Rik Bobbaers schrieb: >hey all, > >for those interested... >i took a vanilla linux 2.6.14.4 kernel >patched it with an updated version of grsec 2.1.7 >and applied vserver 2.1.0 patch (including the sendfile patch and a >"optimisation" for some weirdness in grsec) > >i put it all in a patch , which can be located at: >http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff.gz >http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff > >1 thing... if you can't start your vservers and get the following error >message: >vcontext: vc_set_cflags(): Operation not permitted >you need to enable capabilities in chroots. you can do this with: >echo 0 > /proc/sys/kernel/grsecurity/chroot_caps >(or the appropriate sysctl command ;)) > >if people think it 's a good thing to merge the patches... just let me know, >i'll see what i can do to keep this a little bit up to date. > >have fun all! > > Works like a charm :-) I don't use the PAX part, but no problems with vserver and proc_security/randomness features.
Thanks a lot! Merry Xmas, Oliver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
