On 14 May 2002, Guillaume Cottenceau wrote: > Borsenkow Andrej <[EMAIL PROTECTED]> writes: > > > Obviously grsecurity does not like what happens during initrd stage: > > > > VFS: Mounted root (ext2 filesystem). > > grsec: mount . to / by (swapper:9) UID(0) EUID(0), parent (swapper:1) > > UID(0) EUID(0) > > grsec: denied attempt to mount (/proc) as /proc from chroot jail (01:00:2) > > of 0.0 by (linuxrc:9) UID(0) EUID(0), parent (swapper:1) UID(0) EUID(0) > > grsec: more denied mounts in chroot, logging disabled for 30 seconds > > ???? fuck grsec!! i need those mounts. >
Juan, what happened to GRKERNSEC_SYSCTL??? [root@gw grsecurity]# grep GRKERNSEC_SYSCTL /boot/config [root@gw grsecurity]# bor@cooker:/usr/src/linux-2.4.18-13mdk/grsecurity%> grep SYSCTL * if [ "$CONFIG_SYSCTL" != "n" ]; then bool 'Sysctl support' CONFIG_GRKERNSEC_SYSCTL gc, with this option you can temporarily sysctl -w kernel.grsecurity.chroot_deny_mount=0 before chrooting and then revert it back (of course you can use proper syscall). Unless chroot happens before entering linuxrc :( In any case I want this option back. -andrej
