udev-171-r2 and 3.0.9-hardened
I did a sync and a world update earlier today and among the updates was
the 3.0.9 hardened sources. I built the new kernel with the same settings as the previous one (3.0.8-hardened), using make oldconfig however when I try to boot the 3.0.9 kernel udev hangs. I tried re-emerging udev and gradm, but that didn't help. Any ideas on what I can do to try and get more info or perhaps someone already knows what is wrong and I am simply missing it. -- Stan & HD Tashi Grad 10/08 Edgewood, NM SWR PR - Cindy and Jenny - Sammamish, WA NWR http://www.cci.org |
udev-171-r2 and 3.0.9-hardened
El 18/11/11 03:18, Stan Sander escribió:
> I did a sync and a world update earlier today and among the updates was > the 3.0.9 hardened sources. I built the new kernel with the same > settings as the previous one (3.0.8-hardened), using make oldconfig > however when I try to boot the 3.0.9 kernel udev hangs. I tried > re-emerging udev and gradm, but that didn't help. Any ideas on what I > can do to try and get more info or perhaps someone already knows what is > wrong and I am simply missing it. I see you use gradm, try disabling RBAC and checking if it boots in that case, if that's the case you may need to relearn your policies. |
udev-171-r2 and 3.0.9-hardened
On 11/17/2011 08:51 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 03:18, Stan Sander escribió: >> I did a sync and a world update earlier today and among the updates was >> the 3.0.9 hardened sources. I built the new kernel with the same >> settings as the previous one (3.0.8-hardened), using make oldconfig >> however when I try to boot the 3.0.9 kernel udev hangs. I tried >> re-emerging udev and gradm, but that didn't help. Any ideas on what I >> can do to try and get more info or perhaps someone already knows what is >> wrong and I am simply missing it. > I see you use gradm, try disabling RBAC and checking if it boots in that > case, if that's the case you may need to relearn your policies. > I actually have the grsecurity turned off in the kernel right now, though PAX is enabled. I'm still trying to transition to running SELinux, then I'll turn on the grsecurity stuff. I have gradm because I intend to eventually use it and I re-emerged it just in case. BTW I am still booting and running in permissive mode for SELinux. -- Stan & HD Tashi Grad 10/08 Edgewood, NM SWR PR - Cindy and Jenny - Sammamish, WA NWR http://www.cci.org |
udev-171-r2 and 3.0.9-hardened
El 18/11/11 05:02, Stan Sander escribió:
> I actually have the grsecurity turned off in the kernel right now, > though PAX is enabled. I'm still trying to transition to running > SELinux, then I'll turn on the grsecurity stuff. I have gradm because I > intend to eventually use it and I re-emerged it just in case. BTW I am > still booting and running in permissive mode for SELinux. Just to be on the safe side, have you enabled auditing? If you have try starting the kernel with a high logging level (so most messages get logged) and check if there are any complains on the screen. |
udev-171-r2 and 3.0.9-hardened
On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 05:02, Stan Sander escribió: >> I actually have the grsecurity turned off in the kernel right now, >> though PAX is enabled. I'm still trying to transition to running >> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I >> intend to eventually use it and I re-emerged it just in case. BTW I am >> still booting and running in permissive mode for SELinux. > Just to be on the safe side, have you enabled auditing? If you have try > starting the kernel with a high logging level (so most messages get > logged) and check if there are any complains on the screen. > I'll give that a go, though I may not be able to work on it again until tomorrow. -- Stan & HD Tashi Grad 10/08 Edgewood, NM SWR PR - Cindy and Jenny - Sammamish, WA NWR http://www.cci.org |
udev-171-r2 and 3.0.9-hardened
On 11/18/2011 08:28 AM, Stan Sander wrote:
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote: >> El 18/11/11 05:02, Stan Sander escribió: >>> I actually have the grsecurity turned off in the kernel right now, >>> though PAX is enabled. I'm still trying to transition to running >>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I >>> intend to eventually use it and I re-emerged it just in case. BTW I am >>> still booting and running in permissive mode for SELinux. >> Just to be on the safe side, have you enabled auditing? If you have try >> starting the kernel with a high logging level (so most messages get >> logged) and check if there are any complains on the screen. >> > I'll give that a go, though I may not be able to work on it again until > tomorrow. > Don't waste any more time on 3.0.9. It has a problem with inserting modules and will be removed from the tree in a few hours. Play with hardened-sources-3.1.1 which will be there in its place. I'm testing it now. As an aside, please don't use ~arches on production system because part of the testing process is seeing what feedback I get from the community on those kernels. Only when I've heard nothing bad, and run a kernel myself for a while, do I mark it stable. So I encourage people to play with ~arches in non-critical environments and let me know. But do expect the occasional breakage. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535 |
udev-171-r2 and 3.0.9-hardened
On 11/19/2011 07:25 AM, Anthony G. Basile wrote:
> Don't waste any more time on 3.0.9. It has a problem with inserting > modules and will be removed from the tree in a few hours. Play with > hardened-sources-3.1.1 which will be there in its place. I'm testing > it now. As an aside, please don't use ~arches on production system > because part of the testing process is seeing what feedback I get from > the community on those kernels. Only when I've heard nothing bad, and > run a kernel myself for a while, do I mark it stable. So I encourage > people to play with ~arches in non-critical environments and let me > know. But do expect the occasional breakage. Thanks, Anthony. I'll sync again later and have a go with it. I do quite a bit with my system, but it is by no means critical. When stuff breaks, I try to learn what I can from it and if I can't fix it or figure it out I roll back or work around it some other way. -- Stan & HD Tashi Grad 10/08 Edgewood, NM SWR PR - Cindy and Jenny - Sammamish, WA NWR http://www.cci.org |
| All times are GMT. The time now is 01:43 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.