Releases
- 3.1.y
Patched kernels
Includes vanilla kernel with the RSBAC patch
- 3.1.5
Enhanced kernels
Combined patches with RSBAC and PaX, less well tested
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
This patch working on r819.
http://pax.grsecurity.org/test/pax-linux-2.6.32.8-test17.patch
diff -r -u rsbac_2.6.32.8-r819_pax/fs/exec.c rsbac_2.6.32.8-r819/fs/exec.c
--- rsbac_2.6.32.8-r819_pax/fs/exec.c 2010-02-20 17:38:53.634180054 +0100
+++ rsbac_2.6.32.8-r819/fs/exec.c 2010-02-20 17:58:20.359693616 +0100
@@ -57,11 +57,24 @@
#include <linux/fs_struct.h>
#include <linux/pipe_fs_i.h>
+#include <linux/random.h>
+#include <linux/seq_file.h>
+
+#ifdef CONFIG_PAX_REFCOUNT
+#include <linux/kallsyms.h>
+ #include <linux/kdebug.h>
+#endif
+
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
#include <asm/tlb.h>
#include "internal.h"
+#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
+void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
+EXPORT_SYMBOL(pax_set_initial_flags_func);
+#endif
+
#include <rsbac/hooks.h>
int core_uses_pid;
diff -r -u rsbac_2.6.32.8-r819_pax/fs/pipe.c rsbac_2.6.32.8-r819/fs/pipe.c
--- rsbac_2.6.32.8-r819_pax/fs/pipe.c 2010-02-20 17:38:55.449818464 +0100
+++ rsbac_2.6.32.8-r819/fs/pipe.c 2010-02-20 18:00:28.239818658 +0100
@@ -776,10 +776,10 @@
mutex_lock(&inode->i_mutex);
pipe = inode->i_pipe;
- pipe->readers -= decr;
- pipe->writers -= decw;
-
- if (!pipe->readers && !pipe->writers) {
+ atomic_sub(decr, &pipe->readers);
+ atomic_sub(decw, &pipe->writers);
+
+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
#ifdef CONFIG_RSBAC
union rsbac_target_id_t rsbac_target_id;
diff -r -u rsbac_2.6.32.8-r819_pax/init/do_mounts.c rsbac_2.6.32.8-r819/init/do_mounts.c
--- rsbac_2.6.32.8-r819_pax/init/do_mounts.c 2010-02-20 17:39:01.360693955 +0100
+++ rsbac_2.6.32.8-r819/init/do_mounts.c 2010-02-20 18:02:19.932028961 +0100
@@ -424,8 +424,8 @@
mount_root();
out:
devtmpfs_mount("dev");
- sys_mount(".", "/", NULL, MS_MOVE, NULL);
- sys_chroot(".");
+ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
+ sys_chroot((__force char __user *)".");
/* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */
#ifdef CONFIG_RSBAC
diff -r -u rsbac_2.6.32.8-r819_pax/mm/mprotect.c rsbac_2.6.32.8-r819/mm/mprotect.c
--- rsbac_2.6.32.8-r819_pax/mm/mprotect.c 2010-02-20 17:39:06.644701806 +0100
+++ rsbac_2.6.32.8-r819/mm/mprotect.c 2010-02-20 18:04:18.178693599 +0100
@@ -24,10 +24,16 @@
#include <linux/mmu_notifier.h>
#include <linux/migrate.h>
#include <linux/perf_event.h>
+
+#ifdef CONFIG_PAX_MPROTECT
+#include <linux/elf.h>
+#endif
+
#include <asm/uaccess.h>
#include <asm/pgtable.h>
#include <asm/cacheflush.h>
#include <asm/tlbflush.h>
+#include <asm/mmu_context.h>
#include <rsbac/hooks.h>
#ifndef pgprot_modify