Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   udev-171-r2 and 3.0.9-hardened (http://www.linux-archive.org/gentoo-hardened/599819-udev-171-r2-3-0-9-hardened.html)

Stan Sander 11-18-2011 01:18 AM

udev-171-r2 and 3.0.9-hardened
 
I did a sync and a world update earlier today and among the updates was
the 3.0.9 hardened sources. I built the new kernel with the same
settings as the previous one (3.0.8-hardened), using make oldconfig
however when I try to boot the 3.0.9 kernel udev hangs. I tried
re-emerging udev and gradm, but that didn't help. Any ideas on what I
can do to try and get more info or perhaps someone already knows what is
wrong and I am simply missing it.


--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

"Francisco Blas Izquierdo Riera (klondike)" 11-18-2011 02:51 AM

udev-171-r2 and 3.0.9-hardened
 
El 18/11/11 03:18, Stan Sander escribió:
> I did a sync and a world update earlier today and among the updates was
> the 3.0.9 hardened sources. I built the new kernel with the same
> settings as the previous one (3.0.8-hardened), using make oldconfig
> however when I try to boot the 3.0.9 kernel udev hangs. I tried
> re-emerging udev and gradm, but that didn't help. Any ideas on what I
> can do to try and get more info or perhaps someone already knows what is
> wrong and I am simply missing it.
I see you use gradm, try disabling RBAC and checking if it boots in that
case, if that's the case you may need to relearn your policies.

Stan Sander 11-18-2011 03:02 AM

udev-171-r2 and 3.0.9-hardened
 
On 11/17/2011 08:51 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 03:18, Stan Sander escribió:
>> I did a sync and a world update earlier today and among the updates was
>> the 3.0.9 hardened sources. I built the new kernel with the same
>> settings as the previous one (3.0.8-hardened), using make oldconfig
>> however when I try to boot the 3.0.9 kernel udev hangs. I tried
>> re-emerging udev and gradm, but that didn't help. Any ideas on what I
>> can do to try and get more info or perhaps someone already knows what is
>> wrong and I am simply missing it.
> I see you use gradm, try disabling RBAC and checking if it boots in that
> case, if that's the case you may need to relearn your policies.
>
I actually have the grsecurity turned off in the kernel right now,
though PAX is enabled. I'm still trying to transition to running
SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
intend to eventually use it and I re-emerged it just in case. BTW I am
still booting and running in permissive mode for SELinux.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

"Francisco Blas Izquierdo Riera (klondike)" 11-18-2011 03:16 AM

udev-171-r2 and 3.0.9-hardened
 
El 18/11/11 05:02, Stan Sander escribió:
> I actually have the grsecurity turned off in the kernel right now,
> though PAX is enabled. I'm still trying to transition to running
> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
> intend to eventually use it and I re-emerged it just in case. BTW I am
> still booting and running in permissive mode for SELinux.
Just to be on the safe side, have you enabled auditing? If you have try
starting the kernel with a high logging level (so most messages get
logged) and check if there are any complains on the screen.

Stan Sander 11-18-2011 12:28 PM

udev-171-r2 and 3.0.9-hardened
 
On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 05:02, Stan Sander escribió:
>> I actually have the grsecurity turned off in the kernel right now,
>> though PAX is enabled. I'm still trying to transition to running
>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>> intend to eventually use it and I re-emerged it just in case. BTW I am
>> still booting and running in permissive mode for SELinux.
> Just to be on the safe side, have you enabled auditing? If you have try
> starting the kernel with a high logging level (so most messages get
> logged) and check if there are any complains on the screen.
>
I'll give that a go, though I may not be able to work on it again until
tomorrow.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

"Anthony G. Basile" 11-19-2011 01:25 PM

udev-171-r2 and 3.0.9-hardened
 
On 11/18/2011 08:28 AM, Stan Sander wrote:
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
>> El 18/11/11 05:02, Stan Sander escribió:
>>> I actually have the grsecurity turned off in the kernel right now,
>>> though PAX is enabled. I'm still trying to transition to running
>>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>>> intend to eventually use it and I re-emerged it just in case. BTW I am
>>> still booting and running in permissive mode for SELinux.
>> Just to be on the safe side, have you enabled auditing? If you have try
>> starting the kernel with a high logging level (so most messages get
>> logged) and check if there are any complains on the screen.
>>
> I'll give that a go, though I may not be able to work on it again until
> tomorrow.
>

Don't waste any more time on 3.0.9. It has a problem with inserting
modules and will be removed from the tree in a few hours. Play with
hardened-sources-3.1.1 which will be there in its place. I'm testing it
now.

As an aside, please don't use ~arches on production system because part
of the testing process is seeing what feedback I get from the community
on those kernels. Only when I've heard nothing bad, and run a kernel
myself for a while, do I mark it stable.

So I encourage people to play with ~arches in non-critical environments
and let me know. But do expect the occasional breakage.


--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535

Stan Sander 11-19-2011 02:17 PM

udev-171-r2 and 3.0.9-hardened
 
On 11/19/2011 07:25 AM, Anthony G. Basile wrote:
> Don't waste any more time on 3.0.9. It has a problem with inserting
> modules and will be removed from the tree in a few hours. Play with
> hardened-sources-3.1.1 which will be there in its place. I'm testing
> it now. As an aside, please don't use ~arches on production system
> because part of the testing process is seeing what feedback I get from
> the community on those kernels. Only when I've heard nothing bad, and
> run a kernel myself for a while, do I mark it stable. So I encourage
> people to play with ~arches in non-critical environments and let me
> know. But do expect the occasional breakage.
Thanks, Anthony. I'll sync again later and have a go with it. I do
quite a bit with my system, but it is by no means critical. When stuff
breaks, I try to learn what I can from it and if I can't fix it or
figure it out I roll back or work around it some other way.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org


All times are GMT. The time now is 10:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.