Grsecurity + PaX on laptop

About 2 weeks ago I decided to install linux-grsec on my laptop, followed the archwiki and boot the kernel. These are several things I experienced:

  1. can’t open palemoon
  2. successfully opened gns3, but Cisco IOS won’t boot.
  3. you need to install virtualbox-host-dkms and starting guest OS makes computer hang.
  4. QEMU got no issue so far.

here’s the output of dmesg that i got: \ grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/dynamips[dynamips:2864] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/gns3server[gns3server:28267] uid/euid:1000/1000 gid/egid:100/100

grsec error

at that time, my solution was recompiling the kernel with CONFIG_PAX_MPROTECT=n . And yes the Cisco IOS on GNS3 booted. But it’s less secure than the default config provided by Archlinux developer.

\ Read Grsecurity and PaX wiki carefully, and here’s the next solution without disabling CONFIG_PAX_MPROTECT and even with kernel.pax.softmode=0 :

# vim /etc/paxd.conf
em /usr/bin/gns3
em /usr/bin/gns3server
em /usr/bin/gns3-converter
em /usr/bin/gns3dms
em /usr/bin/dynamips

To get virtualbox running on grsecurity (read this), you need to disable several config:\ CONFIG_PAX_KERNEXEC\ CONFIG_PAX_RANDKSTACK\ CONFIG_PAX_MEMORY_UDEREF\ CONFIG_GRKERNSEC_HIDESYM