I use kernel 2.4.19-crypto-r7 which I can't update with emerge, because I have XFS as filesystem and I want to keep using XFS and crypto with my kernel. and, of course, keep the gentoo emerge compatible. In other words, it is the latest kernel-source available with emerge for my situation. The kernel and kernel related grsecurity works as expecteds, no problem so far. But gradm is not functional nor can I get it work. I have deleted /etc/grsecurity/pm because I have forgotten the password I have initialy set, which is my error, sorry. I have set a new password with gradm -P. Have a look at the snippet: ---schnipp--- # gradm -E Error writing to /proc/sys/kernel/grsecurity/acl write: Invalid argument messages: ... kernel: Proc handler: being fed garbage 160 byte send 1175 required ---schnapp--- no matter, if /proc/sys/kernel/grsecurity/grsec_lock is set or unset. I have joined the grsecurity mailing list, there are postings about the same error, but unresolved. I have asked myself, see the maintainer's answer: ---schnipp--- As for your problem with authenticating to the kernel, you need to use compatible versions of gradm and grsecurity. When they are mismatched is when you can't authenticate. Since you are using gentoo, I think they should have their own gradm? I'm not sure how up to date they keep things..but if you use the versions on grsecurity.net, it will work. ---schnapp--- I have also found a message which is pointing out, that the password for gradm is magically hidden, so that replacing /etc/grsecurity/pm does not work. Is this true? I don't know. There are new grsecurity and gradm versions out there. But as they seem to be connected with each other I refused installing a new gradm version. Nor do I know, if I can patch the gentoo 2.4.19-crypto-r7 kernel sources with a new one. So, is my error already known or do you verify my problems? cheers, Sascha
brad is correct when he says that you must be using compatible versions of gradm ... that is pretty much why this is happening ... if you could figure out what version of gradm you're *supposed* to have for that kernel, ill add the ebuild back in ... basically there isnt a very clean solution for this that doesnt involve users doing it by hand (as far as i can tell)
crypto-sources is LONG deprecated, all of the contents have been merged into xfs-sources and lolo-sources and gentoo-sources.