View previous topic :: View next topic |
Author |
Message |
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Mon Jan 19, 2009 11:11 pm Post subject: /lib/libdl.so.2: invalid ELF Reiser4 ro?[ABANDONED] |
|
|
After finishing a hardened installation selecting the server grsec profile and for PaX, I rebooted and all was smooth up until just after entering runlevel 3.
Code: | /bin/bash: error while loading shared libraries: /lib/libdl.so.2: invalid ELF header PaX |
Similar, errors dropping me to init 1. I have two machines with PaX and GRsec configured on them, however, custom. After analyzing the kernel configs of working machines, I think I've traced down the culprit. The "server" profile on pax enables:
Code: | CONFIG_PAX_NOELFRELOCS=y |
My working machines with custom grsec and pax profiles do not have this item selected. I seem to remember reading quite a bit as to why its just plain easier not to have it enabled.
Now, however, I'm trying to chroot into the installed environment to reconfigure the kernel and receive the same error:
Code: | /bin/bash: error while loading shared libraries: /lib/libdl.so.2: invalid ELF header |
The question is pretty basic. How can I go about reconfigure/recompile the kernel in the installed environment that I cannot chroot into? The PaX kernel option mentioned above may or may not be the answer, but I have to overcome that first hurdle.
Last edited by minor_prophets on Mon Jan 26, 2009 4:05 pm; edited 3 times in total |
|
Back to top |
|
|
ctgmao n00b
Joined: 27 Dec 2007 Posts: 32
|
Posted: Tue Jan 20, 2009 2:28 am Post subject: |
|
|
run
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Tue Jan 20, 2009 3:41 am Post subject: |
|
|
I am not convinced that the kernel option is the cause of your problem. However, if we assume that it is, the easiest solution would be to boot a LiveCD using a non-hardened kernel, which would then let you chroot into the environment to perform repairs. Before you fix it, it would be interesting to dump the ELF headers, and compare them with what you have on a working system. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Tue Jan 20, 2009 2:05 pm Post subject: |
|
|
Hu,
I am booting from a livecd. And I'm still getting this error when trying to
Code: | chroot /mnt/gentoo /bin/bash |
Booting from the SystemRescue CD 1.4. I'm 99% sure the kernel is non-hardened.
BTW, I'm not entirely certain that this PaX option *is* the root of the problem, but, based on the setups of two other machines with PaX and GRsec, there's a good chance. In other words, option =N for the other two machines I've had running for at least a year.
Last edited by minor_prophets on Tue Jan 20, 2009 7:13 pm; edited 3 times in total |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Tue Jan 20, 2009 2:07 pm Post subject: |
|
|
ctgmao,
Can't revdep-rebuild in an environment into which I cannot chroot. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Tue Jan 20, 2009 4:39 pm Post subject: |
|
|
From http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml I don't know if this is the most recent doc version, but its close:
Code: | You will probably also want to merge pax-utils. Often if an ELF has executable relocations in the text segment these can cause problems for us. scanelf -BRylptq |
There is no way to run that without being able to chroot into the environment, I think.
I hate to give up on this fresh install and use the sledgehammer fix.
Any ideas out there on recompiling the kernel without the ability of chrooting into the environment??
Last things I did were install vixie-cron , syslog-ng and reiser4progs. glibc was pulled in as a dependency.
I use hardened-source i686 stage 3. And a hardened make.profile |
|
Back to top |
|
|
DONAHUE Watchman
Joined: 09 Dec 2006 Posts: 7651 Location: Goose Creek SC
|
Posted: Tue Jan 20, 2009 7:25 pm Post subject: |
|
|
is / on a reiser4fs? |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Tue Jan 20, 2009 7:51 pm Post subject: |
|
|
/boot ext2
all other parts on reiser4
So yes.
reiser4 disk detected (4.0.0) or something like that. Immediately after "enter runlevel 3"(IIRC) is when the error loading shared libraries occurs and I am dropped to "unkown.unkowndomain.i686.linux...." A prompt similar to that. I can't seem to run any commands at this level either, though I'll attempt it again later this evening. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Wed Jan 21, 2009 1:36 am Post subject: |
|
|
discovered an error in my installation I believe quite pertinent.
The correct hardened make.profile sym should point to:
Code: | /etc/make.profile -> ../usr/portage/profiles/hardened/linux/x86/2008.0/ |
I had
Code: | /usr/portage/profiles/hardened/x86/2.6/ |
I had changed it from the 1st(which is the default stage3-hardened-i686 profile link) *and* had failed to emerge -e world.
Update-running an emerge binutils gcc virtual/libc && emerge -e world. Should be done by the time I get home. I also recompiled the hardened kernel and changed the CONFIG_PAX_NOELFRELOCS=y to CONFIG_PAX_NOELFRELOCS=n for piece of mind. When I add a backup kernel, I'll change the option back to y and test to see if it produces the ELF shared library problem I refered to earlier. |
|
Back to top |
|
|
nixnut Bodhisattva
Joined: 09 Apr 2004 Posts: 10974 Location: the dutch mountains
|
Posted: Wed Jan 21, 2009 5:46 pm Post subject: |
|
|
Moved from Installing Gentoo to Networking & Security.
Not about getting gentoo installed, so moved here _________________ Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
talk is cheap. supply exceeds demand |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Thu Jan 22, 2009 2:39 am Post subject: |
|
|
well, ss blockers foiled my emerge world. My reboot reproduced the same shared library errors. I was, however, able to chroot back into the environment.
I noticed Code: | eselect profile list | didn't have any profile selected despite my link above to a hardened profile. I've eselected a hardened profile and am emerge -ev world. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Thu Jan 22, 2009 11:58 pm Post subject: |
|
|
No, I'm not sure yet. I get a variant of the following. By this I meant that the below error will occur at different times between various boot scripts. I've seen three variants of its occurrence across a few reboots. All culminating in either the (none) part below or a control-D, neither of which I'm able to run anything seemingly.
Code: |
*Skipping /var and /tmp initialization (ro root?)
...
*Skipping /var/run/utmp initialization (ro root?)
/sbin/runscript: error while loading shared libraries: /lib/libdl.so.2: invalid ELF header
INIT: Entering runlevel: 3 |
then dropped to
Code: |
This is (none).unknown_domain (Linux i686 2.6.25-hardened-r12)
(none) login:root
/sbin/runscript: error while loading shared libraries: /lib/libdl.so.2: invalid ELF header |
All partitions except /boot are reiser4. Booting(and installed) from systemrescue cd. I give you a peek at my fstab and grub.conf in a moment. I've been banging my head on this one now for a few days. Its gotta be some silly oversight somewhere, I'm thinking.
fstab
Code: |
/dev/sda1 /boot ext2 noauto,noatime 1 2
/dev/sda3 / reiser4 noatime,nodiratime,flush,scan_maxnodes=15000 0 1
/dev/sda2 none swap sw 0 0
/dev/sda5 /opt reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda6 /usr reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda7 /usr/portage reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda8 /usr/portage/distfiles reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda9 /var reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda10 /var/tmp reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda11 /tmp reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
/dev/sda12 /home reiser4 noatime,nodiratime,flush,scan_maxnodes=1500 0 0
|
grub.conf
Code: |
default 0
timeout 3
#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
#title Gentoo Linux 2.6.24-r5
#root (hd0,0)
#kernel /boot/kernel-genkernel-x86-2.6.24-gentoo-r5 root=/dev/ram0 real_root=/dev/sda3
#initrd /boot/initramfs-genkernel-x86-2.6.24-gentoo-r5
# vim:ft=conf:
title Gentoo Linux 2.6.25-hardened-r12
root (hd0,0)
kernel /boot/kernel-2.6.25-hardened-r12 root=/dev/sda3
title Gentoo Linux 2.6.25-r12 nohardened
root (hd0,0)
kernel /boot/kernel-2.6.25-hardened-r12-nohardened root=/dev/sda3 |
Code: |
RC_PARALLEL_STARTUP="yes" | -Edit-Tried "no", same end result, though I saw a few of my reiser4 partitions fly by with "wrong fs type" errors.
This is a fresh installation and I've emerge -e world after setting a hardened profile with eselect. I used a stage3 hardened i686. Can't think of what else to tell you all at this point. Ask and I will do my best to provide the info. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Fri Jan 23, 2009 4:53 pm Post subject: |
|
|
Edited my grub.conf to add rw:
Code: | title Gentoo Linux 2.6.25-hardened-r12
root (hd0,0)
kernel /boot/kernel-2.6.25-hardened-r12 root=/dev/sda3 rw |
With the same results. Any tips or pointers would be appreciated at this point. |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Sun Jan 25, 2009 2:54 am Post subject: |
|
|
bttt |
|
Back to top |
|
|
minor_prophets Apprentice
Joined: 07 Oct 2007 Posts: 281
|
Posted: Fri Feb 13, 2009 2:31 am Post subject: |
|
|
Note for those coming across this thread
-Seems the new SystemRescue CD now has full grub support for Reiser4 booting.
Nope. Same issue, different SystemRescueCD, different machine.
The issue was with Code: | ,flush,scan_maxnodes=1500 |
After those were removed from fstab, all was well. |
|
Back to top |
|
|
|