There is a problem in grsecurity that is preventing the system from booting up, and this problem is here for the past 1 or 2 days. This is not an Arch-specific problem, but a problem in upstream grsecurity that also affects Debian and probably other distros: https://forums.grsecurity.net/viewtopic.php?f=3&t=4277 If you must use linux-grsec on Arch and don't have a backup of an older Kernel that works, you might want to use an older Kernel from the Archive: Code: wget http://ala.seblu.net/repos/2015/10/13/community/os/x86_64/linux-grsec-4.2.3.201510072230-1-x86_64.pkg.tar.xz Code: pacman -U linux-grsec-4.2.3.201510072230-1-x86_64.pkg.tar.xz You can use paxd, checksec, pax-utils, and paxtest from the regular Arch repos. Don't forget to ignore the package linux-grsec in your '/etc/pacman.conf': Code: # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup IgnorePkg = linux-grsec
Thank you, when I tried to setuo linux-grsec + pax on my arch setup a few days ago I was already getting a kernel panic error when booting up, maybe it is because of the issue you just pointed out. How can I find out when grsec will boot again / is fixed ? By checking the package on archlinux.com or is there any other "newsfeed" for it ? @Edit: I get this output/error when updating linux-gresec Code: (13/22) upgrading linux-grsec [----------------------] 100% >>> Updating module dependencies. Please wait ... >>> Generating initial ramdisk, using mkinitcpio. Please wait... ==> Building image from preset: /etc/mkinitcpio.d/linux-grsec.preset: 'default' -> -k /boot/vmlinuz-linux-grsec -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-grsec.img ==> Starting build: 4.2.3.201510191935-1-grsec -> Running build hook: [base] -> Running build hook: [udev] -> Running build hook: [autodetect] -> Running build hook: [modconf] -> Running build hook: [block] -> Running build hook: [filesystems] -> Running build hook: [keyboard] -> Running build hook: [fsck] ==> ERROR: module not found: `bbswitch' ==> Generating module dependencies ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-grsec.img ==> WARNING: errors were encountered during the build. The image may not be complete. ==> Building image from preset: /etc/mkinitcpio.d/linux-grsec.preset: 'fallback' -> -k /boot/vmlinuz-linux-grsec -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-grsec-fallback.img -S autodetect ==> Starting build: 4.2.3.201510191935-1-grsec -> Running build hook: [base] -> Running build hook: [udev] -> Running build hook: [modconf] -> Running build hook: [block] ==> WARNING: Possibly missing firmware for module: aic94xx ==> WARNING: Possibly missing firmware for module: wd719x -> Running build hook: [filesystems] -> Running build hook: [keyboard] -> Running build hook: [fsck] ==> ERROR: module not found: `bbswitch' ==> Generating module dependencies ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-grsec-fallback.img ==> WARNING: errors were encountered during the build. The image may not be complete.
I really don't know when, I haven't tried this new kernel yet. I assume you're getting those errors because you're trying to build the NVIDIA Bumblebee, and you can't do that in grsecurity unless you disable PAX_USERCOPY at compile time.
https://web.archive.org/web/2014082...n-secure-linux-kernel-with-pax-and-grsecurity If I remember correctly, you have to unckeck "Harden heap object copies between kernel and userland" in order to disable PAX_USERCOPY. I don't remember if the NVIDIA drivers need this, but you might want to disable UDEREF too by unchecking "Prevent invalid userland pointer dereference". You could build the grsec kernel that arch uses. Look at the source files, there will be a ".confg" file. In there, edit what you need. Let's get back on topic now.
You shouldn't delete all your package cache in Arch. Keep at least 2 recent versions of the installed packages. Are you aware of the paccache command? Instead of doing # pacman -Sc or -Scc, you should do # pacache -rk2 or -rk3.
I always keep the cache, but I had re-installed the system. It's actually pretty easy to find older versions.
Actually paccache -r is sufficient if you want to keep the last 3 versions as this is the default. However, in order to also delete all cached versions of uninstalled packages you have to re-run paccache with paccache -ruk0.
I've been away from Linux fore a few months and YET AGAIN the same problem is happening. Such a disappointment. Does any one know the lest linux-grsec that works?
This works: http://ala.seblu.net/packages/l/linux-grsec/linux-grsec-4.2.6.201511282239-1-x86_64.pkg.tar.xz Being a cutting edge distribution, these things are part of the deal.