trying to troubleshoot "grsec: denied access of range" error

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

trying to troubleshoot "grsec: denied access of range" error

Postby jules » Wed May 11, 2016 11:04 am

I've been running the grsec testing kernel for a few months without anything I cannot understand/resolve, but when I updated to 4.5.3.201605060852-1, I started getting the following warning error at boot:

Code: Select all
May 11 09:09:44 archer kernel: grsec: denied access of range af7e3000 -> af7e3008 in /dev/mem by /usr/lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper/0:0] uid/euid:0/0 gid/egid:0/0


I'm currently running 4.5.3.201605080858-1-grsec on arch linux.

I'm trying to figure out what's causing this and how I can resolve it. Everything seems to work fine but I'd still like to figure out what's behind it.

Any advice on where/how to troubleshoot this would be very much appreciated.

Cheers,
Jules
jules
 
Posts: 2
Joined: Wed May 11, 2016 10:46 am

Re: trying to troubleshoot "grsec: denied access of range" e

Postby spender » Wed May 11, 2016 9:14 pm

Can you first try disabling GRKERNSEC_KMEM, but make sure CONFIG_STRICT_DEVMEM is enabled? If that still produces an error (though it won't have grsec listed in it), could you try a vanilla kernel of the same version with CONFIG_STRICT_DEVMEM enabled? I've looked at our checks for this, and I don't see any reason why it would differ from an upstream kernel for this particular range.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: trying to troubleshoot "grsec: denied access of range" e

Postby jules » Fri May 13, 2016 3:38 am

Many thanks for this - will recompile this weekend and see what I get - again, much appreciated!

Jules
jules
 
Posts: 2
Joined: Wed May 11, 2016 10:46 am


Return to grsecurity support