Hi Rik
Just ran into this myself using the latest grsec+vs patch (30/12/2010
ish?). I had forgotten about this thread and gradually turned off all
the chroot restrictions and finally the audit_mount option before I
could start the vserver without the pivot_root error message... Very odd...
To be honest, I don't really have any incentive to debug this too much
further, so this is mostly a "me too". I guess I should tell the grsec
folks since it feels like it might be a bug there...
Thanks for continuing to bump the patchset!
Ed W
On 22/11/2010 11:28, Rik Bobbaers wrote:
> don't really know what you mean by this but: is your problem solved now?
> or are there still problems?
>
> the audit parameters shouldn't normally stop the pivot_root call... they
> might LOG things, but not block. the chroot_deny_pivot does effectively
> block the pivot_root call.
>
...
>> Harry, just to confirm one thing, as I have been playing a lot with grsec
>> flags. The following setup *ALWAYS* causes the pivot_root error:
>> kernel.grsecurity.audit_mount=1
>> kernel.grsecurity.audit_chdir=0
>> kernel.grsecurity.chroot_deny_pivot=0
>>
Received on Wed Jan 19 10:38:12 2011