grsecurity forums

[sharkboy]

So I just spent about an hour writing up a post--with code and everything--only to have the site ask me to login (even though I was already logged in) to post, thus destroying everything I did. Hopefully I'll remember everything.

Long story short, VirtualBox won't work (though it does work in my non-grsec kernel). I've ensured that the correct headers are installed by "sudo apt-get install linux-headers-`uname -r`," but they were already installed (my "uname -a" output, by the way, is "Linux debian 3.14.48-grsec #2 SMP Tue Jul 28 16:49:26 CDT 2015 i686 GNU/Linux") but when I try to run e.g. Whonix-Gateway I get the following error:

Failed to open a session for the virtual machine Whonix-Gateway.

The virtual machine 'Whonix-Gateway' has terminated unexpectedly during startup with exit code 1 (0x1).

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: Machine
Interface: IMachine {*****************************}

Along with this pop-up:

VirtualBox - Error in suplibOsInit
Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permissions problem with /dev/vboxdrv. Please reinstall the kernel module by executing

'/etc/init.d/vboxdrv setup'

as root. If it is available in your distribution, you should install the DKMS package first. This package keeps track of Linux kernel changes and recompiles the vboxdrv kernel module if necessary.

Problem is, vboxdrv doesn't exist. Not in /etc/init.d/, at least.

Here is the output of journalctl -xn (which I was told to run at one point):

Code: Select all

-- Logs begin at Wed 2015-07-29 10:08:38 CDT, end at Wed 2015-07-29 12:08:23 CDT. --
Jul 29 11:59:03 debian sudo[12458]: pam_ecryptfs: pam_sm_authenticate: /home/anonymous is already mounted
Jul 29 11:59:03 debian sudo[12458]: anonymous : TTY=pts/2 ; PWD=/home/anonymous ; USER=root ; COMMAND=/sbin/modprobe vboxdrv
Jul 29 11:59:03 debian sudo[12458]: pam_unix(sudo:session): session opened for user root by anonymous(uid=0)
Jul 29 11:59:03 debian sudo[12458]: pam_unix(sudo:session): session closed for user root
Jul 29 11:59:03 debian kernel: : [color=#FF0000]version magic '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC ' should be '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC RAND[/color]
Jul 29 12:01:52 debian sudo[12464]: anonymous : TTY=pts/2 ; PWD=/home/anonymous ; USER=root ; COMMAND=/bin/dmesg
Jul 29 12:01:52 debian sudo[12464]: pam_unix(sudo:session): session opened for user root by anonymous(uid=0)
Jul 29 12:01:52 debian sudo[12464]: pam_unix(sudo:session): session closed for user root
Jul 29 12:08:23 debian sudo[12471]: anonymous : TTY=pts/2 ; PWD=/home/anonymous ; USER=root ; COMMAND=/bin/journalctl -xn
Jul 29 12:08:23 debian sudo[12471]: pam_unix(sudo:session): session opened for user root by anonymous(uid=0)

Here is the output of dmesg (with certain numbers replaced with asterisks):

Code: Select all

[   26.950044] EXT4-fs (sda1): mounting ext2 file system using the ext4 subsystem
[   27.009162] EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts: (null)
[   27.216991] EXT4-fs (sda1): mounted filesystem without journal. Opts: (null)
[   27.839029] Adding 2072572k swap on /dev/mapper/cryptswap1.  Priority:-1 extents:1 across:2072572k FS
[   28.317403] systemd-journald[245]: Received request to flush runtime journal from PID 1
[   29.226544] RPC: Registered named UNIX socket transport module.
[   29.226550] RPC: Registered udp transport module.
[   29.226553] RPC: Registered tcp transport module.
[   29.226555] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   29.247771] FS-Cache: Loaded
[   29.279036] FS-Cache: Netfs 'nfs' registered for caching
[   29.336223] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[   30.070277] : version magic '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC ' should be '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC RANDSTRUCT_PLUGIN_***********************************************************'
[   34.193811] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[color=#FF0000][   36.671352] grsec: denied resource overstep by requesting 26038272 for RLIMIT_MEMLOCK against limit 65536 for /usr/sbin/lightdm-gtk-greeter[lightdm-gtk-gre:990] uid/euid:115/115 gid/egid:123/123, parent /usr/sbin/lightdm[lightdm:984] uid/euid:0/0 gid/egid:0/0
[   49.955521] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1063] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.955599] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1063] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.955612] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1063] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.959375] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1065] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.959454] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1065] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.959467] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1065] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000
[   49.963272] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/bin/VBoxClient[VBoxClient:1067] uid/euid:1000/1000 gid/egid:1000/1000, parent /etc/X11/Xsession[Xsession:1035] uid/euid:1000/1000 gid/egid:1000/1000[/color]
[   49.963339] grsec: more alerts, logging disabled for 10 seconds
[  138.820146] e100 0000:03:08.0 eth0: NIC Link is Up 100 Mbps Full Duplex
[  138.820788] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[  495.025728] : version magic '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC ' should be '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC RANDSTRUCT_PLUGIN_************************************************'
[  622.131018] : version magic '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC ' should be '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC RANDSTRUCT_PLUGIN_*************************************'
[ 1822.439120] intel_rng: Firmware space is locked read-only. If you can't or
intel_rng: don't want to disable this in firmware setup, and if
intel_rng: you are certain that your system has a functional
intel_rng: RNG, try using the 'no_fwh_detect' option.
[ 1822.460667] leds_ss4200: no LED devices found
[ 1822.591461] Error: Driver 'pcspkr' is already registered, aborting...
[ 1825.400045] floppy0: no floppy controllers found
[ 1825.400062] work still pending
[ 2160.371431] warning: `VirtualBox' uses 32-bit capabilities (legacy support in use)
[color=#FF0000][ 2160.505399] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:9492] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:1232] uid/euid:1000/1000 gid/egid:1000/1000
[ 2160.505476] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:9492] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:1232] uid/euid:1000/1000 gid/egid:1000/1000
[ 2160.505489] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:9492] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:1232] uid/euid:1000/1000 gid/egid:1000/1000
[ 2161.868747] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:9495] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2161.868826] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:9495] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2161.868840] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:9495] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2161.966796] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxSVC[VBoxSVC:9500] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2161.966863] grsec: more alerts, logging disabled for 10 seconds
[ 2364.229366] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:10218] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.229442] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:10218] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.229455] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:10218] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.370939] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:10221] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.371016] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:10221] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.371029] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:10221] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 2364.399025] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxSVC[VBoxSVC:10226] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0[/color]
[ 2364.399093] grsec: more alerts, logging disabled for 10 seconds
[ 2686.473786] warning: `mono' uses deprecated v2 capabilities in a way that may be insecure.
[ 2744.118710] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 2744.135569] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 2744.162694] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 2769.234102] tun: Universal TUN/TAP device driver, 1.6
[ 2769.234109] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[color=#FF0000][ 5950.404520] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:11870] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.404597] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:11870] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.404611] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:11870] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.558589] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:11873] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.558666] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:11873] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.558679] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:11873] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.592478] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxSVC[VBoxSVC:11878] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 5950.592548] grsec: more alerts, logging disabled for 10 seconds
[ 6647.521335] : version magic '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC ' should be '3.14.48-grsec SMP mod_unload modversions 686 UDEREF REFCOUNT GRSEC RANDSTRUCT_PLUGIN_*********************************************'
[ 7247.645577] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12493] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:12476] uid/euid:1000/1000 gid/egid:1000/1000
[ 7247.645655] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12493] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:12476] uid/euid:1000/1000 gid/egid:1000/1000
[ 7247.645669] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12493] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:12476] uid/euid:1000/1000 gid/egid:1000/1000
[ 7247.789818] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12496] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7247.789894] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12496] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7247.789907] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12496] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7247.821487] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxSVC[VBoxSVC:12501] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7247.821554] grsec: more alerts, logging disabled for 10 seconds
[ 7414.389178] perf samples too long (2511 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
[ 7782.467950] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12556] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.468433] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12556] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.468513] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VirtualBox[VirtualBox:12556] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.630495] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12559] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.630576] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12559] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.630589] grsec: denied resource overstep by requesting 20 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:12559] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0
[ 7782.660719] grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/lib/virtualbox/VBoxSVC[VBoxSVC:12564] uid/euid:1000/1000 gid/egid:1000/1000, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0[/color]
[ 7782.660786] grsec: more alerts, logging disabled for 10 seconds

I ran dpkg-reconfigure virtualbox-dkms and all I got was this lousy output:

Code: Select all

modprobe: ERROR: could not insert 'vboxdrv': Exec format error

Then, I ran lsmod -a | grep vboxdrv and got this:

Code: Select all

Usage: lsmod

Not a lot of help, that command.

Any ideas? Is there any other output you need?

[PaX Team]

maybe this helps: viewtopic.php?f=3&t=4226 . also UDEREF won't work with virtualbox, or at least it used to trigger that defense.

[sharkboy]

That doesn't help, unfortunately, as I'm not super-proficient with Linux and didn't understand more or less any of it.

I will say that I am more or less running this machine for the sole purpose of running virtual machines on it, and I wanted it to be as secure as possible. So you can imagine my frustration when the one and only thing I need is broken. I'm guessing there's no way around it? No paxctld command I can input?

[PaX Team]

the version magic difference shows that your running kernel had a different configuration than what you built the virtualbox modules against. that may be due to the wrong symlink issue described in the linked forum post or because you changed the kernel configuration after compiling the kernel but before compiling the virtualbox modules (in particular, RANDSTRUCT seems to have been disabled or at least not used for some reason when building the out-of-tree modules). so that's a discrepancy that you'll have to figure out.

[sharkboy]

Is there a way to enable RANDSTRUCT?

[sharkboy]

I'm going to assume that my previous question was either too stupid or too vague to address, so I'll ask a slightly new one:

I did a complete reinstall of Debian. Not just the kernel--the entire system. I haven't yet installed a grsec-patched kernel, for obvious reasons. I've got the latest virtualbox installed on my computer (5.0.0) with 3 virtual machines that are confirmed working as of now.

Now as I said before, I am no Linux wizard: I know how to follow instructions, and 90% of the time I know what to Google when I encounter an error, so I can get away with most of my screwups. But grsecurity is completely new to me, and I simply have to use Virtualbox on this machine. So what I want to know after spending a day reinstalling my system is this: what do I need to do whilst recompiling in order to ensure that Virtualbox will work? I don't care if email works or not--I don't use it. I just need virtualbox to work. Right now I'm on the same kernel I was earlier--Debian 3.14.48--but I'm thinking about using 3.2.50 for grsec on the off-chance that that will work. I don't know. I would like to be able to follow the instructions exactly as they are outlined on wikibooks.org (as a n00b, I especially like the 'make menuconfig' automation), but I need to know specifically what options to check/uncheck before I go through with it.

Thanks in advance for your time and help.

[sharkboy]

UPDATE: I compiled 3.2.50 with its corresponding grsecurity patch without a hitch. But now I can't even log into the grsec'd kernel because of a lack of aes-xts-plaintext64 support or something like that? I mean, it asks for my password (which it always does--I installed Debian with an encrypted LVM), I type in my password, and then it gives me the error message. Over. And over. again.

[spender]

viewtopic.php?f=3&t=4198

[sharkboy]

Yeah, I found that link (like I said earlier—I'm a master of Google), but the author wasn't very clear. I couldn't find the option to enable "development and incomplete drivers" in the menuconfig.

[sharkboy]

I'm in the process of compiling 3.14.48 again...there were some options in the makeconfig of this kernel that I didn't see in the makeconfig of 3.2.50, so I hope that it works this time. If not, I guess I'll give the testing kernel a shot. And if that doesn't work...well, I don't know what I'll do.

[spender]

If you press "/" while in menuconfig, you can search for anything you want and it'll tell you the path through the menu you need to find it. Pay attention to the "depends on" line though, you will need to enable those options first for the option you're searching for to be visible in the menu. For instance, you can search for XTS, which gives you:

Code: Select all

Symbol: CRYPTO_XTS [=n]                                                 │ 
  │ Type  : tristate                                                        │ 
  │ Prompt: XTS support                                                     │ 
  │   Location:                                                             │ 
  │ (1) -> Cryptographic API (CRYPTO [=y])                                  │ 
  │   Defined at crypto/Kconfig:273                                         │ 
  │   Depends on: CRYPTO [=y]                                 


-Brad

[sharkboy]

Thanks, Brad! I can confirm that your solution worked. Unfortunately, I must have messed with the wrong option in compiling and was left without a GUI. Oh, well. I have a lot of patience.

In the meantime, when I recompile I'm wondering if I should just set menuconfig to "automatic" and don't touch anything else (aside from enabling crypto_xts). But since I'm using the system primarily as a host for a virtual machine, I'm wondering if I should specify that in the makeconfig when it gives me an option to check "host," "guest," or "none"? Or would that just give me more problems?

[sharkboy]

While I'm at it, given that I'm a total beginner, should I install gradm? And if so, should I use normal make or make nopam? Furthermore, is my distro's paxctl sufficient or should I supplement or replace it with the paxctld deb on your downloads page?

[sharkboy]

Still issues. I compiled it again, this time with crypto_xts enabled and nothing else changed aside from indicating that it will be used as a host for a VirtualBox machine, that I prioritize performance over security, and that my old computer isn't capable of hardware virtualization (true, I thought, but this seems the most likely culprit) and I am left with a completely unbootable GUI.