grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdisk

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdisk

Postby RinkeB » Tue Apr 30, 2013 4:05 am

Hej grsecurity folks,

I'm having some difficulties getting grsecurity to work.
Right now I am trying to implement grsecurity-2.9.1-3.2.44-201304271916.patch on Ubuntu Server 12 32bit Virtualbox guest within a Windows 7 host.
I followed the tutorial on Wikibooks and created the .deb files issuing the following commands:

make-kpkg clean
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers

Now, when I try to boot the grsec option in Grub, I get the following message:

Loading Linux 3.2.44grsec-grsec ...
Loading initial ramdisk ...

And then the boot hangs.
Also, when I try to boot in recovery mode, I am unable to select any options.
How can I get around this?

I know my way around Linux, but I don't consider myself an advanced user.
If you need more information, don't hestitate to ask and I will provide you with it.

Thanks in advance!
RinkeB
 
Posts: 5
Joined: Thu Apr 25, 2013 7:46 am

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby RinkeB » Thu May 02, 2013 4:19 am

With some help I was finally able to install the kernel and get one step forward.
The kernel is Linux 3.2.44 and grsecurity is of the corresponding version.
However, now I am running into this error message:

Image

I googled around a lot to find an answer, but so far without any results.
Can you give me some advice or tips on how to fix this error?
RinkeB
 
Posts: 5
Joined: Thu Apr 25, 2013 7:46 am

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby PaX Team » Thu May 02, 2013 5:15 am

virtualbox is not compatible with several kernel self-protection features in PaX, disable KERNEXEC and UDEREF at least.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby RinkeB » Thu May 02, 2013 5:45 am

Thanks for you reply! :)
I disabled those options, but I'm still getting the same error.
This is my config file at the moment: http://pastebin.com/0PaBMdY6
Do you see any other options that are not compatible with virtualization?
Or do you see any other anomalies?
RinkeB
 
Posts: 5
Joined: Thu Apr 25, 2013 7:46 am

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby PaX Team » Thu May 02, 2013 6:30 am

something's wrong with your config, it has CONFIG_PAX_KERNEXEC=m and CONFIG_PAX_MEMORY_UDEREF=m which are impossible (these features can't be modular at all). how did you end up with this config?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby RinkeB » Thu May 02, 2013 9:19 am

Well, I edited those options because I thought the 'y' meant to include the option during kernel boot and 'm' meant to exclude.
But obviously I was wrong in that, since it means modular.
If I want to exclude those options like you said, should I then delete them from the config file?
Is it fundamentally a wrong idea to use grsecurity in a virtualized environment?
RinkeB
 
Posts: 5
Joined: Thu Apr 25, 2013 7:46 am

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby PaX Team » Thu May 02, 2013 9:51 am

RinkeB wrote:Well, I edited those options because I thought the 'y' meant to include the option during kernel boot and 'm' meant to exclude.
But obviously I was wrong in that, since it means modular.
If I want to exclude those options like you said, should I then delete them from the config file?

i think you should read up on how to configure linux ;), you never ever hand-edit the config file, that's what menuconfig/nconfig/etc are for.
Is it fundamentally a wrong idea to use grsecurity in a virtualized environment?
depends on your expectations ;).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: grsecurity-2.9.1-3.2.44 - stuck at Loading initial ramdi

Postby RinkeB » Fri May 03, 2013 3:53 am

Thanks for your answer.
I decided to install grsecurity with ubuntu on a standalone system to avoid virtualization issues.
Maybe you have the answer to the following questions.
When I choose to install grsecurity with a minimum of options first, do I have to recompile the complete kernel if I want to add more options?
Because I would like to run a working patched kernel first and then slowly add more options to see where and when problems appear.
RinkeB
 
Posts: 5
Joined: Thu Apr 25, 2013 7:46 am


Return to grsecurity support

cron