Hi there,
I'm currently preparing for CentOS 7 - familiarizing myself with it's interaction with grsec on some test platforms, and I've hit a wierd one:
I've set grsec_lock, and now, for the life of me, I can't unset it to change any settings - what's more, networking on my template box fails to start because systemd-sysctl fails to start because it can't set grsec settings.
I've set grsec_lock to 0 in multiple places and rebooted several times, but somehow grsec settings are getting pulled from SOMEWHERE and the lock is being applied early in the boot process, messing alot of other stuff up.
Is anyone familiar with the way systemd-systemctl works and how to set grsec_lock to 0 on a subsequent boot in CentOS 7?
CentOS7: systemd-systemctl and grsec lock
2 posts
• Page 1 of 1
CentOS7: systemd-systemctl and grsec lock
by Ashmodai » Thu Jul 10, 2014 7:26 am
Last edited by Ashmodai on Thu Jul 10, 2014 7:54 am, edited 1 time in total.
- Ashmodai
- Posts: 8
- Joined: Wed Apr 24, 2013 7:10 am
Re: systemd-systemctl and grsec lock
by Ashmodai » Thu Jul 10, 2014 7:34 am
Well, that didn't take long to figure out. Apparantly the configuration from sysctl.conf files littered about gets written into your initrd when it's generated (?).
I guess the solution is to set grsec_lock in a custom startup script outside of systemd's control at the very end of the boot process.
I guess the solution is to set grsec_lock in a custom startup script outside of systemd's control at the very end of the boot process.
- Ashmodai
- Posts: 8
- Joined: Wed Apr 24, 2013 7:10 am
2 posts
• Page 1 of 1