FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 11-18-2011, 01:18 AM
Stan Sander
 
Default udev-171-r2 and 3.0.9-hardened

I did a sync and a world update earlier today and among the updates was
the 3.0.9 hardened sources. I built the new kernel with the same
settings as the previous one (3.0.8-hardened), using make oldconfig
however when I try to boot the 3.0.9 kernel udev hangs. I tried
re-emerging udev and gradm, but that didn't help. Any ideas on what I
can do to try and get more info or perhaps someone already knows what is
wrong and I am simply missing it.


--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 
Old 11-18-2011, 02:51 AM
"Francisco Blas Izquierdo Riera (klondike)"
 
Default udev-171-r2 and 3.0.9-hardened

El 18/11/11 03:18, Stan Sander escribió:
> I did a sync and a world update earlier today and among the updates was
> the 3.0.9 hardened sources. I built the new kernel with the same
> settings as the previous one (3.0.8-hardened), using make oldconfig
> however when I try to boot the 3.0.9 kernel udev hangs. I tried
> re-emerging udev and gradm, but that didn't help. Any ideas on what I
> can do to try and get more info or perhaps someone already knows what is
> wrong and I am simply missing it.
I see you use gradm, try disabling RBAC and checking if it boots in that
case, if that's the case you may need to relearn your policies.
 
Old 11-18-2011, 03:02 AM
Stan Sander
 
Default udev-171-r2 and 3.0.9-hardened

On 11/17/2011 08:51 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 03:18, Stan Sander escribió:
>> I did a sync and a world update earlier today and among the updates was
>> the 3.0.9 hardened sources. I built the new kernel with the same
>> settings as the previous one (3.0.8-hardened), using make oldconfig
>> however when I try to boot the 3.0.9 kernel udev hangs. I tried
>> re-emerging udev and gradm, but that didn't help. Any ideas on what I
>> can do to try and get more info or perhaps someone already knows what is
>> wrong and I am simply missing it.
> I see you use gradm, try disabling RBAC and checking if it boots in that
> case, if that's the case you may need to relearn your policies.
>
I actually have the grsecurity turned off in the kernel right now,
though PAX is enabled. I'm still trying to transition to running
SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
intend to eventually use it and I re-emerged it just in case. BTW I am
still booting and running in permissive mode for SELinux.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 
Old 11-18-2011, 03:16 AM
"Francisco Blas Izquierdo Riera (klondike)"
 
Default udev-171-r2 and 3.0.9-hardened

El 18/11/11 05:02, Stan Sander escribió:
> I actually have the grsecurity turned off in the kernel right now,
> though PAX is enabled. I'm still trying to transition to running
> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
> intend to eventually use it and I re-emerged it just in case. BTW I am
> still booting and running in permissive mode for SELinux.
Just to be on the safe side, have you enabled auditing? If you have try
starting the kernel with a high logging level (so most messages get
logged) and check if there are any complains on the screen.
 
Old 11-18-2011, 12:28 PM
Stan Sander
 
Default udev-171-r2 and 3.0.9-hardened

On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 05:02, Stan Sander escribió:
>> I actually have the grsecurity turned off in the kernel right now,
>> though PAX is enabled. I'm still trying to transition to running
>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>> intend to eventually use it and I re-emerged it just in case. BTW I am
>> still booting and running in permissive mode for SELinux.
> Just to be on the safe side, have you enabled auditing? If you have try
> starting the kernel with a high logging level (so most messages get
> logged) and check if there are any complains on the screen.
>
I'll give that a go, though I may not be able to work on it again until
tomorrow.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 
Old 11-19-2011, 01:25 PM
"Anthony G. Basile"
 
Default udev-171-r2 and 3.0.9-hardened

On 11/18/2011 08:28 AM, Stan Sander wrote:
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
>> El 18/11/11 05:02, Stan Sander escribió:
>>> I actually have the grsecurity turned off in the kernel right now,
>>> though PAX is enabled. I'm still trying to transition to running
>>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>>> intend to eventually use it and I re-emerged it just in case. BTW I am
>>> still booting and running in permissive mode for SELinux.
>> Just to be on the safe side, have you enabled auditing? If you have try
>> starting the kernel with a high logging level (so most messages get
>> logged) and check if there are any complains on the screen.
>>
> I'll give that a go, though I may not be able to work on it again until
> tomorrow.
>

Don't waste any more time on 3.0.9. It has a problem with inserting
modules and will be removed from the tree in a few hours. Play with
hardened-sources-3.1.1 which will be there in its place. I'm testing it
now.

As an aside, please don't use ~arches on production system because part
of the testing process is seeing what feedback I get from the community
on those kernels. Only when I've heard nothing bad, and run a kernel
myself for a while, do I mark it stable.

So I encourage people to play with ~arches in non-critical environments
and let me know. But do expect the occasional breakage.


--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
 
Old 11-19-2011, 02:17 PM
Stan Sander
 
Default udev-171-r2 and 3.0.9-hardened

On 11/19/2011 07:25 AM, Anthony G. Basile wrote:
> Don't waste any more time on 3.0.9. It has a problem with inserting
> modules and will be removed from the tree in a few hours. Play with
> hardened-sources-3.1.1 which will be there in its place. I'm testing
> it now. As an aside, please don't use ~arches on production system
> because part of the testing process is seeing what feedback I get from
> the community on those kernels. Only when I've heard nothing bad, and
> run a kernel myself for a while, do I mark it stable. So I encourage
> people to play with ~arches in non-critical environments and let me
> know. But do expect the occasional breakage.
Thanks, Anthony. I'll sync again later and have a go with it. I do
quite a bit with my system, but it is by no means critical. When stuff
breaks, I try to learn what I can from it and if I can't fix it or
figure it out I roll back or work around it some other way.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 

Thread Tools




All times are GMT. The time now is 03:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org