I am a grsecurity beginner and have a problem with sysctl support: there are no entries below /proc/sys/kernel/grsecurity besides grsec_lock.
I've compiled the current supported stable kernel (3.2.17) with the grsecurity patch without any problems and booted a (virtualbox) machine successfully. Here are alle grsecurity/pax related settings in my kernel config:
- Code: Select all
$ egrep '(GRKERN|PAX)' /boot/config-3.2.17-grsec | grep -v '^#'
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=6
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_XATTR_PAX_FLAGS=y
CONFIG_PAX_HAVE_ACL_FLAGS=y
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=""
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y
Kernel boots and there are no issues aside the missing entries. I did not use gradm to activate RBAC or anything.
- Code: Select all
$ uname -a
Linux grsec-test 3.2.17-grsec #1 SMP Thu May 24 11:42:19 UTC 2012 x86_64 GNU/Linux
$ gradm -S
The RBAC system is currently disabled.
Here is what i find below /proc/[i]
- Code: Select all
$ find /proc -name "*grsec*"
/proc/sys/kernel/grsecurity
/proc/sys/kernel/grsecurity/grsec_lock
And below [i]/sys
- Code: Select all
find /sys -name "*grsec*"
/sys/devices/virtual/mem/grsec
/sys/class/mem/grsec
I am guessing that i am making some obvious mistake here, as i could not find any similar issues in the forum (or anywhere).
Could somebody please point it out to me?
Thx & Greets
Walt