by Stephane » Tue Oct 07, 2014 7:41 am
Hi all,
For testing purposes, I've turn off everything with sysctl :
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_shmat = 0
kernel.grsecurity.chroot_deny_sysctl = 0
kernel.grsecurity.chroot_deny_unix = 0
kernel.grsecurity.chroot_enforce_chdir = 0
kernel.grsecurity.chroot_findtask = 0
kernel.grsecurity.chroot_restrict_nice = 0
kernel.grsecurity.consistent_setxid = 0
kernel.grsecurity.deter_bruteforce = 0
kernel.grsecurity.dmesg = 0
kernel.grsecurity.enforce_symlinksifowner = 0
kernel.grsecurity.fifo_restrictions = 0
kernel.grsecurity.grsec_lock = 0
kernel.grsecurity.harden_ipc = 0
kernel.grsecurity.harden_ptrace = 0
kernel.grsecurity.ip_blackhole = 0
kernel.grsecurity.lastack_retries = 4
kernel.grsecurity.linking_restrictions = 0
kernel.grsecurity.ptrace_readexec = 0
kernel.grsecurity.resource_logging = 0
kernel.grsecurity.rwxmap_logging = 0
kernel.grsecurity.signal_logging = 0
kernel.grsecurity.symlinkown_gid = 1006
kernel.grsecurity.timechange_logging = 0
kernel.grsecurity.tpe = 0
kernel.grsecurity.tpe_gid = 1005
and paxctl -pemrxs /usr/bin/java
and I still have the same problem, my jgroups nodes doesn't see each others using a multicast ip. If I try with the same kernel and same .config (of course without patching with grsec), it works !
I'll try to re-turn on kernel.grsecurity.*_logging and I see if I can find some interesting logs...
