Mailinglist Archive: opensuse-bugs (3700 mails)

< Previous Next >
[Bug 997306] New: home:dsterba:grsecurity/kernel-grsec-desktop: Bug missing GRKERNSEC_SYSCTL_DISTRO kernel config option
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 06 Sep 2016 07:35:10 +0000
  • Message-id: <bug-997306-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=997306


Bug ID: 997306
Summary: home:dsterba:grsecurity/kernel-grsec-desktop: Bug
missing GRKERNSEC_SYSCTL_DISTRO kernel config option
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P5 - None
Component: 3rd party software
Assignee: dsterba@xxxxxxxx
Reporter: royalsheeplauncher@xxxxxxxx
QA Contact: opensuse-communityscreening@xxxxxxxxxxxxxxxxxxxxxx
Found By: ---
Blocker: ---

Hello your kernel-grsec-desktop and variant package are good but they are
missing this config option GRKERNSEC_SYSCTL_DISTRO:

CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set
CONFIG_GRKERNSEC_SYSCTL_ON=y

This option is required to be able to set
kernel.grsecurity.disable_priv_io = 0
in /etc/sysctl.d/*.conf and help some Xorg drivers be able to work fully.

from Grsec book:
"If you say Y here, additional sysctl options will be created
for features that affect processes running as root. Therefore,
it is critical when using this option that the grsec_lock entry be
enabled after boot. Only distros with prebuilt kernel packages
with this option enabled that can ensure grsec_lock is enabled
after boot should use this option.
*Failure to set grsec_lock after boot makes all grsec features
this option covers useless*

Currently this option creates the following sysctl entries:
"Disable Privileged I/O": "disable_priv_io"
"

After you may have to ship a default /etc/sysctl.d/grsec.conf that contains (at
least):
kernel.grsecurity.grsec_lock = 1
at the end. Most of the other prebuilt grsec kernel packages do this.

Thanks

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >