hello,
i experienced a strange problem using the chroot_restrict_sigs option. (i think it's a bug in grsecurity [that's the reason why i am posting this to the development board :) ]).
i use an older version of grsecurity running on a 2.4.18 kernel, so maybe this is already fixed (i can't upgrade because i have to wait for the trustees patch to be updated to 2.4.19 first).
so.. the problem:
i am running a daemon in a chroot, which quite often does "hang", and uses more and more memory until it gets killed by the kernel with signal 9.
Out of Memory: Killed process 154 (jabberd).
the problem is, that when i enable grsecurity the kernel doesn't kill this process, but instead does kill other processes.
dmesg show the following output:
grsec: denied signal 9 out of chroot jail (09:02:1607928) of 0.0 by (jabberd:154) UID(1) EUID(1), parent (jabrun.sh:5123) UID(0) EUID(0) to (apache:17371) UID(33) EUID(33), parent (apache:7851) UID(0) EUID(0)
i assume that the kernel somehow isn't able to kill this process when grsecurity is enabled, and therefore tries to kill other processes.
i have disabled chroot_restrict_sigs some days ago, and didn't have the same problem until now...
cu
/gst