From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3376-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QNm4n-000727-BI
	for garchives@archives.gentoo.org; Sat, 21 May 2011 13:18:41 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CBE491C070;
	Sat, 21 May 2011 13:15:37 +0000 (UTC)
Received: from atoth.sote.hu (atoth.sote.hu [195.111.75.211])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6F34B1C070
	for <gentoo-hardened@lists.gentoo.org>; Sat, 21 May 2011 13:15:37 +0000 (UTC)
Received: from atoth.sote.hu (apache@localhost [127.0.0.1])
	by atoth.sote.hu (8.14.5/8.14.5/atoth@atoth.sote.hu) with ESMTP id p4LDFSYj031140
	for <gentoo-hardened@lists.gentoo.org>; Sat, 21 May 2011 15:15:28 +0200
X-DKIM: Sendmail DKIM Filter v2.8.3 atoth.sote.hu p4LDFSYj031140
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=atoth.sote.hu;
	s=dwokfur; t=1305983736;
	bh=X8hmV9djqqUkFfkN7qjvywc6dT1ihxiyT4DtzEJGqJo=; l=1328;
	h=Message-ID:In-Reply-To:References:Date:Subject:From:To:
	 MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=MXlyPSF/mru5qeLDhD1O3mOpZRig+n+5dFUAAd24h7DqQn7xAJN5kZWQB8bE0KBhC
	 liYXMCdYJurHOP0ZjxSJjmNXk1apwFqhPDT7tZHutJqODalberAJIiC1eHxgIwwYWp
	 nFh89Fx86E4qmJMuOR+1yeQV9/i5wfAjwx+7oz08=
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 atoth.sote.hu p4LDFSYj031140
DomainKey-Signature: a=rsa-sha1; s=dwokfur; d=atoth.sote.hu; c=nofws; q=dns;
	h=x-virus-status:x-virus-scanned:received:message-id:
	in-reply-to:references:date:subject:from:to:user-agent:mime-version:
	content-type:content-transfer-encoding:x-priority:importance:
	x-spam-status:x-spam-checker-version:x-list-milter:x-dcc-stat_fi_x86_64_virtual-metrics;
	b=MHFabyqEcT12h0l0yA5oMbd/AtP/FjImfmVPsUo2p1pJXo1alFVtJrEj0qgCMYnoT
	Y7OyfINbY82VRjazbp77a2HF9L0rvFCGUINxmi3j331yLEVJHZ4iqpKZ5KPkU2yrzYt
	Ls0/MwH4MbexcabxWymhBg6iUAgTunXvFBEREOo=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.97 at atoth
Received: from 10.97.100.79
        (SquirrelMail authenticated user atoth)
        by atoth.sote.hu with HTTP;
        Sat, 21 May 2011 15:15:28 +0200
Message-ID: <c871866224297427f150eb67eed88e4a.squirrel@atoth.sote.hu>
In-Reply-To: <4DD7B1BE.8020101@wildgooses.com>
References: <004082ddb0eaa701d6750c9466c75cab.squirrel@atoth.sote.hu>
    <4DD656B0.90004@gentoo.org> <4DD7B1BE.8020101@wildgooses.com>
Date: Sat, 21 May 2011 15:15:28 +0200
Subject: Re: [gentoo-hardened] bonding module auto-loading
From: =?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= <atoth@atoth.sote.hu>
To: gentoo-hardened@lists.gentoo.org
User-Agent: SquirrelMail/1.4.21
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Status: No, score=-100.2 required=5.0 tests=ALL_TRUSTED,AWL,
	DKIM_ADSP_ALL,USER_IN_WHITELIST autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on atoth.sote.hu
X-List-Milter: local mail
X-DCC-STAT_FI_X86_64_VIRTUAL-Metrics: atoth 1245; Body=2 Fuz1=2 Fuz2=2
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 3df7a765665e22b35578558230434a90

2011.M=C3=A1jus 21.(Szo) 14:36 id=C5=91pontban Ed W ezt =C3=ADrta:
>>  I want the round-robin, what's bothering me is the miimon
>> which I can't change from 0 which means no mii mon which is not good.
>
> # cat /sys/class/net/bond0/bonding/miimon
> 100
> # cat /sys/class/net/bond0/bonding/mode
> 802.3ad 4
>
> # cat /sys/class/net/bond1/bonding/mode
> balance-rr 0
> # cat /sys/class/net/bond1/bonding/miimon
> 100
>
> Not sure what values are sensible though?
>
> Good luck
>
> Ed W

Previously I could proprely configure compiled-in bonding (for ages). Now
I can only configure it by passing module parameters.

I don't know if it's openrc or my kernel, which is 2.6.38-hardened-r4. Th=
e
kernel is definetly newer than yours. I don't know if the module-lockdown
method provided by grsecurity influences tuning compiled-in components or
not...

What do you get if you try to echo something into a bonding/mode file? It
might be possible, that openrc executes the command earlier now than
before.

I can live with bonding compiled in as a module, but the behavior has bee=
n
changed somehow. And I still don't know how I can fix the error message
supplied by grsec - apart from the workaround.

Regards,
Dw.
--=20
dr T=C3=B3th Attila, Radiol=C3=B3gus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057