Re: [vserver] Can't see all my processes?

From: Ed W <lists_at_wildgooses.com>
Date: Tue 13 May 2008 - 20:20:19 BST
Message-ID: <4829E9F3.6080302@wildgooses.com>

Hi

> It's GRKERNSEC_CHROOT_FINDTASK. It should be either disabled in kernel or
> by kernel.grsecurity.chroot_findtask=0 sysctl.

Spot - this was the culprit - thanks

> config GRKERNSEC_CHROOT_FINDTASK
> bool "Protect outside processes"
> depends on GRKERNSEC_CHROOT
> help
> If you say Y here, processes inside a chroot will not be
> able to
> kill, send signals with fcntl, ptrace, capget, getpgid, getsid,
> or view any process outside of the chroot.

The description is incorrect in the sense that it implies it only works
one way, but in fact it appears to work both ways, ie the parent can't
see the chrooted process either (or perhaps this is a bug?)

Oh well

Thanks

Ed W
Received on Tue May 13 20:20:35 2008

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 13 May 2008 - 20:20:38 BST by hypermail 2.1.8