From: Bencsath Boldizsar <boldi@datacontact.hu>
Subject: 2.4.9 etc.
Date: Thu, 23 Aug 2001 15:25:10 +0200 (CEST)
Next Article (by Date): RE: 2.4.9 etc. "Kaladis"
Previous Article (by Date): Re: /etc protection Jesse Pollard
Next in Thread: RE: 2.4.9 etc. "Kaladis"
Articles sorted by: [Date]
[Author]
[Subject]
I tried to finally hack together a stable kernel with 'features', and it seem to be ok. So: Linux kernel 2.4.9 + rsbac 1.1.2pre10 + grsecurity 1.7 + xfs file system + freeswan snapshot + vlan patch Problems while patching: the minimum function (defined in rsbac as a simple macro) has changed to 2.4.9, so vlan,rsbac and freeswan patches do not compile. include/rsbac/types.h has been changed to: #ifndef minimum #define minimum(a,b) (((a)<(b))?(a):(b)) #endif and also every use of min() had to do so... Vlan patch and freeswan doesn't like each other in net/Makefile, both would write subdir-$(CONFIG_VLAN_8021Q) += 8021q and subdir-$(CONFIG_IPSEC) += ipsec to the end.. Rsbac and grsecurity also had about 10 patch problems. (they try to patch the same place). NTFS module doesn't compile -> another problem with min() -> I didn't correct this one. entry.s patch problems occour rsbac<->xfs, both wishes to write some 10s lines to the end of a list. sysctl.h had problems with grsecurity: Another patch tried to attach KERN_NMI_WATCHDOG=52 while gr security also tried to add an enum with this number. Anyhow: The files were successfully patched, the result is at http://db.ebizlab.hit.bme.hu/~boldi/rsbac.html if anyone is interested. (MD5:95919e0a450c161627e87bfb7f4409a1) A small bug: If You try to use PAX buffer overflow protection from grsecurity and rsbac together, the boot process stops after rsbacd initializing() and before INIT process starts. I couldn't figure out the reason... For freeswan I've used the snapshot aug21a, to use it: tar xfvz snapshot cd freeswan... make programs make install (do not run makego-> patching won't go...) cd ../linux ... make bzImage (already patched with ipsec) ... hope this helps someone.. boldi ps. it would be great to find out some way to make patches compatible each other, e.g. if some functions in the original kernel could could contain such lines: //####### this is a place for rsbac patches //####### magic 35252435 //####### magic 334634659439 //####### magic sdf394fwe //####### magic 09348234 //####### magic 3249283423 //####### this is a place for grsec patches //####### magic 3werwerw35 //####### magic 33576456435439 //####### magic sd342342we //####### magic 09334234234 //####### magic 63245234234 The the patches could be inserted belong the 'magic' lines without spoiling other patches... And this wouldn't collapse the main kernel distrib... (You surely know why they don't do things like that but I don't ;-) ) - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): RE: 2.4.9 etc. "Kaladis"
Previous Article (by Date): Re: /etc protection Jesse Pollard
Next in Thread: RE: 2.4.9 etc. "Kaladis"
Articles sorted by: [Date]
[Author]
[Subject]