PAGEEXEC breaks init on centos5 4GB dual core (32bit)
Posted: Sun Apr 15, 2007 9:30 am
First off, thanks a lot for PaX+grsecurity! I fully expected that the new selinux support in centos5 would meet my security needs, but I soon found that PaX and grsec are still very much must-haves for any machines with local users who are trusted to varying degrees. Thank you very much!
I've managed to get grsec working on my centos 5 box by building a 2.6.19.7-grsec kernel based off of the stock centos 5 config and the grsec-2.1.10-2.6.19.2 release, with a couple of tweaks (PCI_GODIRECT, and DEBUG_RODATA mentioned in previous posts). SEGMEXEC support works fine on the system.
However, if I try to take advantage of the NX bit of my dual core cpu by turning on PAGEEXEC, I get a silent hang during boot. No log messages, but it appears to happen right around when init would normally start. The kernel is still responsive, and control-alt-delete reboots the box, but otherwise the boot is hung. For some reason setting init=/bin/bash doesn't seem to help this either.
The major details I presume are relevant is that I have 4GB of physical ram, and of course am on a 32bit SMP system (2 cores). My kernel config is at: http://pastebin.ca/441034
I've managed to get grsec working on my centos 5 box by building a 2.6.19.7-grsec kernel based off of the stock centos 5 config and the grsec-2.1.10-2.6.19.2 release, with a couple of tweaks (PCI_GODIRECT, and DEBUG_RODATA mentioned in previous posts). SEGMEXEC support works fine on the system.
However, if I try to take advantage of the NX bit of my dual core cpu by turning on PAGEEXEC, I get a silent hang during boot. No log messages, but it appears to happen right around when init would normally start. The kernel is still responsive, and control-alt-delete reboots the box, but otherwise the boot is hung. For some reason setting init=/bin/bash doesn't seem to help this either.
The major details I presume are relevant is that I have 4GB of physical ram, and of course am on a 32bit SMP system (2 cores). My kernel config is at: http://pastebin.ca/441034