>>>>> "andrey" == Andrey Borzenkov <[EMAIL PROTECTED]> writes:
andrey> This probably has been disabled due to problems with initrd, am I right? Current implementation of initrd in kernel has been changed so it is safe to enable CHROOT features again. I would advice to enable all of them because you always can disable them (using sysctl) on case by case basis. andrey> This is safe to enable in 2.4.20 and above. It is NOT safe to enable in 2.4.19 and before. andrey> In case somebody does not remember it - linuxrc from initrd is (and has been) run as chrooted process. It means, grsecurity denied mknod, mount and pivot_root. Implementation of linuxrc in current kernel has been changed in such way that does not interfere with grsecurity (I do not know if this was intentional, is not, it is a pleasant side effect :)) andrey> cheers andrey> -andrey andrey> P.S. I am not on list so I appreciate Cc on replies if any. Done there, with _lots_ of changes in grsecurity. 1.9.8 & the conf changed quite a bit. Later, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy
