gradm segmentation fault in policy generations. Reproducible: Always Steps to Reproduce: 1.install hardened system, sys-apps/gradm-2.1.13.200902232204 2.run gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/policy Actual Results: segmentation fault Expected Results: gw ~ # gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/policy Beginning full learning 1st pass...done. Beginning full learning role reduction...done. Beginning full learning 2nd pass...done. Beginning full learning subject reduction for user root...done. Beginning full learning subject reduction for user named...done. Beginning full learning subject reduction for user postfix...done. Beginning full learning object reduction for subject /...done. Segmentation fault my emerge --info: gw ~ # emerge --info Portage 2.1.6.13 (hardened/linux/x86/2008.0, gcc-3.4.6, glibc-2.9_p20081201-r2, 2.6.28-hardened-r7-gw i686) ================================================================= System uname: Linux-2.6.28-hardened-r7-gw-i686-Pentium_III_-Coppermine-with-glibc2.3.2 Timestamp of tree: Mon, 06 Jul 2009 14:15:03 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-lang/python: 2.5.4-r3 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.5, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -mtune=pentium3 -pipe -fstack-protector" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium3 -mtune=pentium3 -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="buildpkg ccache distlocks fixpackages metadata-transfer parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv" FFLAGS="-O2" GENTOO_MIRRORS="http://gentoo.tups.lv/source" LANG="ru_RU.UTF-8" LC_ALL="C" LDFLAGS="-Wl,-O1" LINGUAS="ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="lzma" PORTAGE_COMPRESS_FLAGS="-6" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/my" SYNC="rsync://gentoo.tups.lv/gentoo-portage" USE="acl alsa berkdb bzip2 cli cracklib crypt cups dri fortran gdbm gpm hardened iconv isdnlog logrotate midi mudflap ncurses nptl nptlonly pam pcre perl pic postgres pppd profile python readline reflection session spl sqlite sqlite3 ssl symlink sysfs tcpd unicode urandom x86 xorg zlib" ALSA_CARDS="null" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias asis auth_digest authn_dbd cern_meta charset_lite dbd dumpio ident imagemap log_forensic proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http substitute version" ELIBC="glibc" KERNEL="linux" LINGUAS="ru" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS
gw ~ # gradm --version gradm v2.1.13 Licensed under the GNU General Public License (GPL) version 2 or higher Copyright 2002,2003,2004 Brad Spengler
Created attachment 196913 [details] kernel config
Please remove -fstack-protector from CFLAGS and CXXFLAGS and 'emerge -e gradm'. The hardened profile/gcc applies -fstack-protector and -fstack-protector-all where it is safe to do so already. Also (and you may want to do this first) please give the machine a few passes with memtest86+ if possible (non-24/7 production hopefully). The system could be getting a little long in the tooth; eventually capacitors and various electronic components will wear out, etc. Hope it helps. Re-open if you continue to have issues after completing the above steps.
Fixed in CVS, see bug 281512.
er, re-opening so it can be closed properly
closing as fixed.