Dear list, and first of all a late happy easter!
After noticing that binutils >= 2.17 are necessary to build a 2.6.19.7 kernel [1] and after getting the message "chbind: vc_set_ipv4root(): Invalid argument" out of my way [2], I finally built a new kernel, which seems to work fine. Fine, beside one minor problem ;-)
Entering the Vserver's context via "vserver name enter" and executing a command (e.g. "tail -f something"), it's not possible to stop the process using strg+c, like I used to do up to some hours ago (vs2.0.2.1-grsec2.1.9 / 2.6.17.14).
Unfortunately I've got no idea, where to start troubleshooting -- do you have any hint on the relevant kernel option? Please find some sections of the kernel's config below. Until changing towards Etch in a couple of weeks, Sarge's standard util-vserver is version 0.30.204-5.
Any idea is appreciated. kind regards, Thorsten [1] http://forums.grsecurity.net/viewtopic.php?p=6572 [2] http://irc.13thfloor.at/LOG/2006-01/LOG_2006-01-10.txt # # Linux VServer # CONFIG_VSERVER_LEGACY=y # CONFIG_VSERVER_LEGACY_VERSION is not set CONFIG_VSERVER_DYNAMIC_IDS=y CONFIG_VSERVER_LEGACYNET=y # CONFIG_VSERVER_REMAP_SADDR is not set CONFIG_VSERVER_COWBL=y # CONFIG_VSERVER_VTIME is not set CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_TAGGING_NONE is not set # CONFIG_TAGGING_UID16 is not set # CONFIG_TAGGING_GID16 is not set CONFIG_TAGGING_ID24=y # CONFIG_TAGGING_INTERN is not set # CONFIG_TAG_NFSD is not set # CONFIG_PROPAGATE is not set CONFIG_VSERVER_PRIVACY=y CONFIG_VSERVER_CONTEXTS=256 CONFIG_VSERVER_WARN=y CONFIG_VSERVER_DEBUG=y CONFIG_VSERVER_HISTORY=y CONFIG_VSERVER_HISTORY_SIZE=64 # CONFIG_VSERVER_MONITOR is not set CONFIG_VSERVER=y # # Security options # # # PaX # CONFIG_PAX=y # # PaX Control # # CONFIG_PAX_SOFTMODE is not set CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y # CONFIG_PAX_NO_ACL_FLAGS is not set CONFIG_PAX_HAVE_ACL_FLAGS=y # CONFIG_PAX_HOOK_ACL_FLAGS is not set # # Non-executable pages # CONFIG_PAX_NOEXEC=y # CONFIG_PAX_PAGEEXEC is not set CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_EMUTRAMP is not set CONFIG_PAX_MPROTECT=y # CONFIG_PAX_NOELFRELOCS is not set CONFIG_PAX_KERNEXEC=y # # Address Space Layout Randomization # CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y # # Miscellaneous hardening features # # CONFIG_PAX_MEMORY_SANITIZE is not set # CONFIG_PAX_MEMORY_UDEREF is not set # # Grsecurity # CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set # CONFIG_GRKERNSEC_HIGH is not set CONFIG_GRKERNSEC_CUSTOM=y # # Address Space Protection # # CONFIG_GRKERNSEC_KMEM is not set # CONFIG_GRKERNSEC_IO is not set CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_HIDESYM=y # # Role Based Access Control Options # # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y # CONFIG_GRKERNSEC_CHROOT_MOUNT is not set # CONFIG_GRKERNSEC_CHROOT_DOUBLE is not set CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y # CONFIG_GRKERNSEC_CHROOT_CHMOD is not set CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set # # Kernel Auditing # # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set CONFIG_GRKERNSEC_RESLOG=y # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set CONFIG_GRKERNSEC_AUDIT_MOUNT=y # CONFIG_GRKERNSEC_AUDIT_IPC is not set CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set # # Executable Protections # CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_SHM=y CONFIG_GRKERNSEC_DMESG=y # CONFIG_GRKERNSEC_TPE is not set # # Network Protections # CONFIG_GRKERNSEC_RANDNET=y # CONFIG_GRKERNSEC_SOCKET is not set # # Sysctl support # CONFIG_GRKERNSEC_SYSCTL=y CONFIG_GRKERNSEC_SYSCTL_ON=y _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver