Since I cant get anything to work anymore for some strange reason I have a little question.
I enabled some grsecurity features in my kernel, which I run now.
When I load that kernel none of the features I enabled are really 'enabled' (they dont work, I can still do anything I want).
As soon as I type gradm -E with this /etc/grsec/acl:
/ {
/ r
/opt rx
/home rwx
/mnt rw
/dev rw
/dev/mem h
/dev/kmem h
/bin rxw
/sbin rx
/lib rx
/usr rx
/etc rx
/proc rwx
/proc/sys r
/root r
/tmp rw
/var rwx
/var/tmp rw
/var/log ra
/boot r
/etc/grsec h
-CAP_LINUX_IMMUTABLE
-CAP_NET_RAW
-CAP_MKNOD
-CAP_SYS_RAWIO
-CAP_SYS_MODULE
}
(which is the default).
I cannot do *ANYTHING*. I cannot chroot to one of my chroots, I cannot write files in /etc, everything is denied.
Why? and why are the kernel options disabled when gradm ACL is not enabled?