On Mon, 2004-06-07 at 00:07, Lars Kneschke wrote:

> Jun  7 04:57:39 ProxyLK grsec: From 192.168.4.229: denied attempt to mount
> /dev/loop0 as
> /storage/catalyst/tmp/default/livecd-stage2-x86-20040604/var/tmp/genkernel/initrd-mount
> from chroot by (mount:14881) UID(0) EUID(0), parent (genkernel:4372) UID(0)
> EUID(0)
> 
> Hm, now i just need to find out, how i can disable this feature.

That should be a sysctl setting you can change (if you have sysctl
features enabled). If you want to open up all the chroot settings, you
could have it set with these options:

kernel.grsecurity.chroot_findtask = 0
kernel.grsecurity.chroot_deny_sysctl = 0
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_execlog = 0
kernel.grsecurity.chroot_restrict_nice = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_enforce_chdir = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_unix = 0
kernel.grsecurity.chroot_deny_shmat = 0

Those should all disable any grsec related chroot restrictions for you.
Although, I'd recommend you change those settings back after you're done
building. Perhaps some of the hardened folks might know of a better
method than this?

Cheers,
-- 
Lance Albertson <ramereth@gentoo.org>
Gentoo Infrastructure

---
GPG Public Key:  <http://www.ramereth.net/lance.asc>
Key fingerprint: 0423 92F3 544A 1282 5AB1  4D07 416F A15D 27F4 B742

ramereth/irc.freenode.net