LXC+Grsec+Socket Denied connect out of ...

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

LXC+Grsec+Socket Denied connect out of ...

Postby bryn1u » Sun Jun 08, 2014 3:58 pm

Hey,

I've installed Ubuntu 14.04 Server, compiled kernel linux-3.14.5 with Grsecurity patch 3.0-3.14.5-test and after all i want to try use apt-get from inside lxc but i cant. Only get some errors as below:
apt-get update
Code: Select all
rr http://archive.ubuntu.com trusty InRelease
 
Err http://archive.ubuntu.com trusty-updates InRelease
 
Err http://security.ubuntu.com trusty-security InRelease
 
Err http://archive.ubuntu.com trusty Release.gpg
  Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-updates Release.gpg
  Could not resolve 'archive.ubuntu.com'
Err http://security.ubuntu.com trusty-security Release.gpg
  Could not resolve 'security.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease 

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease 

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease 

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg  Could not resolve 'archive.ubuntu.com'

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg  Could not resolve 'archive.ubuntu.com'

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg  Could not resolve 'security.ubuntu.com'

W: Some index files failed to download. They have been ignored, or old ones used instead.


sysctl.conf host
Code: Select all
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_unix = 0


Someone can tell me what's wrong ? When i use vanilla kernel or ubuntu's production kernel works well !
bryn1u
 
Posts: 10
Joined: Mon Sep 13, 2010 6:36 am

Return to grsecurity support

cron