eycenicks
03-16-2008, 06:02 PM
Hi everyone, I never really write tutorials, but getting vservers and grsecurity to work on FC6 Turned out to be a bit of a **** fight. After countless re-images, i managed to actually get somewhere. Hopefully this post will help people who are interested get to the same stage as where I am.
This is by no means a complete working Vserver tutorial but its a good start.
Its actually not that hard as you can see, but i hope this makes it easy.
Starting up my vserver has all kinds of services not working, but i'm hoping that can be ironed out with a little more time, this is just my opening thread.
I'm using my .bash_history as a reference here.
Start off with your 'Fedora 6 64bit Minimalistic Image' by 1and1.
Remove 1and1's broken annoying yum repository by commenting out everything but the comments, I wish it actually worked tho...
vi /etc/yum.conf
Do a yum list for glibc, because theirs a wierd bug in FC6 where you have to show it first, then install it otherwise it cant find it. (thats what you get with unsupported **** old distro's)
yum list glibc
Install glibc, bison, flex and glibc-devel.
glibc-devel for the Stubs required to build an older version of GCC which we will require later, bison and flex to compile the kernel.
yum install glibc bison flex gcc glibc-devel -y
Update FC6 As much as you can lol...
yum update -y
Install GCC, It will come with a version 4.x something, This is too new to compile the grsecurity/vserver kernel. You will deffinately have problems if you have compiled your grsec+vserver2.6.22.19 kernel with this version of gcc. It will compile, but when you go to initiate a vserver you will get "/etc/rc.d/rc 3" file not found - even though it exists, and all sorts of "file not found" errors. We'll need to use the older version of gcc which we will download but to compile it you need a gcc :)
yum install gcc -y
Make a source directory where we will start gettin the new kernel and other requirements.
cd ~;mkdir src;cd src
Get the kernel version and the grsecurity+vserver patch to match.
wget http://people.linux-vserver.org/~harry/patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.19.tar.gz
Untar what we got and make folders + move patch
tar -xvf linux-2.6.22.19.tar.gz
mv patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff linux-2.6.22.19
mv linux-2.6.22.19 linux-2.6.22.19-grsec-vserver
Patch the kernel
cd linux-2.6.22.19-grsec-vserver
cat patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff | patch -p1
Copy our existing config from boot as a template for the new kernel, This must be placed inside your linux-2.6.22.19-grsec-vserver folder as ".config"
cp /boot/config-`uname -r` .config
lets go back to the src dir and get our older gcc.
cd ~/src/
wget http://gcc.fyxm.net/releases/gcc-3.3.6/gcc-core-3.3.6.tar.gz
tar -xvf gcc-core-3.3.6.tar.gz
Compile it but back up the old gcc (4.x) - i think its /usr/local/bin/gcc but check with `which gcc`.
cd gcc-core.3.3.6.tar.gz
which gcc
cp -p /usr/local/bin/gcc /usr/local/bin/gcc-4.x
./configure
make
make bootstrap
make install
if all goes well, you should have gcc 3.3.6
gcc -v
back to the source dir, then lets compile the new kernel
make menuconfig // make oldconfig
make clean
make bzImage;make modules;make modules_install
cp arch/x86_64/boot/bzImage /boot/vmlinuz-2.6.22.19
ln -s /boot/vmlinuz-2.6.22.19 /boot/vmlinuz.custom
FYI: I have used Security setting "High" with GRSEC, And enabled Sysctl support so i can tweek with settings later, Infact i'd probably go custom if you are familiar, but just make sure you be carefull with the "Chroot Protection" settings. Make sure you dont **** with Mount either, vserver is going to hate you for it.
Edit the lilo.conf to to reflect our new Kernel image.
change to:
default=lxcustom
add new image too in the lilo.conf
image=/boot/vmlinuz.custom
label=lxcustom
optional
in the kernel source directory after you have edited the lilo.conf, do a "make install"
as this will create the .img file in the /boot Directory, You might see a grub error at this sage. Dont worry about that because were using lilo.
make install
Show lilo and do a reboot
lilo -v
shutdown -r now
Phew, once its rebooted, you will be in a grsecurity+vserver kernel.
The version of Gradm you will need to modify the security policy for grsecurity is 2.1.11
obtainable here:
wget http://grsecurity.com/test/gradm-2.1.11-200803132102.tar.gz
Someone please join the fight to get an awesome dedicated box running grsecurity with vservers lol
I'm still fighting with a whole bunch of random errors now like a segmentation fault when attempting to put GRADM into Learning mode and enter a Vserver.
Peace
This is by no means a complete working Vserver tutorial but its a good start.
Its actually not that hard as you can see, but i hope this makes it easy.
Starting up my vserver has all kinds of services not working, but i'm hoping that can be ironed out with a little more time, this is just my opening thread.
I'm using my .bash_history as a reference here.
Start off with your 'Fedora 6 64bit Minimalistic Image' by 1and1.
Remove 1and1's broken annoying yum repository by commenting out everything but the comments, I wish it actually worked tho...
vi /etc/yum.conf
Do a yum list for glibc, because theirs a wierd bug in FC6 where you have to show it first, then install it otherwise it cant find it. (thats what you get with unsupported **** old distro's)
yum list glibc
Install glibc, bison, flex and glibc-devel.
glibc-devel for the Stubs required to build an older version of GCC which we will require later, bison and flex to compile the kernel.
yum install glibc bison flex gcc glibc-devel -y
Update FC6 As much as you can lol...
yum update -y
Install GCC, It will come with a version 4.x something, This is too new to compile the grsecurity/vserver kernel. You will deffinately have problems if you have compiled your grsec+vserver2.6.22.19 kernel with this version of gcc. It will compile, but when you go to initiate a vserver you will get "/etc/rc.d/rc 3" file not found - even though it exists, and all sorts of "file not found" errors. We'll need to use the older version of gcc which we will download but to compile it you need a gcc :)
yum install gcc -y
Make a source directory where we will start gettin the new kernel and other requirements.
cd ~;mkdir src;cd src
Get the kernel version and the grsecurity+vserver patch to match.
wget http://people.linux-vserver.org/~harry/patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.19.tar.gz
Untar what we got and make folders + move patch
tar -xvf linux-2.6.22.19.tar.gz
mv patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff linux-2.6.22.19
mv linux-2.6.22.19 linux-2.6.22.19-grsec-vserver
Patch the kernel
cd linux-2.6.22.19-grsec-vserver
cat patch-2.6.22.19-vs2.2.0.6-grsec2.1.11-20080304.diff | patch -p1
Copy our existing config from boot as a template for the new kernel, This must be placed inside your linux-2.6.22.19-grsec-vserver folder as ".config"
cp /boot/config-`uname -r` .config
lets go back to the src dir and get our older gcc.
cd ~/src/
wget http://gcc.fyxm.net/releases/gcc-3.3.6/gcc-core-3.3.6.tar.gz
tar -xvf gcc-core-3.3.6.tar.gz
Compile it but back up the old gcc (4.x) - i think its /usr/local/bin/gcc but check with `which gcc`.
cd gcc-core.3.3.6.tar.gz
which gcc
cp -p /usr/local/bin/gcc /usr/local/bin/gcc-4.x
./configure
make
make bootstrap
make install
if all goes well, you should have gcc 3.3.6
gcc -v
back to the source dir, then lets compile the new kernel
make menuconfig // make oldconfig
make clean
make bzImage;make modules;make modules_install
cp arch/x86_64/boot/bzImage /boot/vmlinuz-2.6.22.19
ln -s /boot/vmlinuz-2.6.22.19 /boot/vmlinuz.custom
FYI: I have used Security setting "High" with GRSEC, And enabled Sysctl support so i can tweek with settings later, Infact i'd probably go custom if you are familiar, but just make sure you be carefull with the "Chroot Protection" settings. Make sure you dont **** with Mount either, vserver is going to hate you for it.
Edit the lilo.conf to to reflect our new Kernel image.
change to:
default=lxcustom
add new image too in the lilo.conf
image=/boot/vmlinuz.custom
label=lxcustom
optional
in the kernel source directory after you have edited the lilo.conf, do a "make install"
as this will create the .img file in the /boot Directory, You might see a grub error at this sage. Dont worry about that because were using lilo.
make install
Show lilo and do a reboot
lilo -v
shutdown -r now
Phew, once its rebooted, you will be in a grsecurity+vserver kernel.
The version of Gradm you will need to modify the security policy for grsecurity is 2.1.11
obtainable here:
wget http://grsecurity.com/test/gradm-2.1.11-200803132102.tar.gz
Someone please join the fight to get an awesome dedicated box running grsecurity with vservers lol
I'm still fighting with a whole bunch of random errors now like a segmentation fault when attempting to put GRADM into Learning mode and enter a Vserver.
Peace