On 04/07/2017 03:31 AM, Patrick Schleizer wrote: > Proxying a message from torjunkie at Whonix forums here due to google > group vs Tor spam false positive issues. Source: > > https://forums.whonix.org/t/long-wiki-edits-thread/3477/55? > > ##### > > Greetings, > > I am currently using Qubes 3.2 and have had success to date with > running the 4.8 grsec kernel series (coldkernel) with Debian-8 AppVMs > following the steps / advice outlined on the coldhak blog and github > account. > > I have recently tried to apply the 4.9.20 upgraded kernel to the > Debian-8 TemplateVM and hit some problems. > > I have followed the advice to install the latest > qubes-kernel-vm-support package from the Qubes testing repository (for > the Debian-8 TemplateVM) and avoided the error messages around "Bad > return status for module build." > [https://github.com/coldhakca/coldkernel/issues/55] > [https://github.com/QubesOS/qubes-issues/issues/2691] > > The upgraded kernel successfully builds and the TemplateVM boots. > However, the TemplateVM state light soon shifts from green to yellow. > The qrexec.log and console.log look okay (no obvious error messages), > but the guid.log shows a new cryptic error message I've never seen before: > > ErrorHandler: BadAccess (attempt to access private resource denied) > Major opcode: 130 (MIT-SHM) > Minor opcode: 1 (X_ShmAttach) > ResourceID: 0x219 > Failed serial number: 49 > Current serial number: 50 > > Any attempts to run applications fail e.g. terminal. So, grsec > groups can't be set, paxtest can't be run, and obviously it's not > functional, so there is no point creating a new AppVM based on it. > > Can anyone who has the 4.9 grsec kernel up and running provide any > advice on how to resolve this problem? > > Regards >
I've been running the 4.9 series for a while and have had no issues. The one time I noticed something similar (indicator turning green briefly before turning yellow, although unfortunately I didn't look at the logs at the time to find out if it was the same issue as yours) was when I compiled a coldkernel on a Debian 8 template and then installed the .deb package on a Debian 9 template. I "fixed" the issue by compiling a version of the kernel on a Debian 9 template and installing that .deb package instead. I guess the first thing I would look at is your sysctl.conf file. Do you have any special grsecurity kernel parameters set in there? If so, try disabling all of them and see if the issue persists. If if it does not, then it might be one of those settings that's the problem. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oc8u3t%248vk%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
