You are not logged in.
Hi,
I installed the grsec hardened kernel. Why is the classic kernel still installed? I thought, that linux-grsec replaces linux.
local/linux 3.15.8-1 (base)
The Linux kernel and modules
local/linux-api-headers 3.14.1-1
Kernel headers sanitized for use in userspace
local/linux-firmware 20140603.a4f3bc0-1
Firmware files for Linux
local/linux-grsec 3.15.8.201408040708-2
The Linux kernel and modules with grsecurity/PaX patchesthanks
update ok, I did not know, that it is possible to have an arbitrary amount of kernels installed. But it's reasonable, since only the kernel in the bootloader gets loaded. But I need to update the bootloader. Consider the following in the syslinux.cfg
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw
INITRD ../initramfs-linux.img
LABEL arch grsec
MENU LABEL Arch Linux Grsecurity
LINUX ../vmlinuz-linux-grsec
APPEND cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw
INITRD ../initramfs-linux-grsec.imgBooting the linux-grsec kernel results in not finding the /dev/mapper/main-root. The traditional boot works fine. Do you have an idea, what the problem might be?
update the hooks in mkinitcpio
HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard"Last edited by mkind (2014-09-01 15:59:45)
Offline
You might want to rebuild the linux-grsec initramfs with the lvm2 hook.
I can't really think of anything else. I use GRUB as my bootloader and run with UUIDs instead of /dev/mapper addresses, so that might be an idea if Syslinux supports it.
Aside: You might want to change the Topic Title to something a bit closer to your problem.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
UUid does not work either. It says
Waiting 10 seconds for /dev/sda2
Waiting 10 seconds for /dev/disk/by_uuid/....
Error. Did not find /dev/disk/by_uuid/...the same error. And it is built with the corresponding lvm2 hook.
Last edited by mkind (2014-08-12 08:24:34)
Offline
Hmm... That's odd. (goes through forum to see if anyone else has this issue)
Last edited by clfarron4 (2014-08-12 11:46:57)
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
I am having the same problem, though I'm using Gummiboot. My mkinitcpio.conf file has the correct encrypt and lvm2 hooks and the vanilla kernel boots fine. If I boot the Grsecurity kernel, it fails to ask for a password, then complains that it cannot find the root device
Offline
If you're on a Sandy Bridge or later CPU, try passing `nopcid` on the kernel line. The UDEREF feature has a stronger implementation on recent CPUs based on the PCID (per-CPU page tables) feature but it has been broken since 3.14 due to upstream changes. You can also pass `pax_nouderef` to disable it completely although the older implementation you get with `nopcid` should work fine.
The encryption hook you're using may also need a PaX exception. You could try passing `pax_softmode=1` on the kernel line to disable it in early boot. If that's indeed the case, it would be nice to figure out which binary needs an exception marking so it can be dealt with.
Last edited by thestinger (2014-08-14 01:33:57)
Offline
ok. adding 'nopcid' to the kernel line did the trick. thanks!
Offline
Remmember add [SOLVED] to the subject of this thread
Lenovo ThinkPad L420 modified
:: Intel i7 2560QM :: 8 GB RAM :: SSD 256 GB ::
:: DVD read+Writter :: 3 USB 3.0 Expresa Card ::
:: a Favulous 1 mins lasting Io-Li battery ::cry::
Offline