[rsbac] RSBAC+GRSecurity

Павел Петлинский golem13 at mail.ru
Sun Aug 7 01:30:26 CEST 2005 

Hi.
I understand you.
But i think it's bad to apply patch on alredy patched code, because we dont know, how they would be merged.
And so i ask to explane me - what diff file include MAC and other modules, i want just delete them from GRSec patch, and apply it.
Golem.

-----Original Message-----
From: Rumen Yotov <rumen_yotov at dir.bg>
To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
Date: Sat, 06 Aug 2005 21:28:44 +0300
Subject: Re: [rsbac] RSBAC+GRSecurity

> 
> Павел Петлинский wrote:
> 
> >Hi all.
> >I want to use RSBAC with GRSecurity patch.
> >I use RSBAC sources from Gentoo distrib, and try to patch it by GRSecurity patch.
> >But at the end (everytime, when patch ask to apply patch anyway, i say 'no'), i have i kernel config 2 PaX section (Security section), one 
before, 
> >and one after GRSecurity section.
> >Some one can explane - how to patch correctly?
> >Bye, Golem.
> >_______________________________________________
> >rsbac mailing list
> >rsbac at rsbac.org
> >http://www.rsbac.org/mailman/listinfo/rsbac
> >  
> >
> Hi,
> Not much help here but anyway, IMHO latest RSBAC has PaX included, which
> is also true for GRSecurity. But that's not the biggest problem.
> Maybe a bigger one is the fact that both RSBAC&grsec2 have some sort of
> MandatoryAccessControl (MAC) which is common for both (e.g. ACL,sec.
> capabilities etc.). Technically just unpack some vanilla kernel and
> manually apply the patches, then look out for any rejects (patch order
> is also important). See also "man patch".
> Using Gentoo too, here just compile the kernel step by step:
> 1.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3/rX unpack (this
> will only unpack and patch the sources);
> 2.Then go to: /var/tmp/portage/linux-2.6.11-rsbac-r3/work directory and
> apply the patch (GRSEC2) manually, it too has the PaX patch integrated;
> 3.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 install (will
> make 'compile&install' steps) does nothing here as this is just kernel
> source, but the steps must be made in order to be able to make the next one;
> 4.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 qmerge (merge
> step - copy to usr/src/linux dir);
> 5.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 clean (to clean
> the work dir, it's more then 250MB ;)
> Or edit the ebuild and include the grsec patch too (epatch function);
> HTH. Rumen
> 
> ATTACHMENT: application/x-pkcs7-signature ("smime.p7s")
> 
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
> 

Bye, g01Em.

More information about the rsbac mailing list