You are not logged in.
- Topics: Active | Unanswered
#1 2016-08-21 11:21:06
- Observer
- Member
- Registered: 2016-03-01
- Posts: 16
grsecurity denial in docker container: Ways to solve?
Hi,
at my home server I used the linux-grsec kernel. Without any problems so far. Today there was the first problem:
I want to use the plex media server on my home server but not directly installed. I want use the plex docker container from "linuxserver.io". The start up of the container failed:
Aug 20 20:08:17 kernel: grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7 by /usr/lib/plexmediaserver/Plex Media Server[Plex Media Serv:4586] uid/euid:1000/1000 gid/egid:995/995, parent /usr/sbin/start_pms[start_pms:4566] uid/euid:1000/1000 gid/egid:995/995
Aug 20 20:08:17 kernel: grsec: denied RWX mprotect of <stack> by /usr/lib/plexmediaserver/Plex Media Server[Plex Media Serv:4586] uid/euid:1000/1000 gid/egid:995/995, parent /usr/sbin/start_pms[start_pms:4566] uid/euid:1000/1000 gid/egid:995/995I'm not so fit with grsecurity, so I started a search with google. Perhaps the best solution would be PaX exceptions but the problematic file is not accessible for setfattr:
# setfattr -n user.pax.flags -v "emr" /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7
setfattr: /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7: No such file or directoryIt should be clear, because the file exists only in the container.
Currently I'm without any ideas and I hope you can give me a little hint. That would be nice 
Offline