Changes
added link to TPE description
== TPE (Trusted Path Execution) ==
Starting from 2.6.18-028stab047.1 stable kernels OpenVZ kernels support TPE [http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Trusted_Path_Execution_.28TPE.29] grsecurity feature out of the box.Which means root user can configure TPE inside VE as usually accessing usual, i.e. via the following /proc files:
* /proc/sys/kernel/grsecurity/grsec_lock
* /proc/sys/kernel/grsecurity/tpe
* /proc/sys/kernel/grsecurity/tpe_restrict_all
To enable TPE feature in a standard way just type:
# echo <GID> > /proc/sys/kernel/grsecurity/tpe_gid
# echo 1 > /proc/sys/kernel/grsecurity/tpe
' lock grsecurity settings
# echo 1 > /proc/sys/kernel/grsecurity/grsec_lock
== Links ==
* http://www.grsecurity.net/
[[Category: Kernel]]
[[Category: HOWTO]]