Releases
- 3.1.y
Patched kernels
Includes vanilla kernel with the RSBAC patch
- 3.1.5
Enhanced kernels
Combined patches with RSBAC and PaX, less well tested
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Patch for kernel rsbac-pax 2.6.33.5
The follow source have to download and the patches have to apply like the links are.
Already patched kernel can download for testing here.
At least apply this patch.
diff -Nur linux-rsbac-2.6.33.6/fs/exec.c linux-rsbac-pax-2.6.33.6/fs/exec.c --- linux-rsbac-2.6.33.6/fs/exec.c 2010-07-16 01:17:06.132526934 +0200 +++ linux-rsbac-pax-2.6.33.6/fs/exec.c 2010-07-16 00:54:07.832858346 +0200 @@ -56,11 +56,24 @@ #include <linux/fs_struct.h> #include <linux/pipe_fs_i.h> +#include <linux/random.h> +#include <linux/seq_file.h> + +#ifdef CONFIG_PAX_REFCOUNT +#include <linux/kallsyms.h> +#include <linux/kdebug.h> +#endif + #include <asm/uaccess.h> #include <asm/mmu_context.h> #include <asm/tlb.h> #include "internal.h" +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); +EXPORT_SYMBOL(pax_set_initial_flags_func); +#endif + #include <rsbac/hooks.h> int core_uses_pid; diff -Nur linux-rsbac-2.6.33.6/fs/pipe.c linux-rsbac-pax-2.6.33.6/fs/pipe.c --- linux-rsbac-2.6.33.6/fs/pipe.c 2010-07-16 01:17:06.158570058 +0200 +++ linux-rsbac-pax-2.6.33.6/fs/pipe.c 2010-07-16 00:55:07.335526901 +0200 @@ -776,10 +776,10 @@ mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; - pipe->readers -= decr; - pipe->writers -= decw; - - if (!pipe->readers && !pipe->writers) { + atomic_sub(decr, &pipe->readers); + atomic_sub(decw, &pipe->writers); + + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) { #ifdef CONFIG_RSBAC union rsbac_target_id_t rsbac_target_id; diff -Nur linux-rsbac-2.6.33.6/init/do_mounts.c linux-rsbac-pax-2.6.33.6/init/do_mounts.c --- linux-rsbac-2.6.33.6/init/do_mounts.c 2010-07-16 01:17:06.221533528 +0200 +++ linux-rsbac-pax-2.6.33.6/init/do_mounts.c 2010-07-16 00:56:23.195651971 +0200 @@ -424,8 +424,8 @@ mount_root(); out: devtmpfs_mount("dev"); - sys_mount(".", "/", NULL, MS_MOVE, NULL); - sys_chroot("."); + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL); + sys_chroot((__force char __user *)"."); /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */ #ifdef CONFIG_RSBAC diff -Nur linux-rsbac-2.6.33.6/mm/mprotect.c linux-rsbac-pax-2.6.33.6/mm/mprotect.c --- linux-rsbac-2.6.33.6/mm/mprotect.c 2010-07-16 01:17:06.430558377 +0200 +++ linux-rsbac-pax-2.6.33.6/mm/mprotect.c 2010-07-16 00:57:44.582850363 +0200 @@ -24,10 +24,16 @@ #include <linux/mmu_notifier.h> #include <linux/migrate.h> #include <linux/perf_event.h> + +#ifdef CONFIG_PAX_MPROTECT +#include <linux/elf.h> +#endif + #include <asm/uaccess.h> #include <asm/pgtable.h> #include <asm/cacheflush.h> #include <asm/tlbflush.h> +#include <asm/mmu_context.h> #include <rsbac/hooks.h> #ifndef pgprot_modify