hey all, for those interested... i took a vanilla linux 2.6.14.4 kernel patched it with an updated version of grsec 2.1.7 and applied vserver 2.1.0 patch (including the sendfile patch and a "optimisation" for some weirdness in grsec)
i put it all in a patch , which can be located at: http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff.gz http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff 1 thing... if you can't start your vservers and get the following error message: vcontext: vc_set_cflags(): Operation not permitted you need to enable capabilities in chroots. you can do this with: echo 0 > /proc/sys/kernel/grsecurity/chroot_caps (or the appropriate sysctl command ;)) if people think it 's a good thing to merge the patches... just let me know, i'll see what i can do to keep this a little bit up to date. have fun all! -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
