2.4.13 +rsbac grsec et al (fwd)


From: root <root@compuniverse.de>
Subject: 2.4.13 +rsbac grsec et al (fwd)
Date: Thu, 8 Nov 2001 15:23:09 +0100 (MET)

Next Article (by Author): From Argentina we want contact scaravaglione@arnet.com.ar
Previous Article (by Author): kernel hang242 root
Articles sorted by: [Date] [Author] [Subject]


---------- Forwarded message ----------
Date: Wed, 7 Nov 2001 23:33:17 +0100 (CET)
From: Bencsath Boldizsar <boldi@datacontact.hu>
To: rsbac@rsbac.org
Subject: 2.4.13 +rsbac grsec et al (fwd)


I've uploaded a patched 2.4.13 kernel to
http://boldi.hu/programs/rsbac/
( http://boldi.hu/programs/rsbac/linux-2413-fevxg.tar.gz )

It contains Linux 2.4.13, Rsbac 1.1.2 patch, Grsecurity patch, Vlan patch,
Ext3 patch, XFS patch, freeswan november X snapshot patch

On my notebook, it is workable, but nobody nows..

Problems through the patching:
Of course the problems, that both rsbac and grsecurity tries to patch the
same places in exec.c, open.c etc. should be handled manually. The
syscalls
in entry also. (I just hope it's ok ;-) ) Now a weird problem was with xfs
-
ext3 . both tries to export some symbols like create_??... set_buf?? (i
don't remember) (pagebuffer things). So I had to make a remark from some
exports in another file. I don't know if both xfs and ext3 workable at the
same time.

Grsecurity:
At some releases before (for 2.4.9) it seemed that grsecurity makes system
crash at startup if the kernel is SMP and you use Random PIDS.
Also, PAX and rsbac were incompatible. Another thing is that my fujistu
E-6624 dies from acpi (of course from apm -s too ;-) ), but this can be
from
many many other things...

RSBAC 1.1.2 seems to be pretty stable, a half year ago it was very
unstable
from my viewpoint, but now it is good enough to use it on every system, I
think, it the kernel maintainers want it too ;-) Take care of the freeswan
patch, if You enable it and install it with default settings, your net can
be unworkable (ipsec setup --stop helps...)!

boldi






-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): From Argentina we want contact scaravaglione@arnet.com.ar
Previous Article (by Author): kernel hang242 root
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.