# Grsecurity problem

## leonchik1976

if i set CONFIG_GRKERNSEC_CUSTOM=y the system boots find, but if i set  CONFIG_GRKERNSEC_HARDENED_SERVER=y

the system doens't boot, and gives a lot of error from kernel. 

anyone faced this problem?

----------

## nixnut

Moved from Installing Gentoo to Networking & Security.

Not about getting gentoo installed.

----------

## tgR10

had similar problem like 2 years ago ... don't remember what was the problem exactly, but if i remember corectly the kernel restricted itself to do some stuff ...

try those options, and check if it boots, then try to tune it up for your needs

i'm using "custom security level" since then, never had any problem (exept vmware - but it's a different story)

```
CONFIG_GRKERNSEC=y

CONFIG_GRKERNSEC_CUSTOM=y

CONFIG_GRKERNSEC_PROC_MEMMAP=y

CONFIG_GRKERNSEC_BRUTE=y

CONFIG_GRKERNSEC_HIDESYM=y

CONFIG_GRKERNSEC_ACL_HIDEKERN=y

CONFIG_GRKERNSEC_ACL_MAXTRIES=3

CONFIG_GRKERNSEC_ACL_TIMEOUT=30

CONFIG_GRKERNSEC_PROC=y

CONFIG_GRKERNSEC_PROC_USER=y

CONFIG_GRKERNSEC_PROC_ADD=y

CONFIG_GRKERNSEC_LINK=y

CONFIG_GRKERNSEC_FIFO=y

CONFIG_GRKERNSEC_CHROOT=y

CONFIG_GRKERNSEC_CHROOT_MOUNT=y

CONFIG_GRKERNSEC_CHROOT_DOUBLE=y

CONFIG_GRKERNSEC_CHROOT_PIVOT=y

CONFIG_GRKERNSEC_CHROOT_CHDIR=y

CONFIG_GRKERNSEC_CHROOT_CHMOD=y

CONFIG_GRKERNSEC_CHROOT_FCHDIR=y

CONFIG_GRKERNSEC_CHROOT_MKNOD=y

CONFIG_GRKERNSEC_CHROOT_SHMAT=y

CONFIG_GRKERNSEC_CHROOT_UNIX=y

CONFIG_GRKERNSEC_CHROOT_FINDTASK=y

CONFIG_GRKERNSEC_CHROOT_NICE=y

CONFIG_GRKERNSEC_CHROOT_SYSCTL=y

CONFIG_GRKERNSEC_CHROOT_CAPS=y

CONFIG_GRKERNSEC_AUDIT_GROUP=y

CONFIG_GRKERNSEC_AUDIT_GID=100

CONFIG_GRKERNSEC_AUDIT_MOUNT=y

CONFIG_GRKERNSEC_FORKFAIL=y

CONFIG_GRKERNSEC_PROC_IPADDR=y

CONFIG_GRKERNSEC_EXECVE=y

CONFIG_GRKERNSEC_DMESG=y

CONFIG_GRKERNSEC_TPE=y

CONFIG_GRKERNSEC_TPE_ALL=y

CONFIG_GRKERNSEC_TPE_INVERT=y

CONFIG_GRKERNSEC_TPE_GID=1000

CONFIG_GRKERNSEC_RANDNET=y

CONFIG_GRKERNSEC_BLACKHOLE=y

CONFIG_GRKERNSEC_SOCKET=y

CONFIG_GRKERNSEC_SOCKET_ALL=y

CONFIG_GRKERNSEC_SOCKET_ALL_GID=1111

CONFIG_GRKERNSEC_SOCKET_CLIENT=y

CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1112

CONFIG_GRKERNSEC_SOCKET_SERVER=y

CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1113

CONFIG_GRKERNSEC_SYSCTL=y

CONFIG_GRKERNSEC_SYSCTL_ON=y

CONFIG_GRKERNSEC_FLOODTIME=10

CONFIG_GRKERNSEC_FLOODBURST=4

```

don't forget to set your gid's

----------

## bendeguz

I have issues with pax, so i disabled it from kernel, and I try adding the features one-by-one to see what's causing problems.

----------

