On Wednesday 08 February 2006 18:30, TB wrote: > # > # Filesystem Protections > # > CONFIG_GRKERNSEC_PROC=y > CONFIG_GRKERNSEC_PROC_USER=y > CONFIG_GRKERNSEC_PROC_ADD=y > CONFIG_GRKERNSEC_LINK=y > CONFIG_GRKERNSEC_FIFO=y > CONFIG_GRKERNSEC_CHROOT=y > CONFIG_GRKERNSEC_CHROOT_MOUNT=y > # CONFIG_GRKERNSEC_CHROOT_DOUBLE is not set > CONFIG_GRKERNSEC_CHROOT_PIVOT=y > CONFIG_GRKERNSEC_CHROOT_CHDIR=y > # CONFIG_GRKERNSEC_CHROOT_CHMOD is not set > CONFIG_GRKERNSEC_CHROOT_FCHDIR=y > CONFIG_GRKERNSEC_CHROOT_MKNOD=y > CONFIG_GRKERNSEC_CHROOT_SHMAT=y > CONFIG_GRKERNSEC_CHROOT_UNIX=y > CONFIG_GRKERNSEC_CHROOT_FINDTASK=y > CONFIG_GRKERNSEC_CHROOT_NICE=y > CONFIG_GRKERNSEC_CHROOT_SYSCTL=y > # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
Take a closer look at those CHROOT CONFIG's and have again a look at your error message and you'll see it (in case you don't see it, its CONFIG_GRKERNSEC_CHROOT_MOUNT=y that should be # CONFIG_GRKERNSEC_CHROOT_MOUNT is not set > Feb 8 17:57:05 MYHOSTNAME kernel: grsec: From MYIPADDRESS: denied mount > of proc as /var/lib/vservers/vhost0/proc from chroot by > /var/lib/vservers/vhost0/bin/mount[mount:28032] uid/euid:0/0 gid/egid:0/0, > parent /var/tmp/debootstrap.mVlEp8/usr/sbin/debootstrap[debootstrap:18704] > uid/euid:0/0 gid/egid:0/0 -- Christian Heim <[EMAIL PROTECTED]> Gentoo Linux Developer - vserver
pgpiGglpSsV98.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
