On 09/03/2011 04:38 PM, "Tóth Attila" wrote: > 2011.Szeptember 3.(Szo) 21:46 időpontban Anthony G. Basile ezt írta: >> It does look like the same issue again. I don't think we really solved >> it, but just found a workaround which you specify above. > > It's definitely back. > >> It turns out that you can compile it static and change mode upon booting >> by echoing values to /sys/class/net/bond0/bonding/mode. I do that on >> two systems running ancient 2.6.34 kernels, but this should work on >> 3.0.x. You can try that. > > The problem is, that if I put some echo lines in the preup phase of the > network setup, it returns with an error message, that the file cannot be > written to. After I could manually do it, it is already up, and the kernel > denies to modify the running interface. > > Additionally these grsec lines can be also seen in the logs.
You would do the echo after networking is up. I do it during local_start() on bootup which is the last script run. > >> However, it bothers me that we don't understand what's going on. You >> can try disabling GRKERNSEC_MODHARDEN and rebooting to see if grsec is >> denying some udev trigger. But modharden should only prevent non-root >> processes from autoloading. I can't test on mine because they are on >> high availability clusters. > > Disabling MODHARDENED would definitely make the grsec messages disappear. > I'll try to figure out what happens regarding reading and writing the bond > mode during boot. Did you test? If that's the case, then we know it must be some non-root process trying to autoload the module and we have narrowed the possibilities. > > Compiling it in the kernel with modified defaults solves all problem, but > it's not a real solution. > > Thanks for your time: > Dw. Correct, its not a solution because we don't now what's going on. It is a workaround in the mean time and it is tested. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
