[[wiki:experiences/igraltist|Back to igraltist's experiences]] ====== Patch for kernel rsbac-pax 2.6.33.5 ===== The follow source have to download and the patches have to apply like the links are. * [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.5.tar.bz2|linux-kernel]] * [[http://kasten-edv.de/download/rsbac/pre/rsbac-1.4.4-2.6.33.5.diff.bz2|rsbac-patch]] * [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.5-test24.patch|pax-patch]] Already patched kernel can download for testing [[http://kasten-edv.de/download/rsbac/pre|here]]. At least apply this patch. diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c linux-rsbac-pax-2.6.33.5/fs/exec.c --- linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c 2010-06-19 19:07:51.878274060 +0200 +++ linux-rsbac-pax-2.6.33.5/fs/exec.c 2010-06-19 18:09:29.958251588 +0200 @@ -56,11 +56,24 @@ #include #include +#include +#include + +#ifdef CONFIG_PAX_REFCOUNT +#include +#include +#endif + #include #include #include #include "internal.h" +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); +EXPORT_SYMBOL(pax_set_initial_flags_func); +#endif + #include int core_uses_pid; diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c linux-rsbac-pax-2.6.33.5/fs/pipe.c --- linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c 2010-06-19 19:07:57.627376691 +0200 +++ linux-rsbac-pax-2.6.33.5/fs/pipe.c 2010-06-19 18:10:56.358833619 +0200 @@ -776,10 +776,10 @@ mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; - pipe->readers -= decr; - pipe->writers -= decw; + atomic_sub(decr, &pipe->readers); + atomic_sub(decw, &pipe->writers); - if (!pipe->readers && !pipe->writers) { + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) { #ifdef CONFIG_RSBAC union rsbac_target_id_t rsbac_target_id; diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c linux-rsbac-pax-2.6.33.5/init/do_mounts.c --- linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c 2010-06-19 19:08:06.855376578 +0200 +++ linux-rsbac-pax-2.6.33.5/init/do_mounts.c 2010-06-19 18:12:12.449251431 +0200 @@ -424,8 +424,8 @@ mount_root(); out: devtmpfs_mount("dev"); - sys_mount(".", "/", NULL, MS_MOVE, NULL); - sys_chroot("."); + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL); + sys_chroot((__force char __user *)"."); /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */ #ifdef CONFIG_RSBAC diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c linux-rsbac-pax-2.6.33.5/mm/mprotect.c --- linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c 2010-06-19 19:08:18.563250912 +0200 +++ linux-rsbac-pax-2.6.33.5/mm/mprotect.c 2010-06-19 18:13:06.214533380 +0200 @@ -24,10 +24,17 @@ #include #include #include + +#ifdef CONFIG_PAX_MPROTECT +#include +#endif + #include #include #include #include +#include + #include #ifndef pgprot_modify