Fuxino, did you eventually manage to get VirtualBox guest to work in grsecurity-host system?
Nope, and eventually I switched to qemu/kvm, since it worked without much trouble.
Have you seen this article and this thread and tried the suggestions?
https://www.proteansec.com/linux/runnin … ed-gentoo/
https://bbs.archlinux.org/viewtopic.php?id=197795
Thanks for the suggestion, if I decide to try again with VirtualBox I'll try those suggestions, and maybe someone else will find them useful anyway
]]>Have you seen this article and this thread and tried the suggestions?
https://www.proteansec.com/linux/runnin … ed-gentoo/
https://bbs.archlinux.org/viewtopic.php?id=197795
I have installed QEMU/KVM + libvirt.
This config working with Grsecurity+PAX without any issuesI'm using WinXP, Windows 7 on QEMU/KVM.
PS: goodbye virtualbox...
Grsecurity support advises to use KVM too.
I will try it.
Still, I'd like to be able to run VMs using VirtualBox with grsecurity, since I'm used to it and it works quite well for me with a vanilla kernel.
]]>I'm using WinXP, Windows 7 on QEMU/KVM.
PS: goodbye virtualbox...
Grsecurity support advises to use KVM too.
EDIT
Here's the VBox.log: https://gist.github.com/ab83ec8dea4409306150
Hi guys.
I have compiled a custom kernel with the latest grsecurity patch (for linux-4.2.3). Everything works fine except that I'm unable to run a virtual machine using VirtualBox. As soon as I try to start the VM, the system hangs completely. In the kernel configuration I have selected the CONFIG_GRKERNSEC_CONFIG_VIRT_HOST and CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX options. I also compiled VirtualBox modules with dkms.
This is what I find in the journal:
Oct 10 23:23:08 fux-laptop kernel: SUPR0GipMap: fGetGipCpu=0x3 Oct 10 23:23:13 fux-laptop kernel: vboxdrv: ffffffffc0822020 VMMR0.r0 Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09c0020 VBoxDDR0.r0 Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09df020 VBoxDD2R0.r0 Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09e3020 VBoxEhciR0.r0 Oct 10 23:23:16 fux-laptop kernel: PAX: please report this to pageexec@freemail.hu Oct 10 23:23:16 fux-laptop kernel: BUG: unable to handle kernel paging request at 000003c420f87560 Oct 10 23:23:16 fux-laptop kernel: IP: [<ffffffffc084785e>] 0xffffffffc084785e Oct 10 23:23:16 fux-laptop kernel: PGD 92a14000 Oct 10 23:23:16 fux-laptop kernel: Oops: 0000 [#1] SMP Oct 10 23:23:16 fux-laptop kernel: Modules linked in: pci_stub vboxpci(O) vboxnetflt(O) vboxnetadp(O) vboxdrv(O) ctr ccm msr ipt_REJECT nf_reject _ipv Oct 10 23:23:16 fux-laptop kernel: gf128mul algif_skcipher af_alg dm_crypt dm_mod sd_mod atkbd libps2 ahci libahci ohci_pci libata ehci_pci ohci _hcd Oct 10 23:23:16 fux-laptop kernel: CPU: 0 PID: 24389 Comm: EMT-0 Tainted: G O 4.2.3-grsec-cm #1 Oct 10 23:23:16 fux-laptop kernel: Hardware name: Acer AO722/JE10-BZ, BIOS V1.08 12/06/2011 Oct 10 23:23:16 fux-laptop kernel: task: ffff88003624b840 ti: ffff88003624b858 task.ti: ffff88003624b858 Oct 10 23:23:16 fux-laptop kernel: RIP: 0010:[<ffffffffc084785e>] [<ffffffffc084785e>] 0xffffffffc084785e Oct 10 23:23:16 fux-laptop kernel: RSP: 0018:ffffc90003503b48 EFLAGS: 00010206 Oct 10 23:23:16 fux-laptop kernel: RAX: 000003c420f87560 RBX: ffffc900035b9000 RCX: ffffc90003503b67 Oct 10 23:23:16 fux-laptop kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012 Oct 10 23:23:16 fux-laptop kernel: RBP: ffffc90003503b48 R08: 0000000000000000 R09: 0000000000000025 Oct 10 23:23:16 fux-laptop kernel: R10: 000003c420f87320 R11: 0000000000000025 R12: 000000000000000e Oct 10 23:23:16 fux-laptop kernel: R13: 0000000000000000 R14: 00000000beef0000 R15: beef00000001927d Oct 10 23:23:16 fux-laptop kernel: FS: 000003c440fc4700(0000) GS:ffff88010ec00000(0000) knlGS:0000000000000000 Oct 10 23:23:16 fux-laptop kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Oct 10 23:23:16 fux-laptop kernel: CR2: 000003c420f87560 CR3: 0000000038579000 CR4: 00000000000006f0 Oct 10 23:23:16 fux-laptop kernel: Stack: Oct 10 23:23:16 fux-laptop kernel: ffffc90003503b78 ffffffffc082267a ffff880092944858 ffffc900035b9000 Oct 10 23:23:16 fux-laptop kernel: 000000000000000e ffffc900035b9000 ffffc90003503bd8 ffffffffc0845605 Oct 10 23:23:16 fux-laptop kernel: 00000000ffff4111 ffff8800928ba030 ffffffffffff4111 ffffffffffff4111 Oct 10 23:23:16 fux-laptop kernel: Call Trace: Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc07c1035>] ? supdrvIOCtl+0xdb4/0x2ce6 [vboxdrv] Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc07bc608>] ? VBoxDrvLinuxIOCtl_5_0_6+0x171/0x204 [vboxdrv] Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f03eb>] ? vfs_ioctl+0x46/0x5a Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f0f96>] ? do_vfs_ioctl+0x486/0x7ca Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc0305687>] ? soundcore_open+0xae/0x1ca [soundcore] Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f1337>] ? SyS_ioctl+0x5d/0x88 Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb8569f29>] ? entry_SYSCALL_64_fastpath+0x12/0x83 Oct 10 23:23:16 fux-laptop kernel: Code: 00 4c 8b 97 f8 03 00 00 45 89 d9 45 31 c0 0f 1f 80 00 00 00 00 44 89 cf 44 29 c7 d1 ef 42 8d 04 07 48 89 c7 Oct 10 23:23:16 fux-laptop kernel: RIP [<ffffffffc084785e>] 0xffffffffc084785e Oct 10 23:23:17 fux-laptop kernel: RSP <ffffc90003503b48> Oct 10 23:23:17 fux-laptop kernel: CR2: 000003c420f87560 Oct 10 23:23:17 fux-laptop kernel: ---[ end trace f6badec44ba62dd9 ]--- Oct 10 23:23:17 fux-laptop kernel: grsec: banning user with uid 1000 until system restart for suspicious kernel crash
Is this just a bug or is there something else I should do to make it work? I'd like at least to understand what's going on. Any help is appreciated.
I think this problem because of this: https://bugs.archlinux.org/task/46633
With linux-grsec-4.2.3 i have one more problem.
After mount and unmount USB physically - all system freezes!!!
Only restart button help (((
I tested it with 2 different systems: one with intel, other with amd processors.
PS: now i downgraded my kernel to "sudo pacman -U linux-grsec-4.1.7.201509201149-1-x86_64.pkg.tar.xz"
and system doesn't freeze after unmounting USB FLASH.
Virtualbox i will test later...
libkmod: kmod_module_new_from_loaded: could not open /proc/modules: Permission denied
Error: could not get list of modules: Permission denied
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.2.3.201510072230-1-grsec) or it failed to
load. Please recompile the kernel module and install it by
sudo /sbin/rcvboxdrv setup
You will not be able to start VMs until this problem is fixed.
Qt WARNING: libpng warning: iCCP: known incorrect sRGB profile
окт 11 19:43:33 hosthome kernel: capability: warning: `VirtualBox' uses 32-bit capabilities (legacy support in use)
окт 11 19:44:49 hosthome kernel: SUPR0GipMap: fGetGipCpu=0x3
окт 11 19:44:50 hosthome kernel: vboxdrv: ffffffffc0ae7020 VMMR0.r0
окт 11 19:44:50 hosthome kernel: vboxdrv: ffffffffc0a74020 VBoxDDR0.r0
окт 11 19:44:50 hosthome kernel: vboxdrv: ffffffffc0a93020 VBoxDD2R0.r0
окт 11 19:44:52 hosthome kernel: BUG: unable to handle kernel paging request at 000003b97e1779c0
окт 11 19:44:52 hosthome kernel: IP: [<ffffffffc0b0c85e>] 0xffffffffc0b0c85e
окт 11 19:44:52 hosthome kernel: PGD 0
окт 11 19:44:52 hosthome kernel: Oops: 0000 [#1] PREEMPT SMP
окт 11 19:44:52 hosthome kernel: Modules linked in: pci_stub vboxpci(O) vboxnetflt(O) vboxnetadp(O) hmac drbg ansi_cprng ctr ccm ath3k btusb btrtl btbcm btintel bluetooth uvcvideo videobuf2_
окт 11 19:44:52 hosthome kernel: snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore ac mei_me mei sch_fq_codel vboxdrv(O) ip_tables x_tables ext4 crc16 mbcache jbd2 hid_generic usbhid h
окт 11 19:44:52 hosthome kernel: CPU: 0 PID: 2009 Comm: EMT Tainted: G U O 4.2.3.201510072230-1-grsec #1
окт 11 19:44:52 hosthome kernel: Hardware name: Acer Aspire V3-771/VA70_HC, BIOS V2.28 10/21/2013
окт 11 19:44:52 hosthome kernel: task: ffff8801c928b5c0 ti: ffff8801c928bf80 task.ti: ffff8801c928bf80
окт 11 19:44:52 hosthome kernel: RIP: 0010:[<ffffffffc0b0c85e>] [<ffffffffc0b0c85e>] 0xffffffffc0b0c85e
окт 11 19:44:52 hosthome kernel: RSP: 0018:ffffc900043bbb68 EFLAGS: 00010206
окт 11 19:44:52 hosthome kernel: RAX: 000003b97e1779c0 RBX: ffffc9000453c000 RCX: ffffc900043bbb87
окт 11 19:44:52 hosthome kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000013
окт 11 19:44:52 hosthome kernel: RBP: ffffc900043bbb68 R08: 0000000000000000 R09: 0000000000000026
окт 11 19:44:52 hosthome kernel: R10: 000003b97e177760 R11: 0000000000000026 R12: 000000000000000e
окт 11 19:44:52 hosthome kernel: R13: 0000000000000000 R14: 00000000beef0000 R15: beef00000001927d
окт 11 19:44:52 hosthome kernel: FS: 000003b97fb98700(0000) GS:ffff8801df200000(0000) knlGS:0000000000000000
окт 11 19:44:52 hosthome kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
окт 11 19:44:52 hosthome kernel: CR2: 000003b97e1779c0 CR3: 000000002e60d000 CR4: 00000000001606f0
окт 11 19:44:52 hosthome kernel: Stack:
окт 11 19:44:52 hosthome kernel: ffffc900043bbb98 ffffffffc0ae767a ffff8801c7283880 ffffc9000453c000
окт 11 19:44:52 hosthome kernel: 000000000000000e ffffc9000453c000 ffffc900043bbbf8 ffffffffc0b0a605
окт 11 19:44:52 hosthome kernel: 00000000ffff4111 ffff8801d2f44858 ffffffffffff4111 ffffffffffff4111
окт 11 19:44:52 hosthome kernel: Call Trace:
окт 11 19:44:52 hosthome kernel: [<ffffffffae1ecefa>] ? __check_object_size.part.12+0x3a/0x1d0
окт 11 19:44:52 hosthome kernel: [<ffffffffc042d315>] ? supdrvIOCtl+0x18c5/0x33a0 [vboxdrv]
окт 11 19:44:52 hosthome kernel: [<ffffffffae318d16>] ? copy_user_enhanced_fast_string+0x16/0x20
окт 11 19:44:52 hosthome kernel: [<ffffffffc0427719>] ? VBoxDrvLinuxIOCtl_5_0_6+0x159/0x260 [vboxdrv]
окт 11 19:44:52 hosthome kernel: [<ffffffffae1fa9b7>] ? do_vfs_ioctl+0x5c7/0x8a0
окт 11 19:44:52 hosthome kernel: [<ffffffffae206e2e>] ? __fget+0x7e/0xa0
окт 11 19:44:52 hosthome kernel: [<ffffffffae1fad12>] ? SyS_ioctl+0x82/0x90
окт 11 19:44:52 hosthome kernel: [<ffffffffae5fcbb0>] ? entry_SYSCALL_64_fastpath+0x12/0x8a
окт 11 19:44:52 hosthome kernel: Code: 00 4c 8b 97 f8 03 00 00 45 89 d9 45 31 c0 0f 1f 80 00 00 00 00 44 89 cf 44 29 c7 d1 ef 42 8d 04 07 48 89 c7 48 c1 e0 05 4c 01 d0 <39> 30 76 0e 41 39 f8
окт 11 19:44:52 hosthome kernel: RIP [<ffffffffc0b0c85e>] 0xffffffffc0b0c85e
окт 11 19:44:52 hosthome kernel: RSP <ffffc900043bbb68>
окт 11 19:44:52 hosthome kernel: CR2: 000003b97e1779c0
окт 11 19:44:52 hosthome kernel: ---[ end trace fddc04a231b5488c ]---
окт 11 19:44:52 hosthome kernel: grsec: banning user with uid 1000 until system restart for suspicious kernel crash
окт 11 19:44:52 hosthome polkitd[747]: Unregistered Authentication Agent for unix-session:c2 (system bus name :1.14, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale ru_RU.utf8)
окт 11 19:44:52 hosthome systemd-logind[469]: Removed session c2.
окт 11 19:44:52 hosthome systemd[1]: Stopped User Manager for UID 1000.
окт 11 19:44:52 hosthome systemd[1]: Removed slice user-1000.slice.
окт 11 19:44:52 hosthome systemd-logind[469]: Failed to remove runtime directory /run/user/1000: Permission denied
окт 11 19:44:52 hosthome lightdm[481]: ** (lightdm:481): CRITICAL **: session_get_login1_session_id: assertion 'session != NULL' failed
окт 11 19:45:11 hosthome systemd-logind[469]: Power key pressed.
окт 11 19:45:11 hosthome systemd-logind[469]: Powering Off...
окт 11 19:45:11 hosthome systemd-logind[469]: System is powering down.
окт 11 19:45:12 hosthome systemd[1]: Starting Store Sound Card State...
-- Reboot --
I have compiled a custom kernel with the latest grsecurity patch (for linux-4.2.3). Everything works fine except that I'm unable to run a virtual machine using VirtualBox. As soon as I try to start the VM, the system hangs completely. In the kernel configuration I have selected the CONFIG_GRKERNSEC_CONFIG_VIRT_HOST and CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX options. I also compiled VirtualBox modules with dkms.
This is what I find in the journal:
Oct 10 23:23:08 fux-laptop kernel: SUPR0GipMap: fGetGipCpu=0x3
Oct 10 23:23:13 fux-laptop kernel: vboxdrv: ffffffffc0822020 VMMR0.r0
Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09c0020 VBoxDDR0.r0
Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09df020 VBoxDD2R0.r0
Oct 10 23:23:15 fux-laptop kernel: vboxdrv: ffffffffc09e3020 VBoxEhciR0.r0
Oct 10 23:23:16 fux-laptop kernel: PAX: please report this to pageexec@freemail.hu
Oct 10 23:23:16 fux-laptop kernel: BUG: unable to handle kernel paging request at 000003c420f87560
Oct 10 23:23:16 fux-laptop kernel: IP: [<ffffffffc084785e>] 0xffffffffc084785e
Oct 10 23:23:16 fux-laptop kernel: PGD 92a14000
Oct 10 23:23:16 fux-laptop kernel: Oops: 0000 [#1] SMP
Oct 10 23:23:16 fux-laptop kernel: Modules linked in: pci_stub vboxpci(O) vboxnetflt(O) vboxnetadp(O) vboxdrv(O) ctr ccm msr ipt_REJECT nf_reject _ipv
Oct 10 23:23:16 fux-laptop kernel: gf128mul algif_skcipher af_alg dm_crypt dm_mod sd_mod atkbd libps2 ahci libahci ohci_pci libata ehci_pci ohci _hcd
Oct 10 23:23:16 fux-laptop kernel: CPU: 0 PID: 24389 Comm: EMT-0 Tainted: G O 4.2.3-grsec-cm #1
Oct 10 23:23:16 fux-laptop kernel: Hardware name: Acer AO722/JE10-BZ, BIOS V1.08 12/06/2011
Oct 10 23:23:16 fux-laptop kernel: task: ffff88003624b840 ti: ffff88003624b858 task.ti: ffff88003624b858
Oct 10 23:23:16 fux-laptop kernel: RIP: 0010:[<ffffffffc084785e>] [<ffffffffc084785e>] 0xffffffffc084785e
Oct 10 23:23:16 fux-laptop kernel: RSP: 0018:ffffc90003503b48 EFLAGS: 00010206
Oct 10 23:23:16 fux-laptop kernel: RAX: 000003c420f87560 RBX: ffffc900035b9000 RCX: ffffc90003503b67
Oct 10 23:23:16 fux-laptop kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012
Oct 10 23:23:16 fux-laptop kernel: RBP: ffffc90003503b48 R08: 0000000000000000 R09: 0000000000000025
Oct 10 23:23:16 fux-laptop kernel: R10: 000003c420f87320 R11: 0000000000000025 R12: 000000000000000e
Oct 10 23:23:16 fux-laptop kernel: R13: 0000000000000000 R14: 00000000beef0000 R15: beef00000001927d
Oct 10 23:23:16 fux-laptop kernel: FS: 000003c440fc4700(0000) GS:ffff88010ec00000(0000) knlGS:0000000000000000
Oct 10 23:23:16 fux-laptop kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 10 23:23:16 fux-laptop kernel: CR2: 000003c420f87560 CR3: 0000000038579000 CR4: 00000000000006f0
Oct 10 23:23:16 fux-laptop kernel: Stack:
Oct 10 23:23:16 fux-laptop kernel: ffffc90003503b78 ffffffffc082267a ffff880092944858 ffffc900035b9000
Oct 10 23:23:16 fux-laptop kernel: 000000000000000e ffffc900035b9000 ffffc90003503bd8 ffffffffc0845605
Oct 10 23:23:16 fux-laptop kernel: 00000000ffff4111 ffff8800928ba030 ffffffffffff4111 ffffffffffff4111
Oct 10 23:23:16 fux-laptop kernel: Call Trace:
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc07c1035>] ? supdrvIOCtl+0xdb4/0x2ce6 [vboxdrv]
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc07bc608>] ? VBoxDrvLinuxIOCtl_5_0_6+0x171/0x204 [vboxdrv]
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f03eb>] ? vfs_ioctl+0x46/0x5a
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f0f96>] ? do_vfs_ioctl+0x486/0x7ca
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffc0305687>] ? soundcore_open+0xae/0x1ca [soundcore]
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb81f1337>] ? SyS_ioctl+0x5d/0x88
Oct 10 23:23:16 fux-laptop kernel: [<ffffffffb8569f29>] ? entry_SYSCALL_64_fastpath+0x12/0x83
Oct 10 23:23:16 fux-laptop kernel: Code: 00 4c 8b 97 f8 03 00 00 45 89 d9 45 31 c0 0f 1f 80 00 00 00 00 44 89 cf 44 29 c7 d1 ef 42 8d 04 07 48 89 c7
Oct 10 23:23:16 fux-laptop kernel: RIP [<ffffffffc084785e>] 0xffffffffc084785e
Oct 10 23:23:17 fux-laptop kernel: RSP <ffffc90003503b48>
Oct 10 23:23:17 fux-laptop kernel: CR2: 000003c420f87560
Oct 10 23:23:17 fux-laptop kernel: ---[ end trace f6badec44ba62dd9 ]---
Oct 10 23:23:17 fux-laptop kernel: grsec: banning user with uid 1000 until system restart for suspicious kernel crash
Is this just a bug or is there something else I should do to make it work? I'd like at least to understand what's going on. Any help is appreciated.
]]>