grsecurity hardened kernel + docker

Grsecurity might interfere with docker.
After getting hardened kernel up and running there could be errors like permissions are denied etc.

What to do?

Modify GRSecurity options once you do “make menuconfig” when recompiling kernel
I enabled softmode (does not enforce grsecurity PaX on every executable but only on explicitly marked ones).

Enable various PaX features
PaX control
Not sure if it is needed but I wanted to turn it on just in case

Then I dissabled dissable privileged IO (not sure if needed but had some weird errors on some other thing so I though I’ll just disable this)

and I dissabled chroot jail restriction

you can find this options under security-grsecurity when running make menuconfig

then docker stuff started to work not sure if I am going to bump into more non working stuff but for now that solved some things

also you can disable chroot stuff with
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_unix

Leave a Comment