[grsec] shared memory

Wolfram Schlich lists at wolfram.schlich.org
Wed Feb 13 16:42:43 EST 2008


Heyho,

I am trying to setup a Linux HA cluster using Heartbeat.
There is a component called stonithd which is using shared memory
to store some data. It uses 2 functions, one for storing the data and
one for reading the data.

Here is the source file:
http://hg.linux-ha.org/dev/file/c8d573589311/fencing/stonithd/stonithd.c

	hostlist2shmem() stores data
	shmem2hostlist() reads data

The problem is (happens only with grsecurity kernel), that
shmem2hostlist fails:

	ERROR: shmem2hostlist:3078: shmat failed: Invalid argument

I can see that some privilege dropping and child process stuff is
being done in that code, maybe it's relevant, because only the
read-function fails, the initial store-function works...

The kernel does not log anything (I am used to grsecurity logging
when it denies things)...

What could be the reason?

UPDATE: I found out *sigh*

	sysctl -w kernel.grsecurity.destroy_unused_shm=0

...solved it. Very malicious option ;)

Brad, could you please add some code that *logs* when shared memory
segments are destroyed by that functionality? Maybe you can make the
logging depend on CONFIG_GRKERNSEC_AUDIT_IPC...

Thanks!
-- 
Regards,
Wolfram Schlich <wschlich at gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/


More information about the grsecurity mailing list