Releases

Current version
Git/Latestdiff: 1.5.5

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

@@ Line 1: / Line 1: @@
+[[wiki:experiences/igraltist|Back to igraltist's experiences]]
+====== Patch for kernel rsbac-pax 2.6.33.3 =====
+The follow source have to download and the patches have to apply like the links are.
+  * [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.3.tar.bz2|linux-kernel]]
+  * [[http://download.rsbac.org/pre/rsbac-1.4.4-2.6.33.3.diff.bz2|rsbac-patch]]
+  * [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.3-test18.patch|pax-patch]]
+At least apply this patch.
+<code bash>
+diff -uNrp rsbac-2.6.33-prepar-pax/fs/exec.c rsbac-pax-2.6.33/fs/exec.c
+--- rsbac-2.6.33-prepar-pax/fs/exec.c	2010-05-07 15:14:48.514606394 +0200
++++ rsbac-pax-2.6.33/fs/exec.c	2010-05-07 15:00:43.169631763 +0200
+@@ -56,11 +56,24 @@
+ #include <linux/fs_struct.h>
+ #include <linux/pipe_fs_i.h>
++#include <linux/random.h>
++#include <linux/seq_file.h>
++
++#ifdef CONFIG_PAX_REFCOUNT
++#include <linux/kallsyms.h>
++#include <linux/kdebug.h>
++#endif
++
+ #include <asm/uaccess.h>
+ #include <asm/mmu_context.h>
+ #include <asm/tlb.h>
+ #include "internal.h"
++#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
++void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
++EXPORT_SYMBOL(pax_set_initial_flags_func);
++#endif
++
+ #include <rsbac/hooks.h>
+ int core_uses_pid;
+diff -uNrp rsbac-2.6.33-prepar-pax/fs/pipe.c rsbac-pax-2.6.33/fs/pipe.c
+--- rsbac-2.6.33-prepar-pax/fs/pipe.c	2010-05-07 15:14:49.517606551 +0200
++++ rsbac-pax-2.6.33/fs/pipe.c	2010-05-07 15:02:13.871606431 +0200
+@@ -776,10 +776,10 @@ pipe_release(struct inode *inode, int de
+ 	mutex_lock(&inode->i_mutex);
+ 	pipe = inode->i_pipe;
+-	pipe->readers -= decr;
+-	pipe->writers -= decw;
+-
+-	if (!pipe->readers && !pipe->writers) {
++    atomic_sub(decr, &pipe->readers);
++    atomic_sub(decw, &pipe->writers);
++
++    if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
+ #ifdef CONFIG_RSBAC
+ 		union rsbac_target_id_t rsbac_target_id;
+diff -uNrp rsbac-2.6.33-prepar-pax/init/do_mounts.c rsbac-pax-2.6.33/init/do_mounts.c
+--- rsbac-2.6.33-prepar-pax/init/do_mounts.c	2010-05-07 15:14:52.007605933 +0200
++++ rsbac-pax-2.6.33/init/do_mounts.c	2010-05-07 15:03:37.947065115 +0200
+@@ -424,8 +424,8 @@ void __init prepare_namespace(void)
+ 	mount_root();
+ out:
+ 	devtmpfs_mount("dev");
+-	sys_mount(".", "/", NULL, MS_MOVE, NULL);
+-	sys_chroot(".");
++	sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
++	sys_chroot((__force char __user *)".");
+         /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */
+ #ifdef CONFIG_RSBAC
+diff -uNrp rsbac-2.6.33-prepar-pax/mm/mprotect.c rsbac-pax-2.6.33/mm/mprotect.c
+--- rsbac-2.6.33-prepar-pax/mm/mprotect.c	2010-05-07 15:14:53.831981467 +0200
++++ rsbac-pax-2.6.33/mm/mprotect.c	2010-05-07 15:05:33.261719663 +0200
+@@ -24,10 +24,16 @@
+ #include <linux/mmu_notifier.h>
+ #include <linux/migrate.h>
+ #include <linux/perf_event.h>
++
++#ifdef CONFIG_PAX_MPROTECT
++#include <linux/elf.h>
++#endif
++
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+ #include <asm/cacheflush.h>
+ #include <asm/tlbflush.h>
++#include <asm/mmu_context.h>
+ #include <rsbac/hooks.h>
+ #ifndef pgprot_modify
+</code>

//