6,534
edits
Changes
m
minor english fixes →TPE (Trusted Path Execution)
Starting from 2.6.18-028stab047.1 stable kernels OpenVZ kernels support TPE grsecurity feature out of the box.
Which means root user can configure TPE inside VE as usually accessing usual, i.e. via the following /proc files:
* /proc/sys/kernel/grsecurity/grsec_lock
* /proc/sys/kernel/grsecurity/tpe
* /proc/sys/kernel/grsecurity/tpe_restrict_all
To enable TPE feature in a standard way just type:
# echo <GID> > /proc/sys/kernel/grsecurity/tpe_gid
# echo 1 > /proc/sys/kernel/grsecurity/tpe