[grsec] shared memory
Wolfram Schlich
lists at wolfram.schlich.org
Wed Feb 13 16:42:43 EST 2008
Heyho,
I am trying to setup a Linux HA cluster using Heartbeat.
There is a component called stonithd which is using shared memory
to store some data. It uses 2 functions, one for storing the data and
one for reading the data.
Here is the source file:
http://hg.linux-ha.org/dev/file/c8d573589311/fencing/stonithd/stonithd.c
hostlist2shmem() stores data
shmem2hostlist() reads data
The problem is (happens only with grsecurity kernel), that
shmem2hostlist fails:
ERROR: shmem2hostlist:3078: shmat failed: Invalid argument
I can see that some privilege dropping and child process stuff is
being done in that code, maybe it's relevant, because only the
read-function fails, the initial store-function works...
The kernel does not log anything (I am used to grsecurity logging
when it denies things)...
What could be the reason?
UPDATE: I found out *sigh*
sysctl -w kernel.grsecurity.destroy_unused_shm=0
...solved it. Very malicious option ;)
Brad, could you please add some code that *logs* when shared memory
segments are destroyed by that functionality? Maybe you can make the
logging depend on CONFIG_GRKERNSEC_AUDIT_IPC...
Thanks!
--
Regards,
Wolfram Schlich <wschlich at gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
More information about the grsecurity
mailing list