when grsecurity was disabled via gradm -D screen worked perfectly. when gradm -E was done screen gave seg faults. i commented out a bunch of the screen.acl file and got it to give an error loading libelf.so.1 so.. once again i edited the screen.acl file and added /usr/lib rx to the end of the directory permissions and then all was well when re-enabling grsecurity Reproducible: Always Steps to Reproduce: 1.emerge grsecurity-base-policy with grsecurity enabled kernel 2.gradm -E 3. screen Actual Results: segfaults at first then error loading libelf Expected Results: started a screen Portage 2.0.49-r20 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.24-grsec-1.9.13) ================================================================= System uname: 2.4.24-grsec-1.9.13 i686 Pentium II (Deschutes) Gentoo Base System version 1.4.3.10 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache fixpackages notitles sandbox userpriv" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/portagetmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="apm arts avi berkdb crypt emacs encode flash foomaticdb gd gdbm gif gpm imlib innodb java jpeg libg++ libwww mad mikmod motif mpeg mysql ncurses nls odbc oggvorbis oss pam pdflib perl php png prelink python quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml xml2 xmms zlib"
updated in cvs.. wont push a new base policy for a while however..
changing component.
grsec1 has been obsoleted and grsecurity-base-policy removed from portage. grsec2 examples will/may happen some time after spender@grsecurity has finished the grsec2 docs for the rbac system.