When "emerge firebird-1.5.2.ebuild", it run "chown -R firebird:firebird ${D}/opt/firebird". However, if in hardened-kernel set up: CONFIG_GRKERNSEC_TPE=y CONFIG_GRKERNSEC_TPE_ALL=y CONFIG_GRKERNSEC_TPE_INVERT=y CONFIG_GRKERNSEC_TPE_GID=5555 and in /etc/conf.d/firebird: FBRunUser=firebird then "/etc/init.d/firebird start": /bin/sh: /opt/firebird/bin/fbmgr.bin: Permission denied And /var/log/syslog: Oct 18 10:38:37 host2 grsec: denied untrusted exec of /opt/firebird/bin/fbmgr.bin by /bin/ bash[sh:25147] uid/euid:450/450 gid/egid:450/450, parent /bin/su[su:27729] uid/euid:450/450 gid/egid:450/450 For resolve this problem need "chown root -R /opt/firebird". Reproducible: Always Steps to Reproduce: Portage 2.0.51.22-r2 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.5-r1, 2.6.11-hardened- r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 Intel(R) Celeron(R) CPU 2.60GHz Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-mcpu=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/ share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i386 -pipe -fforce-addr" DISTDIR="/usr/local/p/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS=" http://mirror.aiya.ru/pub/gentoo/ http://gentoo.osuosl.org http://www. ibiblio.org/pub/Linux/distributions/gentoo http://ftp-test.csbnet.se/pub/linux/distributions/ gentoo/ http://mirror.pudas.net/gentoo/ http://mirror.gentoo.se http://ds.thn.htu.se/linux/ gentoo http://ftp.du.se/pub/os/gentoo http://gentoo.prz.rzeszow.pl http://gentoo.mirror.sdv. fr http://gentoo.zie.pg.gda.pl http://ftp.gentoo-pt.org/pub/gentoo http://gentoo.ynet.sk/ pub http://mirror.etf.bg.ac.yu/gentoo http://mirror.gentoo.no/ http://ftp.iasi.roedu.net/ mirrors/gentoo.org/ " LANG="ru_RU.KOI8-R" LC_ALL="ru_RU.KOI8-R" PKGDIR="/usr/local/p/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/p/distfiles/portage-my" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acpi alsa avi berkdb crypt cups curl dlloader dvdr firebird fortran gd gdbm gif hardened imagemagick jabber jpeg lirc mbox milter mmx mmx2 mpeg ncurses nls nptl nptlonly oav ogg oggvorbis opengl pam perl pic png posix quicktime readline rtc sasl sdl slang sse sse2 ssl svga tcpd tiff truetype truetype-fonts ttf type1-fonts usb userlocales v4l vorbis wmf x86 xinetd xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS, LINGUAS, MAKEOPTS
add an exception to your grsecurity rules