LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-02-2010, 04:48 PM   #1
fmillion
Member
 
Registered: Nov 2006
Posts: 91

Rep: Reputation: 27
Running configure scripts inside chroot on Grsec kernel


Hello,

I seem unable to run any configure scripts (autoconf) inside a Chroot environment on a box with a Grsec kernel. The chroot environment is actually a full Linux LFS installation (which was compiled from the LFS LiveCD, which is not Grsec-enabled). Attempting to run configure produces no output whatsoever, and the process never responds or returns.

Strace output is hard to decipher for me, but it appears that it is looping somehow. (It won't let me attach the compressed bz2 file of the text, as uncompressed for only a 1 minute run it is over 8MB, but compresses down to 65KB, which indicates a lot of repetition.)

Is this a Grsec issue? Is there any resolution short of not using Grsec on the box in question or only compiling applications on other non-Grsec kernel systems? (Some packages I am compiling may need to be aware of Grsec...)

fm
 
Old 12-02-2010, 09:51 PM   #2
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Chroot on grsecurity is locked down pretty tight. if you compile it outside of chroot it should work fine but not inside of chroot on grsecurity.

Quote:
Chroot restrictions

No attaching shared memory outside of chroot
No kill outside of chroot
No ptrace outside of chroot (architecture independent)
No capget outside of chroot
No setpgid outside of chroot
No getpgid outside of chroot
No getsid outside of chroot
No sending of signals by fcntl outside of chroot
No viewing of any process outside of chroot, even if /proc is mounted
No mounting or remounting
No pivot_root
No double chroot
No fchdir out of chroot
Enforced chdir("/") upon chroot
No (f)chmod +s
No mknod
No sysctl writes
No raising of scheduler priority
No connecting to abstract unix domain sockets outside of chroot
Removal of harmful privileges via capabilities
Exec logging within chroot
 
Old 12-03-2010, 10:24 AM   #3
fmillion
Member
 
Registered: Nov 2006
Posts: 91

Original Poster
Rep: Reputation: 27
Ah, therein lies the problem. The problem is that the libc version inside the chroot is different than the one outside, so compiling outside on the host box will not work.

So far I've been successful at just keeping a copy of the chroot somewhere else (a non-grsec box) and using it to compile things there, then using DESTDIR to make a "package" to transfer the compiled files to the chroot. It does seem to be owrking.

So if we're pretty sure this is a Grsec issue, and it's by design, then I guess that's how it is. At least the system works at all LOL.

FM
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot in shell scripts: Ensuring that subsequent commands execute within the chroot Kenny_Strawn Programming 2 05-21-2012 12:25 PM
[SOLVED] LFS + Chroot on Grsec kernel + Apache = fail fmillion Linux - Server 2 12-03-2010 09:49 AM
devfs not mounted (kernel 2.6.24.5-grsec) Marko L Linux - Kernel 0 06-24-2008 02:52 PM
ALSA & kernel with grsec drenal Linux - Software 0 01-26-2004 05:34 PM
grsec+kernel 2.4.23+iptables f1uke Linux - Newbie 0 12-07-2003 12:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration