[Bug 997306] New: home:dsterba:grsecurity/kernel-grsec-desktop: Bug missing GRKERNSEC_SYSCTL_DISTRO kernel config option
http://bugzilla.opensuse.org/show_bug.cgi?id=997306 Bug ID: 997306 Summary: home:dsterba:grsecurity/kernel-grsec-desktop: Bug missing GRKERNSEC_SYSCTL_DISTRO kernel config option Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: All OS: All Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: dsterba@suse.com Reporter: royalsheeplauncher@zoho.com QA Contact: opensuse-communityscreening@forge.provo.novell.com Found By: --- Blocker: --- Hello your kernel-grsec-desktop and variant package are good but they are missing this config option GRKERNSEC_SYSCTL_DISTRO: CONFIG_GRKERNSEC_SYSCTL=y # CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set CONFIG_GRKERNSEC_SYSCTL_ON=y This option is required to be able to set kernel.grsecurity.disable_priv_io = 0 in /etc/sysctl.d/*.conf and help some Xorg drivers be able to work fully. from Grsec book: "If you say Y here, additional sysctl options will be created for features that affect processes running as root. Therefore, it is critical when using this option that the grsec_lock entry be enabled after boot. Only distros with prebuilt kernel packages with this option enabled that can ensure grsec_lock is enabled after boot should use this option. *Failure to set grsec_lock after boot makes all grsec features this option covers useless* Currently this option creates the following sysctl entries: "Disable Privileged I/O": "disable_priv_io" " After you may have to ship a default /etc/sysctl.d/grsec.conf that contains (at least): kernel.grsecurity.grsec_lock = 1 at the end. Most of the other prebuilt grsec kernel packages do this. Thanks -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=997306
http://bugzilla.opensuse.org/show_bug.cgi?id=997306#c1
David Sterba
http://bugzilla.opensuse.org/show_bug.cgi?id=997306
http://bugzilla.opensuse.org/show_bug.cgi?id=997306#c2
--- Comment #2 from Jason Briggs
http://bugzilla.opensuse.org/show_bug.cgi?id=997306
http://bugzilla.opensuse.org/show_bug.cgi?id=997306#c3
--- Comment #3 from Jason Briggs
participants (1)
-
bugzilla_noreply@novell.com