grsecurity forums

I seem to have a problem with a grsec 2.6.27.10 kernel and VMware Server 2 on CentOS 5.2. When attempting to start a VM, the server ends up crashing and reboots. This doesn't happen with the stock CentOS kernel(s) or a vanilla kernel.

Here's what I got from /var/log/messages

Code: Select all

Feb  2 18:15:02 pong /usr/lib/vmware/bin/vmware-hostd[1000]: Accepted password for user root from 127.0.0.1
Feb  2 18:15:02 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1710] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:03 pong last message repeated 4 times
Feb  2 18:15:03 pong kernel: grsec: more alerts, logging disabled for 10 seconds
Feb  2 18:15:20 pong kernel: grsec: From 127.0.0.1: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1710] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:20 pong last message repeated 3 times
Feb  2 18:15:20 pong kernel: grsec: From 127.0.0.1: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1713] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:20 pong kernel: grsec: more alerts, logging disabled for 10 seconds
Feb  2 18:15:34 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1742] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:34 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1709] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:34 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1742] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:34 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1709] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:34 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1709] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:34 pong kernel: grsec: more alerts, logging disabled for 10 seconds
Feb  2 18:15:49 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1704] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:15:50 pong last message repeated 4 times
Feb  2 18:15:50 pong kernel: grsec: more alerts, logging disabled for 10 seconds
Feb  2 18:16:05 pong kernel: grsec: From xxxx: signal 11 sent to /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess[webAccess:1713] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/vmware-watchdog[vmware-watchdog:861] uid/euid:0/0 gid/egid:0/0
Feb  2 18:19:00 pong syslogd 1.4.1: restart.

I compiled with the default 'high' security settings, and other than removing unneeded drivers, that's the extent of the kernel config. Any ideas?

Voltar wrote:I seem to have a problem with a grsec 2.6.27.10 kernel and VMware Server 2 on CentOS 5.2. When attempting to start a VM, the server ends up crashing and reboots. This doesn't happen with the stock CentOS kernel(s) or a vanilla kernel.

PaX has some changes that are not compatible with vmware and some other kernel modules, i don't know when i'll have the time to look at it.

Thanks for the response. This was my first time using grsec/PaX, and thought it might be something I was doing.

There is similar problem with virtualbox. I opened bug http://www.virtualbox.org/ticket/3240, but nobody answered to me.
As workaround I'm currently using grsec 2.6.23 (2.6.23-hardened-r13 from gentoo), which is last kernel where virtualbox and vmware work fine.

There is similar problem with virtualbox. I opened bug http://www.virtualbox.org/ticket/3240, but nobody answered to me.

The problem exist for ages, and they don't care. But this could help: http://www.virtualbox.org/ticket/941
Btw, I use vmware server 1.x on x86 since 2.6.24, always without KERNEXEC. It works, but the lack of KERNEXEC is a huge drawback, of cource.

Btw, I use vmware server 1.x on x86 since 2.6.24, always without KERNEXEC. It works, but the lack of KERNEXEC is a huge drawback, of cource.

You are lucky man. Patching kernel higher that 2.6.23 with pax patch and leaving pax completly disabled on amd64 causes host hang when I try run virtual machine in vmware server 1.x or 2.x or virtualbox 2.x. I never tried virtual box 1.x.

[quote="Martin"]There is similar problem with virtualbox. I opened bug http://www.virtualbox.org/ticket/3240, but nobody answered to me.
As workaround I'm currently using grsec 2.6.23 (2.6.23-hardened-r13 from gentoo), which is last kernel where virtualbox and vmware work fine.[/quote]

Exact same problem here on my hardened gentoo amd64 machine with VirtualBox-2.2.4 (closed source binary). I can't even be bothered to debug it. I've switched to Qemu, although it has other unrelated problems. I honestly don't see why VirtualBox has any buisness in the kernel or even the root account... a VM should be able to be run 100% usermode, otherwise it basically defeats the purpose of a VM.

I've switched to Qemu, although it has other unrelated problems.

Maybe you should try KVM.

I honestly don't see why VirtualBox has any buisness in the kernel or even the root account...

Because it's a virtualizer, not emulator.

[quote="Grach"]Maybe you should try KVM.[/quote]

I don't have virtualization extensions, I want a VM that runs completely in user mode anyways, so it has little to no chance of breaking my host O/S.