About 2 weeks ago I decided to install linux-grsec on my laptop, followed the archwiki and boot the kernel. These are several things I experienced:
- can’t open palemoon
- successfully opened gns3, but Cisco IOS won’t boot.
- you need to install virtualbox-host-dkms and starting guest OS makes computer hang.
- QEMU got no issue so far.
here’s the output of dmesg that i got:grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/dynamips[dynamips:2864] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/gns3server[gns3server:28267] uid/euid:1000/1000 gid/egid:100/100
at that time, my solution was recompiling the kernel with CONFIG_PAX_MPROTECT=n . And yes the Cisco IOS on GNS3 booted. But it’s less secure than the default config provided by Archlinux developer.
Read Grsecurity and PaX wiki carefully, and here’s the next solution without disabling CONFIG_PAX_MPROTECT and even with kernel.pax.softmode=0 :
# vim /etc/paxd.conf
#GNS3
em /usr/bin/gns3
em /usr/bin/gns3server
em /usr/bin/gns3-converter
em /usr/bin/gns3dms
em /usr/bin/dynamips
To get virtualbox running on grsecurity (read this), you need to disable several config:
CONFIG_PAX_KERNEXEC
CONFIG_PAX_RANDKSTACK
CONFIG_PAX_MEMORY_UDEREF
CONFIG_GRKERNSEC_HIDESYM