[grsec] a couple of questions about grsec policies for Tahoe-LAFS

Zooko O'Whielacronx zooko at zooko.com
Fri Jun 17 01:19:40 EDT 2011

Dear grsecurity folks:

I'm a developer on Tahoe-LAFS, a secure and fault-tolerant cloud storage system:


I've recently gotten more interested in having a hardened operating
system under Tahoe-LAFS deployments.

Jacob Appelbaum ran Tahoe-LAFS on grsec and reported two problems. If
you could please have a look at these two issues and let us Tahoe-LAFS
developers know how grsec thinks about such things I would appreciate

http://tahoe-lafs.org/trac/tahoe-lafs/ticket/982# grsec disallows
tahoe from learning its own IP address
http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1421# increase_rlimits()
tries to set RLIMIT_CORE high, which grsec disallows


If you go ahead and register on the Tahoe-LAFS trac in order to update
the ticket, that will be the best way to communicate with the
Tahoe-LAFS developers (who are far more than just me), but if you
don't want to register and you just reply to this message then I'll
cut and paste your reply into those tickets.



More information about the grsecurity mailing list