grsecurity support • [Kernel GRSecurity] Error on boot
which kernel/grsec is this? also the full log (including the backtrace) would be useful.Statistics: Posted by PaX Team — Thu Feb 23, 2017 5:58 pm — Replies 2 — Views 21687
View ArticleRBAC policy development • RBAC on overlayfs filesystem
I'm struggling with RBAC on a filesystem with an overlayfs root. When I enable full learning it creates the logs but i can't disable it via "sudo gradm2 -D". It just says the password is incorrect,...
View ArticleRBAC policy development • RBAC full learning and debian unattended upgrades
The manual says to avoid any administrative tasks while RBAC full system learning is turned on.Does anybody know if this applies to automatic upgrading of installed software via debian's...
View Articlegrsecurity support • PAX: kile doesn't start, denied RWX mmap
Hello,I'm using Arch Linux x86_64, with kile 2.1.3-7linux-grsec 1:4.9.13.r201702270729-1paxd 32-1kile doesn't start neither calling /usr/bin/kile nor opening a file. In the journal it says:Code:...
View ArticleRBAC policy development • ssh got denied access to user's ~/.ssh
title: ssh got denied access to user's ~/.ssh---Code: $ sftp rovisnet@rovis.orgCould not create directory '/home/miro/.ssh'.The authenticity of host 'rovis.org (178.218.165.68)' can't be...
View Articlegrsecurity support • Kaby Lake vs Sandy Bridge
Hello,I noticed that there is high CPU usage in kernel in many cases on Sandy Bridge CPU.For example reading small file cached in memory takes at least 0.1 ms kernel CPU time. I haven't tested with...
View ArticleRBAC policy development • Qemu RBAC policies (& libvirt & tcpdump...)
Initially I planned this first post (and I didn't know how many posts I would need to prepare), for topic:RBAC policy for tcpdumpviewtopic.php?f=5&t=4301because I figured out important little...
View Articlegrsecurity support • pax overflow in android binder
Kernel version: 4.9.22.r201704120836-1-grsecCode: [ 874.806063] PAX: size overflow detected in function binder_mmap drivers/android/binder.c:2911 cicus.568_197 min, count: 24, decl:...
View Articlegrsecurity support • configure grsecurity post-compile
I have a vps which apparently has grsecurity compiled on it, but it doesn't look like it was ever configured:Code: [~]# sysctl -a | grep grskernel.grsecurity.audit_ptrace =...
View Articlegrsecurity support • GRE TUNNEL
I dug myself a gre tunnel between two grsec-linux kernels. The gre packets are reaching both machines, but they can't ping or do anything else via the tunnel. Same setup works fine on two non grsec...
View Articlegrsecurity support • RAP function is not visible in kernel config...
Hello guys,Im wondering why can't i set a RAP functions after kernel patched with grsec.[root@proton linux]# grep -i gcc_plugins .configCONFIG_HAVE_GCC_PLUGINS=y# CONFIG_GCC_PLUGINS is not...
View Articlegrsecurity support • Passing the baton
Hey, I'm not sure i entirely get what the statement on 'passing the baton' means. I understand GrSec is an exceptional product but where is this leading ? Can an institute using the name Open Source...
View Articlegrsecurity support • Paid access to test patches
Dear spender, Pax Team,I would like to ask, if you also consider private customers, who would be willing to pay for access to the test patch for their own usage only!?Do you consider all requests...
View Articlegrsecurity support • Tab (no exec) triggers script on Bash on grsec admin
title: Tab (no exec) triggers script on Bash on grsec admin(posting in a rush, the title may change yet)---This is also good for newbies, to see the great beneficial reporting that theexec_logging...
View Articlegrsecurity support • Paxtest ASLR and randomization problem.
I use paxtest-0.9.15 to Linux 4.1.6 with grsec,it shows "Main executable randomization (ET_EXEC) : No randomization",and almost all of the "randomization test" can be guessed,but I've enabled the ASLR...
View Article