Package: linux-grsec-base Version: 5 Severity: normal by default, the systemd-sysctl.service service cannot start up successfully on this machine, because of some kernel settings in /etc/sysctl.d/grsec.conf which do not appear to be supported.
here is relevant output from journalctl: -- Unit systemd-sysctl.service has finished shutting down. Jan 13 13:36:02 frigg systemd[1]: Starting Apply Kernel Variables... -- Subject: Unit systemd-sysctl.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-sysctl.service has begun starting up. Jan 13 13:36:02 frigg kernel: grsec: chdir to / by /lib/systemd/systemd[(d-sysctl):1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg kernel: grsec: exec of /lib/systemd/systemd-sysctl (/lib/systemd/systemd-sysctl ) by /lib/systemd/systemd-sysctl[(d-sysctl):1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_findtask', ignoring: Operation not permitted Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : chroot_findtask by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : audit_ptrace by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : chroot_deny_fchdir by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/audit_ptrace', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_fchdir', ignoring: Operation not permitted Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : rwxmap_logging by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/rwxmap_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : timechange_logging by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : deter_bruteforce by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/timechange_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/deter_bruteforce', ignoring: Operation not permitted Jan 13 13:36:02 frigg kernel: grsec: denied modification of grsecurity sysctl value : audit_chdir by /lib/systemd/systemd-sysctl[systemd-sysctl:1288] uid/euid:0/0 gid/egid:0/0, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg kernel: grsec: more alerts, logging disabled for 10 seconds Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/audit_chdir', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '64042' to 'kernel/grsecurity/socket_client_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_chmod', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '0' to 'kernel/grsecurity/audit_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/forkfail_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_caps', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/tpe', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/ip_blackhole', ignoring: Operation not permitted Jan 13 13:36:03 frigg kernel: grsec: exec of /lib/systemd/systemd-cgroups-agent (/lib/systemd/systemd-cgroups-agent /system.slice/systemd-sysctl.service ) by /lib/systemd/systemd-cgroups-agent[kworker/u4:0:1289] uid/euid:0/0 gid/egid:0/0, parent /[kthreadd:2] uid/euid:0/0 gid/egid:0/0 Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '64043' to 'kernel/grsecurity/socket_server_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_enforce_chdir', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/harden_ptrace', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/ptrace_readexec', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/dmesg', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/socket_all', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/consistent_setxid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '64040' to 'kernel/grsecurity/tpe_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_execlog', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_pivot', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_bad_rename', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_sysctl', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/tpe_restrict_all', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_chroot', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/linking_restrictions', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '64041' to 'kernel/grsecurity/socket_all_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/disable_priv_io', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_unix', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/audit_group', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/enforce_symlinksifowner', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/grsec_lock', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/audit_mount', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_mount', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '4' to 'kernel/grsecurity/lastack_retries', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/harden_ipc', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_mknod', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/fifo_restrictions', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/signal_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/tpe_invert', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/resource_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/socket_client', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/exec_logging', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_deny_shmat', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/chroot_restrict_nice', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '1' to 'kernel/grsecurity/socket_server', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '33' to 'kernel/grsecurity/symlinkown_gid', ignoring: Operation not permitted Jan 13 13:36:02 frigg systemd-sysctl[1288]: Couldn't write '0' to 'kernel/grsecurity/deny_new_usb', ignoring: Operation not permitted Jan 13 13:36:03 frigg polkitd(authority=local)[862]: Unregistered Authentication Agent for unix-process:1282:16169 (system bus name :1.39, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Jan 13 13:36:02 frigg systemd[1]: systemd-sysctl.service: Main process exited, code=exited, status=1/FAILURE Jan 13 13:36:02 frigg systemd[1]: Failed to start Apply Kernel Variables. -- Subject: Unit systemd-sysctl.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-sysctl.service has failed. -- -- The result is failed. Jan 13 13:36:02 frigg systemd[1]: systemd-sysctl.service: Unit entered failed state. Jan 13 13:36:02 frigg systemd[1]: systemd-sysctl.service: Failed with result 'exit-code'. All the best, --dkg -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-grsec-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) linux-grsec-base depends on no packages. Versions of packages linux-grsec-base recommends: ii gradm2 3.1~201507191652-1 ii pax-utils 1.1.4-1 ii paxctl 0.9-1 linux-grsec-base suggests no packages. -- no debconf information
