Re: [uml-devel] starting an 32 bit x86 chroot uml image at a ahrdened Gentoo amd64 system fails

["Toralf Förster" <toralf.foerster@gmx.de>]

On 03/10/2015 03:46 PM, Richard Weinberger wrote:
> Am 10.03.2015 um 15:38 schrieb Toralf Förster:
>> On 03/08/2015 11:44 PM, Richard Weinberger wrote:
>>> Okay. Does it work on a regular host system?
>>> I.e. not broken^Whardened.
>>>
>>> I run x86 UML's very often on x86_64...
>>
>> Ok, I have here just a hardened system, so I'll look for issues related to that .
> 
> It would also help if you could describe in detail what you've hardened. :)
> 
> Thanks,
> //richard
> 
Of course,

so, I installed a hardened 64bit Gentoo [1], configured GRsecurity in the kernel :

CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CONFIG_AUTO=y
# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
# CONFIG_GRKERNSEC_CONFIG_SERVER is not set
CONFIG_GRKERNSEC_CONFIG_DESKTOP=y

and set at boot:
sysctl -w kernel.grsecurity.chroot_deny_chmod=0


Nothing further, no SElinux, RBAC etc.


[1] https://wiki.gentoo.org/wiki/Hardened_Gentoo

-- 
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2  8936 872A E508 0076 E94E


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel