Support for the user namespace in grsecurity kernel

Grsecurity has completely disabled, on purpose, the user namespace code for the kernel.

As the goal of this namespace is to gain (virtualy) root privilegies inside a namespace (in theory, it shouldn’t give more priviledgies than the one you initialy have outside of your namespace), there are some interesting use cases, or, in my case I need to perform some demo in front of my students.

[Read More]

Slow memhog for testing cgroups

Testing the cgroup memory is not something as easy as we can think. It can’t be only question of malloc(100000) in a loop, as the Linux kernel overcommit memory allocation: so even if we get effectively a 100000 bytes long memory space, this doesn’t decrease the physical available memory. To do so, this space need to be changed pages by pages, that can be tedious to do. And quite uncertain, because the kernel can take advantage of the swap partition… [Read More]

Use Gitolite Access Control In Gitweb

Are you using gitolite and gitweb? Two nice and lightweight projects, but perhaps you are tired to manage access control in gitweb?

Here is some simple tricks to use gitolite access list directly into gitweb, automatically.

[Read More]

PGP key

My personal PGP key is the following: 0x842807a84573cc96.

pub   4096R/4573CC96 2014-06-23 [expires: 2022-06-30]
      Key fingerprint = E722 B5B7 3CA7 FA93 5FC1  AA09 8428 07A8 4573 CC96
uid                  Pierre-Olivier Mercier <>
sub   4096R/9D2855C3 2014-06-23 [expires: 2022-06-30]
[Read More]

Linux Kernel Configurations

My favorite distribution is Gentoo, for 7 years now. It allows me to have all the flexibility I need (the perfect world between stability with only legacy packages or recent ones on a constantly broken system; as in Gentoo, you always have choice) and it teaches me so many things each day.

As I’m used to control everything, here is a list of kernels' configurations I use currently.

[Read More]

My private SSH keys managment

I always have a different SSH key pair per machine. The aim is to really never copy my private key from a machine to another over network or USB stick.

[Read More]