I'm also using grsecurity. That's why I see what dovecot does in which
users' name. As times goes by and new versions are coming I can
frustratedly see, that more and more tasks are performed as root. Why?
When I used 1.x series of Dovecot, imap process started in the name of the
user whose mbox was
2016 Dec 17
1
[PATCH] drm/nouveau: use designated initializers
Prepare to mark sensitive kernel structures for randomization by making
sure they're using designated initializers. These were identified during
allyesconfig builds of x86, arm, and arm64, with most initializer fixes
extracted from grsecurity.
Signed-off-by: Kees Cook <keescook at chromium.org>
---
drivers/gpu/drm/nouveau/nouveau_ttm.c | 28 ++++++++++++++--------------
1 file changed,
2008 Nov 03
0
NX bit with paravirt ops
Hi,
I''m trying to get PaX (http://pax.grsecurity.net) working on a 64-bit paravirt_ops guest under xen. One of the features that PaX uses under a 64-bit kernel is the NX bit. I''m using the paxtest utility (available at http://paxgrsecurity.net) to test whether the NX bit is working.
On a host with NX support, a 64-bit 2.6.18 xen kernel has a working NX bit. Under a vanilla