grsecurity forums

Hi,

i enabled /proc restrictions, my .config contains

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y

now i have an interesting problem:

beeing the root user, access to the /proc tree is prohibited at first, but allowed after a few tries. example:

# ls -la /proc/sys
-r--r--r-- 11 root root 0 May 31 17:00 /proc/sys

and one second later...

# ls -la /proc/sys
total 0
dr-xr-xr-x 11 root root 0 May 31 17:00 .
dr-xr-xr-x 128 root root 0 May 31 2003 ..
dr-xr-xr-x 2 root root 0 May 31 17:00 abi
dr-xr-xr-x 2 root root 0 May 31 17:00 debug
dr-xr-xr-x 5 root root 0 May 31 17:00 dev
dr-xr-xr-x 3 root root 0 May 31 17:00 fs
dr-xr-xr-x 4 root root 0 May 31 17:00 kernel
dr-xr-xr-x 7 root root 0 May 31 17:00 net
dr-xr-xr-x 2 root root 0 May 31 17:00 proc
dr-xr-xr-x 2 root root 0 May 31 17:00 sched
dr-xr-xr-x 2 root root 0 May 31 17:00 vm

this means that setting some keys does not work at startup, but if i try it manually after i login, it works.

anybody with an explanation / similar problem ?

Can you duplicate this with just the grsecurity 1.9.9g patch? There can't be any error in my code as I simply modify the permissions on the directory...there is no logic in the code. Most likely this is a bad merge on gentoo's part.

-Brad

spender wrote:Can you duplicate this with just the grsecurity 1.9.9g patch?
...
Most likely this is a bad merge on gentoo's part.

To be honest, i dont dare to mess with the patches or the ebuild.
I will disable /proc restrictions and post this as a bug report to the gentoo pages.

Thanks anyway.

----

Posted to gentoo buglist as Bug #22014