grsecurity forums

[schmeggahead]

I have a successful operating grsecurity when the system is active but I have to manually enable it at boot and manually disable it to shutdown.
Is there a facility that I am missing to automatically enable and disable for system startup and shutdown?
(I'm working in the Gentoo distribution using the hardened-sources and profile)

Update: found this related topic on System Shutdown
viewtopic.php?f=3&t=1266&p=9520#p4906

[Grach]

To enable RBAC you could run "gradm -E" from any startup script at any time convenient for you, that's simple.

There are several ways to shut down the system with RBAC. For example, you could write permissive rules for /sbin/init and its children (and/or for particular init scripts) as trusted subjects to allow them to shut down the system as usual, without the need to disable RBAC. In this case your RBAC policy must protect /sbin/init (pid 1) from receiving signals from unauthorized subjects and deny them to run /sbin/init (and/or particular init scripts), except the authorized subjects you wish to allow to trigger the system shutdown.

[schmeggahead]

I have actually created a new init script for my gentoo system and once gradm is finished enabling, the init script errors all over the place and halts start up.
The RBAC system is enabled and hitting enter allows the system to come up the rest of the way.
This doesn't help me with auto startup.
hmmmm

I guess maybe the pid settings in gentoo aren't needed.
I'll try removing them.
No answer on the gentoo forums about the init script errors.
http://forums.gentoo.org/viewforum-f-18.html

[Grach]

The init scripts fail due to the lack of proper RBAC rules. You should enable the learning mode at boot time and then generate and edit the policy to allow the init scripts to operate. Same for rebooting.