grsecurity forums

Hello all

I am a grsecurity beginner and have a problem with sysctl support: there are no entries below /proc/sys/kernel/grsecurity besides grsec_lock.

I've compiled the current supported stable kernel (3.2.17) with the grsecurity patch without any problems and booted a (virtualbox) machine successfully. Here are alle grsecurity/pax related settings in my kernel config:

Code: Select all

$ egrep '(GRKERN|PAX)' /boot/config-3.2.17-grsec | grep -v '^#'
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=6
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_XATTR_PAX_FLAGS=y
CONFIG_PAX_HAVE_ACL_FLAGS=y
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=""
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y

Kernel boots and there are no issues aside the missing entries. I did not use gradm to activate RBAC or anything.

Code: Select all

$ uname -a
Linux grsec-test 3.2.17-grsec #1 SMP Thu May 24 11:42:19 UTC 2012 x86_64 GNU/Linux

$ gradm -S
The RBAC system is currently disabled.

Here is what i find below /proc/[i]

Code: Select all

$ find /proc -name "*grsec*"
/proc/sys/kernel/grsecurity
/proc/sys/kernel/grsecurity/grsec_lock

And below [i]/sys

Code: Select all

find /sys -name "*grsec*"
/sys/devices/virtual/mem/grsec
/sys/class/mem/grsec

I am guessing that i am making some obvious mistake here, as i could not find any similar issues in the forum (or anywhere).

Could somebody please point it out to me?

Thx & Greets
Walt

You need to enable some features of grsecurity Enabling sysctl support only enables sysctl support for features which have been configured to be compiled into the kernel.

-Brad

Arr! As expected, this is really obvious Thanks a lot