After upgrading from 2.4.27 + gr 2.0.x to 2.4.29 + gr 2.1.3 I found that grsecurity denies accepts.
I turned on server socket restriction for group 33 (www-data) and after that apache stopped working.
Mar 22 11:03:40 rei kernel: grsec: attempted bind() by /usr/sbin/apache[apache:19249] uid/euid:33/33 gid/egid:33/33, parent /usr/sbin/apache[apache:18014] uid/euid:0/0 gid/egid:0/0
On the grsecurity mail list I found a solution for this:
http://grsecurity.net/pipermail/grsecur ... 00211.html
But since I don't use RBAC, and ACLs it does not help.
Any other way to solve this ?