After emerging sys-kernel/hardened-sources (2.4.21-r1) along with gradm (1.9.13), chpax (0.6.1) and grsecurity-base-policy (20030614), executing gradm -E as root fails with the output: "/proc/sys/kernel/grsecurity/acl does not exist. Please recompile your kernel with grsecurity's ACL system." Reproducible: Always Steps to Reproduce: 1. ACCEPT_KEYWORDS="~x86" emerge hardened-sources gradm chpax grsecurity-base-policy 2. gradm -P (and provide password) 3. gradm -E Actual Results: /proc/sys/kernel/grsecurity/acl does not exist. Please recompile your kernel with grsecurity's ACL system. Expected Results: I expected the grsecurity ACL system to be activated. - machine has hardened-gcc emerged and activated - grsecurity and chpax init scripts are not yet added to the default runlevel - all other grsec features are working as expected (logging, random pids, etc) - paxtest script works as expected emerge info: Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.24-hardened-r1) ================================================================= System uname: 2.4.24-hardened-r1 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.3.13 Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -O3 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=i686 -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache sandbox" GENTOO_MIRRORS="http://mirror.pacific.net.au/linux/Gentoo ftp://mirror.internode.on.net/pub/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.au.gentoo.org/gentoo-portage" USE="berkdb crypt gdbm ncurses pam perl python readline slang ssl tcpd x86 zlib"
Sorry - typo. The correct version of hardened-sources emerged was 2.4.24-r1.
sounds like you need to enable it in your kernel. If you want to post your kernel .config we can confirm thats the case.
Created attachment 26480 [details] Kernel .config
Since I posted this bug, I discovered and emerged gradm2, which does work as expected. When starting up the RBAC system, it logs the grsec version as 2.0-rc4. Perhaps that's the reason gradm is failing, but gradm2 works. I had been following the guide at the Gentoo site for version 1.9.x (which isn't part of hardened-sources any longer, it seems).
You must use gradm > 2 with grsecurity 2
gradm2 -E You are using incompatible versions of gradm and grsecurity. Please update both versions to the ones available on the website. (hardened-sources-2.4.24-r1, gradm2-0.0_rc4 grsecurity-base-policy-20030614) should I post this as a seperate bug?
Sorry, my fault: I have hardened-dev-sources-2.6.4-r3...