"/etc/init.d/unrealircd start" fails and results in the following kernel messages (2.6.20-hardened-r5): grsec: From 192.168.1.64: denied hardlink of /usr/lib/unrealircd/modules/commands.so (owned by 0.0) to tmp/625A5E94.commands.so for /usr/bin/unrealircd[unrealircd:21207] uid/euid:101/101 gid/egid:101/101, parent /sbin/runscript.sh[runscript.sh:21204] uid/euid:0/0 gid/egid:0/0 grsec: From 192.168.1.64: denied untrusted exec of /var/lib/unrealircd/625A5E94.commands.so by /usr/bin/unrealircd[unrealircd:21207] uid/euid:101/101 gid/egid:101/101, parent /sbin/runscript.sh[runscript.sh:21204] uid/euid:0/0 gid/egid:0/0 I hope this is the right place to file this bug (?). Please note me of anything i could provide to help solve this bug (in case you can/will try to solve this). Thanks.
Could you please post your emerge --info and the kernel config and reopen the bug afterwards ?
Created attachment 124254 [details] emerge --info
Created attachment 124255 [details] config hardened-sources-2.6.20-r5 kernel configuration
Reopening.
You have grsec linking restrictions enabled and you are trying to hardlink to those files as a user. This is exactly what that option prevents and is expected/desired. Either make it use a soft link or disable the option. Try to disable this option in your kernel. CONFIG_GRKERNSEC_SYSCTL_ON - CONFIG_GRKERNSEC_SYSCTL_ON=y + #CONFIG_GRKERNSEC_SYSCTL_ON is not set then use /etc/sysctl.conf to control grsec. sysctl -a | grep grsec | less
Browsing the unrealircd source, it appeared that unrealircd just copies the file when it fails to hard link, so that was not the problem. However, unrealircd failed to run that copied file, because TPE (trusted path execution) was enabled and the UID it was running under was not in the group of trusted users set in the kernel config. Anyway, thanks for your support. I am sorry for bothering you all!