grsecurity forums

[mkalbere]

Hello ,
First of all : Thanks to the grsec team for the work they do/did !!

Then .. I have a vserver running on a grsec host. Allmost everything is working fine except that on some circumstances (seems to be when more processes are running) command get droped . For example mysqldump won't work(once in a while), or even a simple "ps" will retrun immidiately.
How could I change this behaviour, I enabled the vserver hard cpu limit, could it be linked ? Since I can have an heavy load on the vserver it sounds strange.
I used the patch-2.6.14.7-vs2.1.0-grsec2.1.9.diff
++
Marc

[spender]

There was never a grsecurity 2.1.9 released for that kernel, so I can't vouch for the quality of the backport. I haven't heard of any similar problem reported from someone running a vanilla kernel with grsecurity.

-Brad

[aldee]

The description reminds me a bit of this problem I was experiencing (and still am, when activating CONFIG_GRKERNSEC_CHROOT_FINDTASK). There seem to be some race conditions being triggered by certain grsec options in combination with bash at least (also see here, which is reproducible for me as well). Not sure if these are related to your problem though.

[spender]

aldee: do you have the pid randomization option enabled as well?

-Brad

[aldee]

aldee: do you have the pid randomization option enabled as well?

I disabled CONFIG_GRKERNSEC_RANDPID as well, because of the reproducible race condition problem with /bin/false started from a bash sometimes returning true described on your mailing list. My full kernel configuration is available in this thread (direct link).

[mkalbere]

Sorry for responding late , I just received the notifications now .....

Yes I have CONFIG_GRKERNSEC_RANDPID I'll try to remove it.