Created attachment 375090 [details] emerge --info Hello, On my Gentoo system, with an hardened profile, /sbin/ss, which belongs to the package sys-apps/iproute2, doesn't detect UDP sockets (ss --udp or ss --udp --listening, even as root user). Unlike ss, netstat success. About my kernel, CONFIG_GRKERNSEC=n, until I am sure this feature is not blocking something on my system. But I think this is something like to my kernel and/or to the hardened profile, because on another gentoo, with the profile no-multilib like this one, ss works. I even tried with the current stable version of iproute2, 3.8.0, and with the next unstable release, 3.9.0 to 3.14.0 I don't know where to find more informations myself, and strace provides too much informations. Let me know if you need more informations.
what is the exact command line you are using ? did you use the --listen flag ? post your kernel .config as an attachment. you might want to check you have the various INET_DIAG options enabled (like udp_diag).
(In reply to SpanKY from comment #1) > what is the exact command line you are using ? did you use the --listen > flag ? > > post your kernel .config as an attachment. you might want to check you have > the various INET_DIAG options enabled (like udp_diag). Hello, Yes, sorry, I forgot I made this report, and I found how to resolv several days ago ; as you said, it was (CONFIG_)INET_UDP_DIAG option which was disabled (unlike (CONFIG_)INET_DIAG which was enable). I didn't verify if this options is enable by default in a new hardened kernel config, because I use my own .config file. Therefore, if this option is not set by default, my bad, we can close like that this report, but otherwise, maybe this option should be set by default, right? Thanks for support, and sorry for forgetting :-) (I may verify this behavior but myself with an empty .config file, but I can't do it right now, and therefore, I can't put my .config as attachment)
Created attachment 381634 [details] emerge --info Hello, Since we discovered this bug was related to an option in kernel config, maybe we should close this bug. Last time, I talked about a new .confg file, create as default when no .config file is present. I am currently using sys-kernel/hardened-sources-3.15.5-r1 (stable), and I noticed the option (CONFIG_)INET_DIAG is NOT set. and therefore, neither (CONFIG_)INET_UDP_DIAG. By the way, in the help of those related options, the following message "If unsure, say Y." is written. Therefore, I think portage should verify the content of the kernel options when emerging sys-apps/iproute2, to verify if those 2 options (and more) are set, and therefore put a warning (ewarn) after compilation. What do you think about it? Should we close this bug too? PS: I add a new emerge --info, since I am not using the same profile a long time ago.
