Well...the most it's in the subject...
As I wrote I've patched a 2.6.11.5 kernel with last grsec patches and I enabled options listed in the quickstart guide...
...but at the reboot kernel killed udev (and without udev i can't boot the system, because /dev/ROOT doesn't exists)
I'm using Gentoo with glibc-2.3.4.20050125 (NTPL - NPTLONLY enabled) and gcc-3.4.3.20050110
Any advice?
Kernel 2.6.11.5 with Grsec 2.1.4 kills udev at boot...
5 posts
• Page 1 of 1
Kernel 2.6.11.5 with Grsec 2.1.4 kills udev at boot...
by folken » Tue Mar 22, 2005 3:21 pm
- folken
- Posts: 2
- Joined: Tue Mar 22, 2005 3:14 pm
by folken » Thu Mar 31, 2005 3:01 am
Obviously without grsec & pax udev works great 
But i would like to know how to use both
I think I'll read all grsec/pax documentation, then, if I find a solution, It will be posted here...maybe someone else could have the same problem.
Tnx 4 attention,
Bye
But i would like to know how to use both
I think I'll read all grsec/pax documentation, then, if I find a solution, It will be posted here...maybe someone else could have the same problem.
Tnx 4 attention,
Bye
- folken
- Posts: 2
- Joined: Tue Mar 22, 2005 3:14 pm
by tomalok » Fri May 13, 2005 11:42 pm
this bit me a couple weeks ago, but i managed to figure it out...
the problem is, that when udev tries to run from initrd, PaX kills it because of MPROTECT, no devices get created, and it can't find the real root device to boot.
i solved this problem by disabling MPROTECT on the udev binary on the initrd with paxctl. how you achieve this varies depending on how you actually create your initrd -- i happen to use gentoo's 'genkernel', so basically it went something like this:
a udev binary for initrd gets built, the kernel and modules are built, and an initrd (which won't work) is created... next, fix the udev binary for initrd...
now you've got a udev binary for initrd that won't die. now, make a working initrd that uses it...
now you can install your new grsec kernel and initrd and have udev work!
(tested with vanilla linux-2.6.11.7 + grsec-2.1.5, will be trying vanilla 2.6.11.9 tonight)
the problem is, that when udev tries to run from initrd, PaX kills it because of MPROTECT, no devices get created, and it can't find the real root device to boot.
i solved this problem by disabling MPROTECT on the udev binary on the initrd with paxctl. how you achieve this varies depending on how you actually create your initrd -- i happen to use gentoo's 'genkernel', so basically it went something like this:
- Code: Select all
# genkernel --menuconfig --udev all
a udev binary for initrd gets built, the kernel and modules are built, and an initrd (which won't work) is created... next, fix the udev binary for initrd...
- Code: Select all
# cd /usr/share/genkernel/pkg/x86
# tar jxvf udev-0??-x86.tar.bz2
# paxctl -m ./sbin/udev
# tar jcvf udev-0??-x86.tar.bz2 etc sbin
# rm -rf ./{etc,sbin}
now you've got a udev binary for initrd that won't die. now, make a working initrd that uses it...
- Code: Select all
# genkernel --udev initrd
now you can install your new grsec kernel and initrd and have udev work!
(tested with vanilla linux-2.6.11.7 + grsec-2.1.5, will be trying vanilla 2.6.11.9 tonight)
- tomalok
- Posts: 3
- Joined: Fri Mar 28, 2003 1:50 pm
by PaX Team » Sat May 14, 2005 6:15 am
tomalok wrote:the problem is, that when udev tries to run from initrd, PaX kills it because of MPROTECT, no devices get created, and it can't find the real root device to boot.
- Code: Select all
- PaX flags: -------x-e-- [/sbin/udev]
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
5 posts
• Page 1 of 1