well, i am new to grsecurity (and not exactly a linux guru yet
though i'm workin on it), but i've have done my reading, and looked through the forum so i hope my questions arent too obviouse.
i am running Debian Woody, and am trying to get XFree86 running properly, first off, with out the ACLs (though in the end that is my goal). But first things first. My current problem/question is about the CONFIG_GRKERNSEC_KMEM option. Namely when i turn this option (which is "highly recommended") on, i get the following error:
...
(II) Loading sub module "int10"
(II) LoadModule: "int10"
(II) Reloading /usr/X11R6/lib/modules/linux/libint10.a
(EE) SAVAGE(0): Cannot map SYS BIOS
(II) Loading sub module "vbe"
...
in my XFree86.0.log file, after which come more inconsistancies with a normal X starting log, resulting in a signal 11. The error goes away if i do not set the KMEM option and X starts properly.
note:
Actually there is one line that is different in the log produced w/ grsec but without KMEM compared to no grsec at all:
(II) PCI: stages = 0x03, oldVal1 = 0x80008d40, mode1Res1 = 0x80000000 <------ with grsec
(II) PCI: stages = 0x03, oldVal1 = 0x00000000, mode1Res1 = 0x80000000 <------ normal kernel
But i dont think that matters. still i include this info just incase.
so the question is: How, if at all, do i enabled this feature and still use XFree86?
thanks guys
cheers,
optix
