With /proc and /sys restricted by grsec + non-root privileges, procps-3.3.6 fails the test "vmstat". It requires access to /proc/vmstat, /proc/slabinfo, /sys/block/sda, neither of which are available with grsec and FEATURES="userpriv". The test succeeds on non-hardened kernel even with FEATURES="userpriv" (verified). Reproducible: Always
In case you want more evidence: # grep ^spawn sys-process/procps-3.3.6/work/procps-ng-3.3.6/testsuite/vmstat.log spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat -a spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat -f spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat -m spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat -d spawn /boot/tmp/portage/sys-process/procps-3.3.6/work/procps-ng-3.3.6/vmstat -p sda1 But as a non-root: $ for i in '' '-a' '-f' '-m' '-d' '-p sda1'; do echo -e '\n==============' vmstat $i; strace -e open,access vmstat $i; done ============== vmstat access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa open("/proc/meminfo", O_RDONLY) = 3 open("/proc/stat", O_RDONLY) = 4 open("/proc/vmstat", O_RDONLY) = -1 EACCES (Permission denied) Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: proc /proc proc defaults In the meantime, run "mount proc /proc -t proc" +++ exited with 102 +++ ============== vmstat -a access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free inact active si so bi bo in cs us sy id wa open("/proc/meminfo", O_RDONLY) = 3 open("/proc/stat", O_RDONLY) = 4 open("/proc/vmstat", O_RDONLY) = -1 EACCES (Permission denied) Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: proc /proc proc defaults In the meantime, run "mount proc /proc -t proc" +++ exited with 102 +++ ============== vmstat -f access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/proc/stat", O_RDONLY) = 3 open("/proc/vmstat", O_RDONLY) = -1 EACCES (Permission denied) Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: proc /proc proc defaults In the meantime, run "mount proc /proc -t proc" +++ exited with 102 +++ ============== vmstat -m access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/proc/slabinfo", O_RDONLY) = -1 EACCES (Permission denied) open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory) vmstat: your kernel does not support slabinfo or your permissions are insufficient +++ exited with 0 +++ ============== vmstat -d access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/proc/diskstats", O_RDONLY) = 3 open("/proc/diskstats", O_RDONLY) = 3 access("/sys/block/sda", F_OK) = -1 EACCES (Permission denied) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffffffffffff0} --- +++ killed by SIGSEGV +++ Segmentation fault ============== vmstat -p sda1 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libprocps.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 open("/proc/diskstats", O_RDONLY) = 3 open("/proc/diskstats", O_RDONLY) = 3 access("/sys/block/sda", F_OK) = -1 EACCES (Permission denied) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffffffffffff0} --- +++ killed by SIGSEGV +++ Segmentation fault
This looks like a duplicate of bug 404389, can you check?
Bug 404398 is about /proc/something missing, because a kernel option is missing because of ( grsec || CONFIG_EXPERT ). In this case the /proc/something is there, but is restricted to root because of grsec.
Two typos in two words: bug 404389 was what I meant, of course.
sent upstream