superuser ?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

superuser ?

Postby cwr » Mon Apr 28, 2003 3:13 am

to save getting all these permission denied errors etc.. is there a 'superuser' group or something similar you can add users to?

also, when loading up Xwindows and not having grsec enabled (gradm -D) i get a:

Fatal server error:
xf86EnableOPorts: Failed to set IOPL for I/O

is this a common problem?
cwr
 
Posts: 3
Joined: Sun Apr 27, 2003 4:32 am

Re: superuser ?

Postby hightower » Mon Apr 28, 2003 3:44 am

cwr wrote:to save getting all these permission denied errors etc.. is there a 'superuser' group or something similar you can add users to?

please what?

cwr wrote:also, when loading up Xwindows and not having grsec enabled (gradm -D) i get a:

Fatal server error:
xf86EnableOPorts: Failed to set IOPL for I/O

is this a common problem?

grep CONFIG_GRKERNSEC_IO .config

if it's yes (y), then read the Configure help of that entry, named "Disable privileged I/O".

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Postby cwr » Mon Apr 28, 2003 4:16 am

ok, thanks.

what can you put in the /etc/grsec/acl to protect the kernel rather than enabling that option?
cwr
 
Posts: 3
Joined: Sun Apr 27, 2003 4:32 am

Postby hightower » Mon Apr 28, 2003 4:31 am

cwr wrote:ok, thanks.

what can you put in the /etc/grsec/acl to protect the kernel rather than enabling that option?


You can remove the capability "CAP_SYS_RAWIO".

http://www.grsecurity.net/gracldoc.htm

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Postby spender » Mon Apr 28, 2003 7:15 am

That error can also be caused by PaX, I believe. Check your logs and look for something starting with grsec: PAX:, then download chpax from http://pageexec.virtualave.net, and chpax -sp /usr/X11R6/bin/XFree86.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron