About 2 weeks ago I decided to install linux-grsec on my laptop, followed the archwiki and boot the kernel. These are several things I experienced:
- can’t open palemoon
- successfully opened gns3, but Cisco IOS won’t boot.
- you need to install virtualbox-host-dkms and starting guest OS makes computer hang.
- QEMU got no issue so far.
here’s the output of dmesg that i got: \
grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/dynamips[dynamips:2864] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/gns3server[gns3server:28267] uid/euid:1000/1000 gid/egid:100/100
at that time, my solution was recompiling the kernel with CONFIG_PAX_MPROTECT=n . And yes the Cisco IOS on GNS3 booted. But it’s less secure than the default config provided by Archlinux developer.
\ Read Grsecurity and PaX wiki carefully, and here’s the next solution without disabling CONFIG_PAX_MPROTECT and even with kernel.pax.softmode=0 :
# vim /etc/paxd.conf #GNS3 em /usr/bin/gns3 em /usr/bin/gns3server em /usr/bin/gns3-converter em /usr/bin/gns3dms em /usr/bin/dynamips
To get virtualbox running on grsecurity (read this), you need to disable several config:\ CONFIG_PAX_KERNEXEC\ CONFIG_PAX_RANDKSTACK\ CONFIG_PAX_MEMORY_UDEREF\ CONFIG_GRKERNSEC_HIDESYM