[Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

From: Thorsten BŁker <mailinglists_at_bueker.net>
Date: Mon 09 Apr 2007 - 21:56:54 BST
Message-ID: <461AA896.4090509@bueker.net>

Dear list,

and first of all a late happy easter!

After noticing that binutils >= 2.17 are necessary to build a 2.6.19.7
kernel [1] and after getting the message "chbind: vc_set_ipv4root():
Invalid argument" out of my way [2], I finally built a new kernel, which
seems to work fine. Fine, beside one minor problem ;-)

Entering the Vserver's context via "vserver name enter" and executing a
command (e.g. "tail -f something"), it's not possible to stop the
process using strg+c, like I used to do up to some hours ago
(vs2.0.2.1-grsec2.1.9 / 2.6.17.14).

Unfortunately I've got no idea, where to start troubleshooting -- do you
have any hint on the relevant kernel option? Please find some sections
of the kernel's config below. Until changing towards Etch in a couple of
weeks, Sarge's standard util-vserver is version 0.30.204-5.

Any idea is appreciated.

kind regards,
   Thorsten

[1] http://forums.grsecurity.net/viewtopic.php?p=6572
[2] http://irc.13thfloor.at/LOG/2006-01/LOG_2006-01-10.txt

#
# Linux VServer
#
CONFIG_VSERVER_LEGACY=y
# CONFIG_VSERVER_LEGACY_VERSION is not set
CONFIG_VSERVER_DYNAMIC_IDS=y
CONFIG_VSERVER_LEGACYNET=y
# CONFIG_VSERVER_REMAP_SADDR is not set
CONFIG_VSERVER_COWBL=y
# CONFIG_VSERVER_VTIME is not set
CONFIG_VSERVER_PROC_SECURE=y
# CONFIG_VSERVER_HARDCPU is not set
# CONFIG_TAGGING_NONE is not set
# CONFIG_TAGGING_UID16 is not set
# CONFIG_TAGGING_GID16 is not set
CONFIG_TAGGING_ID24=y
# CONFIG_TAGGING_INTERN is not set
# CONFIG_TAG_NFSD is not set
# CONFIG_PROPAGATE is not set
CONFIG_VSERVER_PRIVACY=y
CONFIG_VSERVER_CONTEXTS=256
CONFIG_VSERVER_WARN=y
CONFIG_VSERVER_DEBUG=y
CONFIG_VSERVER_HISTORY=y
CONFIG_VSERVER_HISTORY_SIZE=64
# CONFIG_VSERVER_MONITOR is not set
CONFIG_VSERVER=y

#
# Security options
#

#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is not set
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_HIDESYM=y

#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
# CONFIG_GRKERNSEC_CHROOT_MOUNT is not set
# CONFIG_GRKERNSEC_CHROOT_DOUBLE is not set
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Apr 9 22:15:44 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 09 Apr 2007 - 22:15:45 BST by hypermail 2.1.8