191317 – hardened-sources-2.6.20-r6 fails to boot, grsec kills init with sig11

Bug 191317 - hardened-sources-2.6.20-r6 fails to boot, grsec kills init with sig11

Summary: hardened-sources-2.6.20-r6 fails to boot, grsec kills init with sig11

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-09-05 02:03 UTC by William Keaney
Modified:	2007-09-21 03:49 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
hardened-sources-2.6.20-r6 .config (.config,41.85 KB, text/plain) 2007-09-05 02:05 UTC, William Keaney	Details
emerge --info (emerge.info,2.39 KB, text/plain) 2007-09-05 02:06 UTC, William Keaney	Details
Screenshot of failure in VMWare (grsec_segv.png,115.47 KB, image/png) 2007-09-05 02:09 UTC, William Keaney	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description William Keaney 2007-09-05 02:03:23 UTC

When test-booting my freshly built hardened/PaX/grsecurity/SELinux system, it fails immediately after the kernel frees unused memory, citing:

grsec: signall 11 sent to /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
grsec: more alerts, logging disabled for 10 seconds

Reproducible: Always

Steps to Reproduce:
1. Follow the gentoo-hardened documentation for configuring PaX, grsec and SELinux
2. Boot
3. Fail

Actual Results:  
grsec kills init with a sig11

Expected Results:  
Boot should complete successfully.

Attaching emerge --info and kernel .config separately.

Comment 1 William Keaney 2007-09-05 02:05:21 UTC

Created attachment 130052 [details]
hardened-sources-2.6.20-r6 .config

Comment 2 William Keaney 2007-09-05 02:06:43 UTC

Created attachment 130053 [details]
emerge --info

Comment 3 William Keaney 2007-09-05 02:09:52 UTC

Created attachment 130055 [details]
Screenshot of failure in VMWare

Comment 4 William Keaney 2007-09-05 16:36:02 UTC

Setting CONFIG_GRKERNSEC_SYSCTL_ON=Y , I no longer see this error.  Instead, boot hangs completely after the 'freeing unused memory' line.

Comment 5 William Keaney 2007-09-05 16:40:32 UTC

(In reply to comment #4)
> Setting CONFIG_GRKERNSEC_SYSCTL_ON=Y , I no longer see this error.  Instead,
> boot hangs completely after the 'freeing unused memory' line.
> 
Oops. make that CONFIG_GRKERNSEC_SYSCTL_ON=N.

Comment 6 William Keaney 2007-09-05 16:42:38 UTC

Same results when enabling CONFIG_SECURITY_SELINUX_BOOTPARAM and booting with selinux=0.  So I don't think this is a conflict with SELinux, but a grsec problem.

Comment 7 solar (RETIRED) gentoo-dev

2007-09-21 03:49:39 UTC

Disable CONFIG_GRKERNSEC_SYSCTL_ON=y and CONFIG_PAX_EMUTRAMP=y on x86*