# grsec pax kernel TPE

## niceflower

from time to time i need to be able to execute some scripts with my user, however TPE (trusted path execution) and disallow unprivileged code injection modules in the kernel, stops this from happening.

so my personal work around is to disable TPE and disallow unprivileged code injection, but this reduces the functionality of grsec.

how can i remove my user from the TPE group so i can have TPE enabled, and still run code with my user?

----------

## Hu

As I understand it, TPE should not be blocking anything secure.  What exactly are you doing that TPE interferes at all?  What are the ownership and permissions on these problematic scripts?

----------

## toralf

quick & dirty: 

```
sysctl -w kernel.grsecurity.tpe = 0
```

and revert it after your task is done; for a long term solution take a look at these kernel vars: 

```
zgrep TPE /proc/config.gz 

CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100

CONFIG_GRKERNSEC_TPE=y

CONFIG_GRKERNSEC_TPE_ALL=y

# CONFIG_GRKERNSEC_TPE_INVERT is not set

CONFIG_GRKERNSEC_TPE_GID=100

```

----------

