# mount /dane/domeny mount: unknown filesystem type 'xfs' # grep xfs /proc/modules xfs 688133 0 - Live 0x0000000000000000 0x0000000000000000 exportfs 4354 1 xfs, Live 0x0000000000000000 0x0000000000000000 # dmesg |grep xfs [ 43.103548] xfs: `' invalid for parameter `grsec_modharden_fs' [ 449.610068] xfs: `' invalid for parameter `grsec_modharden_fs' [ 484.835975] xfs: `' invalid for parameter `grsec_modharden_fs' And I can't mount xfs partitions. # emerge --info FEATURES variable contains unknown value(s): Xfail-clean, Xkeepwork, Xprofile, Xsplitdebug, Xtest, Yunknown-features-filter, profile-use Portage 2.1.11.52 (hardened/linux/13.0/amd64, gcc-4.6.3, glibc-2.15-r3, 3.7.5-hardened-r1 x86_64) ================================================================= System uname: Linux-3.7.5-hardened-r1-x86_64-Intel-R-_Core-TM-_i7_CPU_930_@_2.80GHz-with-gentoo-2.1 KiB Mem: 505444 total, 247564 free KiB Swap: 1368020 total, 1368020 free Timestamp of tree: Wed, 27 Feb 2013 08:30:02 +0000 ld GNU gold (GNU Binutils 2.23.1) 1.11 ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p37 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.9 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6 sys-devel/binutils: 2.23.1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -fexpensive-optimizations -fpeel-loops -fgraphite-identity -floop-interchange -ftree-loop-linear -floop-block -floop-strip-mine -fira-loop-pressure -fpredictive-commoning -freorder-blocks-and-partition -ftracer -ftree-vectorize -frecord-gcc-switches -fno-unwind-tables -fno-asynchronous-unwind-tables --param l2-cache-size=128 --param l1-cache-size=16 --param l1-cache-line-size=32 -pipe -Wdisabled-optimization -Wstack-protector" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -fexpensive-optimizations -fpeel-loops -fgraphite-identity -floop-interchange -ftree-loop-linear -floop-block -floop-strip-mine -fira-loop-pressure -fpredictive-commoning -freorder-blocks-and-partition -ftracer -ftree-vectorize -frecord-gcc-switches -fno-unwind-tables -fno-asynchronous-unwind-tables --param l2-cache-size=128 --param l1-cache-size=16 --param l1-cache-line-size=32 -pipe -Wdisabled-optimization -Wstack-protector" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="Xfail-clean Xkeepwork Xprofile Xsplitdebug Xtest Yunknown-features-filter assume-digests binpkg-logs ccache collision-protect compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs profile-use protect-owned sandbox sfperms strict unknown-features-warn unmerge-backup unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://gentoo.mneisen.org/" LANG="pl_PL.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--sort-common" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="-O --inplace" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acpi amd64 apache2 bash-completion caps hardened idn iproute2 ipv6 mmap mmx mmxext modules multilib nls openmp openssl smp sse sse2 sse3 sse4 sse4a ssse3 syslog threads threadsafe unicode urandom vhosts vim-syntax xtpax" ABI_X86="64" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon auth_digest authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user cache cgi dav dav_fs dav_lock dir env expires ext_filter filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif status unique_id usertrack vhost_alias" APACHE2_MPMS="prefork" CURL_SSL="openssl" ELIBC="glibc" KERNEL="linux" LINGUAS="en" NGINX_MODULES_HTTP="access browser charset gzip map limit_zone proxy rewrite stub_status" PHP_TARGETS="php5-3" PYTHON_TARGETS="python2_7 python3_2" USERLAND="GNU" XTABLES_ADDONS="fuzzy geoip lscan psd sysrq tarpit" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON
Created attachment 340360 [details] kernel config
This kernel was stabilized too fast;)
(In reply to comment #2) > This kernel was stabilized too fast;) I bet this bug is in 3.7.5 as well. The rapid stabilization was for a rather nasty local privilege escalation.
Can you test on the latest hardened-sources and see if this is still a problem?
I tested hardened-sources-3.8.3 and it's fine. I assume later kernel are not affected by this bug.
(In reply to comment #5) > I tested hardened-sources-3.8.3 and it's fine. I assume later kernel are not > affected by this bug. It should not be. Thank you for testing!
Thanks for fix.
