eyck wrote:
I use to patch 2.4 kernels for productions servers and they work fine
but I haven't tried this one; I will try later and let you know if it works.
http://mirrors.sandino.net/vserver/parches/linux-2.4.34-grsec-2.1.10-vserver-1.2.10-KB2.patch.gz
http://mirrors.sandino.net/vserver/parches/linux-2.4.34-grsec-2.1.10-vserver-1.2.10-KB2.patch.gz.asc
don't use 1.2.10, it contains break-out-of-chroot bug,
grsec should restrict all break-out-of-chroot by the use of It's own
methods.
CONFIG_GRKERNSEC_CHROOT_MOUNT
CONFIG_GRKERNSEC_CHROOT_DOUBLE
CONFIG_GRKERNSEC_CHROOT_PIVOT
CONFIG_GRKERNSEC_CHROOT_CHDIR
CONFIG_GRKERNSEC_CHROOT_CHMOD
CONFIG_GRKERNSEC_CHROOT_FCHDIR
CONFIG_GRKERNSEC_CHROOT_MKNOD
CONFIG_GRKERNSEC_CHROOT_SHMAT
CONFIG_GRKERNSEC_CHROOT_UNIX
CONFIG_GRKERNSEC_CHROOT_CAPS
use 1.2.11rc1.
I still can't get to releasing 1.2.11, hope I'll be able to move some stuff
next week.
Sandino Araico Sánchez
--
Free as in Beer:
You can drink as many as you want but you have to pay for them.
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
