Re: [vserver] [Grsec] audit denies pivot_root ?

From: Ed W <lists_at_wildgooses.com>
Date: Wed 19 Jan 2011 - 10:37:57 GMT
Message-ID: <4D36BF05.9050801@wildgooses.com>

Hi Rik

Just ran into this myself using the latest grsec+vs patch (30/12/2010
ish?). I had forgotten about this thread and gradually turned off all
the chroot restrictions and finally the audit_mount option before I
could start the vserver without the pivot_root error message... Very odd...

To be honest, I don't really have any incentive to debug this too much
further, so this is mostly a "me too". I guess I should tell the grsec
folks since it feels like it might be a bug there...

Thanks for continuing to bump the patchset!

Ed W

On 22/11/2010 11:28, Rik Bobbaers wrote:
> don't really know what you mean by this but: is your problem solved now?
> or are there still problems?
>
> the audit parameters shouldn't normally stop the pivot_root call... they
> might LOG things, but not block. the chroot_deny_pivot does effectively
> block the pivot_root call.
>
...

>> Harry, just to confirm one thing, as I have been playing a lot with grsec
>> flags. The following setup *ALWAYS* causes the pivot_root error:
>> kernel.grsecurity.audit_mount=1
>> kernel.grsecurity.audit_chdir=0
>> kernel.grsecurity.chroot_deny_pivot=0
>>
Received on Wed Jan 19 10:38:12 2011

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 19 Jan 2011 - 10:38:12 GMT by hypermail 2.1.8