[grsec] Grsecurity + Vserver patch (gradm2 installation problem)

Andrew Griffiths andrewg at felinemenace.org
Tue Dec 13 06:36:11 EST 2005 

Hello,

On Tue, Dec 13, 2005 at 11:07:56AM +0100, Fredrik wrote:
> Hi,
> 
> Hope it's Okay to post to this list even if it is probably a modified
> grsecurity patch to play nice with vserver (or it may be the other way
> around)
> 
> I have tried several vserver+grsecurity patches (both for 2.4.x and
> 2.6.x kernels) and they compile fine and I get lots of nice grsec log
> messages when booting. When I try to install gradm2 (gradm-2.1.7) I get
> the following error:
> 
> # make install
> Installing gradm...
> Installing gradm_pam...
> Installing grlearn...
> Installing gradm manpage...
> Could not open /dev/grsec.
> open: No such device or address
> 
> make: *** [install] Error 1
> 
> I get this for all of the different patches I have tried [1] anyone know
> what it could be?
> 

Try deleting /dev/grsec, and reinstalling. iirc the numbers changed at
some time. It's because at some stage an older version was used.

> $ gradm --status
> Could not open /dev/grsec.
> open: No such device or address
> 
> $ stat /dev/grsec
>   File: `/dev/grsec'
>   Size: 0               Blocks: 0          IO Block: 4096   character
> special file
> Device: 803h/2051d      Inode: 553869      Links: 1     Device type: 1,d
> Access: (0622/crw--w--w-)  Uid: (    0/    root)   Gid: (    0/    root)
> Access: 2005-12-13 13:18:04.000000000 +0100
> Modify: 2005-12-13 13:18:04.000000000 +0100
> Change: 2005-12-13 13:18:04.000000000 +0100
> 
> $ uname -a
> Linux kang 2.6.11.11-vs2.0-rc4 #1 SMP Mon Dec 12 19:10:10 CET 2005 i686
> GNU/Linux
> 
> Or if anyone know if grsecurity (with rbac) works with vserver and which
> patch I should use?
> 

Otherwise, I have a working patch (and the .tgz) lying around for 2.4.32
if you want it. (hand patched. secret is to apply grsec first, then
vserver).. For acl's and stuff mebe drop me a note off list as well.


> [1] http://linux-vserver.org/Tools+and+patches
> [2] The patch I found for a later kernel downloaded from:
> http://team.lea-linux.org/bgigon/vserver/mirror/
> 
> // Fredrik

Thanks,
Andrew Griffiths

More information about the grsecurity mailing list