* [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
@ 2011-11-18 2:18 Stan Sander
2011-11-18 3:51 ` Francisco Blas Izquierdo Riera (klondike)
0 siblings, 1 reply; 7+ messages in thread
From: Stan Sander @ 2011-11-18 2:18 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 580 bytes --]
I did a sync and a world update earlier today and among the updates was
the 3.0.9 hardened sources. I built the new kernel with the same
settings as the previous one (3.0.8-hardened), using make oldconfig
however when I try to boot the 3.0.9 kernel udev hangs. I tried
re-emerging udev and gradm, but that didn't help. Any ideas on what I
can do to try and get more info or perhaps someone already knows what is
wrong and I am simply missing it.
--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-18 2:18 [gentoo-hardened] udev-171-r2 and 3.0.9-hardened Stan Sander
@ 2011-11-18 3:51 ` Francisco Blas Izquierdo Riera (klondike)
2011-11-18 4:02 ` Stan Sander
0 siblings, 1 reply; 7+ messages in thread
From: Francisco Blas Izquierdo Riera (klondike) @ 2011-11-18 3:51 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 653 bytes --]
El 18/11/11 03:18, Stan Sander escribió:
> I did a sync and a world update earlier today and among the updates was
> the 3.0.9 hardened sources. I built the new kernel with the same
> settings as the previous one (3.0.8-hardened), using make oldconfig
> however when I try to boot the 3.0.9 kernel udev hangs. I tried
> re-emerging udev and gradm, but that didn't help. Any ideas on what I
> can do to try and get more info or perhaps someone already knows what is
> wrong and I am simply missing it.
I see you use gradm, try disabling RBAC and checking if it boots in that
case, if that's the case you may need to relearn your policies.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-18 3:51 ` Francisco Blas Izquierdo Riera (klondike)
@ 2011-11-18 4:02 ` Stan Sander
2011-11-18 4:16 ` Francisco Blas Izquierdo Riera (klondike)
0 siblings, 1 reply; 7+ messages in thread
From: Stan Sander @ 2011-11-18 4:02 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 1204 bytes --]
On 11/17/2011 08:51 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 03:18, Stan Sander escribió:
>> I did a sync and a world update earlier today and among the updates was
>> the 3.0.9 hardened sources. I built the new kernel with the same
>> settings as the previous one (3.0.8-hardened), using make oldconfig
>> however when I try to boot the 3.0.9 kernel udev hangs. I tried
>> re-emerging udev and gradm, but that didn't help. Any ideas on what I
>> can do to try and get more info or perhaps someone already knows what is
>> wrong and I am simply missing it.
> I see you use gradm, try disabling RBAC and checking if it boots in that
> case, if that's the case you may need to relearn your policies.
>
I actually have the grsecurity turned off in the kernel right now,
though PAX is enabled. I'm still trying to transition to running
SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
intend to eventually use it and I re-emerged it just in case. BTW I am
still booting and running in permissive mode for SELinux.
--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-18 4:02 ` Stan Sander
@ 2011-11-18 4:16 ` Francisco Blas Izquierdo Riera (klondike)
2011-11-18 13:28 ` Stan Sander
0 siblings, 1 reply; 7+ messages in thread
From: Francisco Blas Izquierdo Riera (klondike) @ 2011-11-18 4:16 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 599 bytes --]
El 18/11/11 05:02, Stan Sander escribió:
> I actually have the grsecurity turned off in the kernel right now,
> though PAX is enabled. I'm still trying to transition to running
> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
> intend to eventually use it and I re-emerged it just in case. BTW I am
> still booting and running in permissive mode for SELinux.
Just to be on the safe side, have you enabled auditing? If you have try
starting the kernel with a high logging level (so most messages get
logged) and check if there are any complains on the screen.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-18 4:16 ` Francisco Blas Izquierdo Riera (klondike)
@ 2011-11-18 13:28 ` Stan Sander
2011-11-19 14:25 ` Anthony G. Basile
0 siblings, 1 reply; 7+ messages in thread
From: Stan Sander @ 2011-11-18 13:28 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 892 bytes --]
On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
> El 18/11/11 05:02, Stan Sander escribió:
>> I actually have the grsecurity turned off in the kernel right now,
>> though PAX is enabled. I'm still trying to transition to running
>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>> intend to eventually use it and I re-emerged it just in case. BTW I am
>> still booting and running in permissive mode for SELinux.
> Just to be on the safe side, have you enabled auditing? If you have try
> starting the kernel with a high logging level (so most messages get
> logged) and check if there are any complains on the screen.
>
I'll give that a go, though I may not be able to work on it again until
tomorrow.
--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-18 13:28 ` Stan Sander
@ 2011-11-19 14:25 ` Anthony G. Basile
2011-11-19 15:17 ` Stan Sander
0 siblings, 1 reply; 7+ messages in thread
From: Anthony G. Basile @ 2011-11-19 14:25 UTC (permalink / raw
To: gentoo-hardened
On 11/18/2011 08:28 AM, Stan Sander wrote:
> On 11/17/2011 09:16 PM, Francisco Blas Izquierdo Riera (klondike) wrote:
>> El 18/11/11 05:02, Stan Sander escribió:
>>> I actually have the grsecurity turned off in the kernel right now,
>>> though PAX is enabled. I'm still trying to transition to running
>>> SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
>>> intend to eventually use it and I re-emerged it just in case. BTW I am
>>> still booting and running in permissive mode for SELinux.
>> Just to be on the safe side, have you enabled auditing? If you have try
>> starting the kernel with a high logging level (so most messages get
>> logged) and check if there are any complains on the screen.
>>
> I'll give that a go, though I may not be able to work on it again until
> tomorrow.
>
Don't waste any more time on 3.0.9. It has a problem with inserting
modules and will be removed from the tree in a few hours. Play with
hardened-sources-3.1.1 which will be there in its place. I'm testing it
now.
As an aside, please don't use ~arches on production system because part
of the testing process is seeing what feedback I get from the community
on those kernels. Only when I've heard nothing bad, and run a kernel
myself for a while, do I mark it stable.
So I encourage people to play with ~arches in non-critical environments
and let me know. But do expect the occasional breakage.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [gentoo-hardened] udev-171-r2 and 3.0.9-hardened
2011-11-19 14:25 ` Anthony G. Basile
@ 2011-11-19 15:17 ` Stan Sander
0 siblings, 0 replies; 7+ messages in thread
From: Stan Sander @ 2011-11-19 15:17 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 1067 bytes --]
On 11/19/2011 07:25 AM, Anthony G. Basile wrote:
> Don't waste any more time on 3.0.9. It has a problem with inserting
> modules and will be removed from the tree in a few hours. Play with
> hardened-sources-3.1.1 which will be there in its place. I'm testing
> it now. As an aside, please don't use ~arches on production system
> because part of the testing process is seeing what feedback I get from
> the community on those kernels. Only when I've heard nothing bad, and
> run a kernel myself for a while, do I mark it stable. So I encourage
> people to play with ~arches in non-critical environments and let me
> know. But do expect the occasional breakage.
Thanks, Anthony. I'll sync again later and have a go with it. I do
quite a bit with my system, but it is by no means critical. When stuff
breaks, I try to learn what I can from it and if I can't fix it or
figure it out I roll back or work around it some other way.
--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-11-19 15:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-18 2:18 [gentoo-hardened] udev-171-r2 and 3.0.9-hardened Stan Sander
2011-11-18 3:51 ` Francisco Blas Izquierdo Riera (klondike)
2011-11-18 4:02 ` Stan Sander
2011-11-18 4:16 ` Francisco Blas Izquierdo Riera (klondike)
2011-11-18 13:28 ` Stan Sander
2011-11-19 14:25 ` Anthony G. Basile
2011-11-19 15:17 ` Stan Sander
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox