On 05/20/2011 07:11 AM, "Tóth Attila" wrote: > After a week I think I've sorted out nearly all issues about openrc on my > systems. > Bonding was compiled into the kernel. Upon I tried to echo mode 4 > (802.3ad) to set up the lacp, the system said there's no write access to > the mode file. So the bonding interface remained in round-robin mode. That > was disturbing. > > grsec: denied auto-loading kernel module for a network device with > CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-bonding > instead. > > I suspect there was something wrong in the background. > If I take a look at on the error message, I don't know that actually which > process tries to autoload the module. I would check out my policy to > specify CAP_NET_ADMIN also for that binary. For the second part I would be > interested to where I should add netdev-bonding as an alias for openrc or > whatnot? > > I've ended up compiling bonding as a module and the interface is in the > correct mode now after reboot. Loading the module now happens before > locking down the system. > > Regards: > Dw.
Compiling it as a module is the way the devs recommend doing it. I've been compiling it into my kernels, but then I'm stuck with what I get, as you were. I want the round-robin, what's bothering me is the miimon which I can't change from 0 which means no mii mon which is not good. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
