Rik Bobbaers schrieb:
>hey all,
>
>for those interested...
>i took a vanilla linux 2.6.14.4 kernel
>patched it with an updated version of grsec 2.1.7
>and applied vserver 2.1.0 patch (including the sendfile patch and a
>"optimisation" for some weirdness in grsec)
>
>i put it all in a patch , which can be located at:
>http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff.gz
>http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff
>
>1 thing... if you can't start your vservers and get the following error
>message:
>vcontext: vc_set_cflags(): Operation not permitted
>you need to enable capabilities in chroots. you can do this with:
>echo 0 > /proc/sys/kernel/grsecurity/chroot_caps
>(or the appropriate sysctl command ;))
>
>if people think it 's a good thing to merge the patches... just let me know,
>i'll see what i can do to keep this a little bit up to date.
>
>have fun all!
>
>
Works like a charm :-) I don't use the PAX part, but no problems with
vserver and proc_security/randomness features.
Thanks a lot!
Merry Xmas,
Oliver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Dec 23 14:17:48 2005