TPE Extension (deprecated)

Navigation:  Kernel Settings >

TPE Extension (deprecated)

Previous pageReturn to chapter overviewNext page

[TPE Extension will removed in the next version of CloudLinux 5.x kernel]

 

CloudLinux 5.x (kernel 2.6.18) has limited support for trusted path execution extension.

CloudLinux 6.x (kernel 2.6.32) and CloudLinux 5.x with hybrid kernel don't have TPE extension

 

TPE (Trusted Path Execution)

 

The kernel supports TPE feature out of the box. You can configure it using following files:

/proc/sys/kernel/grsecurity/grsec_lock
/proc/sys/kernel/grsecurity/tpe
/proc/sys/kernel/grsecurity/tpe_gid
/proc/sys/kernel/grsecurity/tpe_restrict_all

 

To enable TPE feature in a standard way just add following to the end of your /etc/sysctl.conf

 

#GRsecurity
kernel.grsecurity.tpe = 1
kernel.grsecurity.tpe_restrict_all = 1
kernel.grsecurity.grsec_lock = 1

 

And do:

 

# sysctl -p

 

Note: Once you set grsec_lock to 1, you will not be able to change TPE options without reboot.

 

This Trusted Path Execution feature was adopted from grsecurity