[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
monit and grsecurity
From: |
Arkadiusz Miskiewicz |
Subject: |
monit and grsecurity |
Date: |
Mon, 8 Sep 2003 18:15:17 +0200 |
User-agent: |
KMail/1.5.3 |
Monit disables some very usefull checkings when /proc/kcore is not available.
/proc/kcore is not available on:
- 2.4 with grsecurity
+CONFIG_GRKERNSEC_HIDESYM
...
+ 3) You have the additional /proc restrictions enabled, which removes
+ /proc/kcore
- 2.6 on some architectures like ARM
http://lwn.net/Articles/46158/
After reviewing the /proc/kcore and kclist issues, I've decided that
I'm no longer prepared to even _think_ about supporting /proc/kcore on ARM -
it just gets too ugly, and adds too much code to make it worth the effort,
the time or the energy to implement a solution to that problem.
/proc/kcore should probably go away, but in the meantime this just
allows ARM to ignore the issues.
Linus also suggested to remove /proc/kcore in 2.6.
I suggest adding /proc/meminfo parsing (from ie. procps) to check how many ram
we have instead of stating /proc/kcore before 4.0 release (which I'm willing
to test btw).
Thanks!
--
Arkadiusz MiĆkiewicz CS at FoE, Wroclaw University of Technology
arekm.pld-linux.org AM2-6BONE, 1024/3DB19BBD, arekm(at)ircnet, PLD/Linux
- monit and grsecurity,
Arkadiusz Miskiewicz <=