[rsbac] RSBAC build problem on linux-4.9.y-c3fbb3a
Amon Ott
ao at rsbac.org
Tue May 16 08:57:28 CEST 2017
Am 15.05.2017 um 21:44 schrieb HacKurx:
> Despite its selection in the kernel the mprotect option does not work
> (tested with paxtest and firefox execution). This is not active by
> default? Should I force the option with a kernel parameters?
> Did I miss something in the documentation?
mprotect must be active by default and it has been working fine in hard
server use for months now.
You can use rsbac_debug_mprotect kernel parameter to get debug output
for mprotect. To enable debug as user 400 at runtime (disable with 0):
echo debug_mprotect 1 >/proc/rsbac-info/debug
In /proc/rsbac-info/active, MPROTECT must be shown as "on". But the
debugging will give you a lot of information about what happens.
> Many questions sorry, I discover RSBAC :)
You are welcome - this list is for asking questions.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list