On Wednesday 08 February 2006 18:30, TB wrote:
> #
> # Filesystem Protections
> #
> CONFIG_GRKERNSEC_PROC=y
> CONFIG_GRKERNSEC_PROC_USER=y
> CONFIG_GRKERNSEC_PROC_ADD=y
> CONFIG_GRKERNSEC_LINK=y
> CONFIG_GRKERNSEC_FIFO=y
> CONFIG_GRKERNSEC_CHROOT=y
> CONFIG_GRKERNSEC_CHROOT_MOUNT=y
> # CONFIG_GRKERNSEC_CHROOT_DOUBLE is not set
> CONFIG_GRKERNSEC_CHROOT_PIVOT=y
> CONFIG_GRKERNSEC_CHROOT_CHDIR=y
> # CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
> CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
> CONFIG_GRKERNSEC_CHROOT_MKNOD=y
> CONFIG_GRKERNSEC_CHROOT_SHMAT=y
> CONFIG_GRKERNSEC_CHROOT_UNIX=y
> CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
> CONFIG_GRKERNSEC_CHROOT_NICE=y
> CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
> # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
Take a closer look at those CHROOT CONFIG's and have again a look at your
error message and you'll see it (in case you don't see it, its
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
that should be
# CONFIG_GRKERNSEC_CHROOT_MOUNT is not set
> Feb 8 17:57:05 MYHOSTNAME kernel: grsec: From MYIPADDRESS: denied mount
> of proc as /var/lib/vservers/vhost0/proc from chroot by
> /var/lib/vservers/vhost0/bin/mount[mount:28032] uid/euid:0/0 gid/egid:0/0,
> parent /var/tmp/debootstrap.mVlEp8/usr/sbin/debootstrap[debootstrap:18704]
> uid/euid:0/0 gid/egid:0/0
-- Christian Heim <phreak@gentoo.org> Gentoo Linux Developer - vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver