wiki:experiences:igraltist:patches:2.6.33.3
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


wiki:experiences:igraltist:patches:2.6.33.3 [2010/05/07 13:22] (current) – created igraltist
Line 1: Line 1:
 +[[wiki:experiences/igraltist|Back to igraltist's experiences]]
  
 +====== Patch for kernel rsbac-pax 2.6.33.3 =====
 +
 +The follow source have to download and the patches have to apply like the links are.
 +
 +  * [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.3.tar.bz2|linux-kernel]]
 +  * [[http://download.rsbac.org/pre/rsbac-1.4.4-2.6.33.3.diff.bz2|rsbac-patch]]
 +  * [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.3-test18.patch|pax-patch]]
 +
 +At least apply this patch.
 +<code bash>
 +diff -uNrp rsbac-2.6.33-prepar-pax/fs/exec.c rsbac-pax-2.6.33/fs/exec.c
 +--- rsbac-2.6.33-prepar-pax/fs/exec.c 2010-05-07 15:14:48.514606394 +0200
 ++++ rsbac-pax-2.6.33/fs/exec.c 2010-05-07 15:00:43.169631763 +0200
 +@@ -56,11 +56,24 @@
 + #include <linux/fs_struct.h>
 + #include <linux/pipe_fs_i.h>
 + 
 ++#include <linux/random.h>
 ++#include <linux/seq_file.h>
 ++
 ++#ifdef CONFIG_PAX_REFCOUNT
 ++#include <linux/kallsyms.h>
 ++#include <linux/kdebug.h>
 ++#endif
 ++
 + #include <asm/uaccess.h>
 + #include <asm/mmu_context.h>
 + #include <asm/tlb.h>
 + #include "internal.h"
 + 
 ++#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
 ++void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
 ++EXPORT_SYMBOL(pax_set_initial_flags_func);
 ++#endif
 ++
 + #include <rsbac/hooks.h>
 + 
 + int core_uses_pid;
 +diff -uNrp rsbac-2.6.33-prepar-pax/fs/pipe.c rsbac-pax-2.6.33/fs/pipe.c
 +--- rsbac-2.6.33-prepar-pax/fs/pipe.c 2010-05-07 15:14:49.517606551 +0200
 ++++ rsbac-pax-2.6.33/fs/pipe.c 2010-05-07 15:02:13.871606431 +0200
 +@@ -776,10 +776,10 @@ pipe_release(struct inode *inode, int de
 + 
 +  mutex_lock(&inode->i_mutex);
 +  pipe = inode->i_pipe;
 +- pipe->readers -= decr;
 +- pipe->writers -= decw;
 +-
 +- if (!pipe->readers && !pipe->writers) {
 ++    atomic_sub(decr, &pipe->readers);
 ++    atomic_sub(decw, &pipe->writers);
 ++   
 ++    if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
 + 
 + #ifdef CONFIG_RSBAC
 +  union rsbac_target_id_t rsbac_target_id;
 +diff -uNrp rsbac-2.6.33-prepar-pax/init/do_mounts.c rsbac-pax-2.6.33/init/do_mounts.c
 +--- rsbac-2.6.33-prepar-pax/init/do_mounts.c 2010-05-07 15:14:52.007605933 +0200
 ++++ rsbac-pax-2.6.33/init/do_mounts.c 2010-05-07 15:03:37.947065115 +0200
 +@@ -424,8 +424,8 @@ void __init prepare_namespace(void)
 +  mount_root();
 + out:
 +  devtmpfs_mount("dev");
 +- sys_mount(".", "/", NULL, MS_MOVE, NULL);
 +- sys_chroot(".");
 ++ sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
 ++ sys_chroot((__force char __user *)".");
 + 
 +         /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */
 + #ifdef CONFIG_RSBAC
 +diff -uNrp rsbac-2.6.33-prepar-pax/mm/mprotect.c rsbac-pax-2.6.33/mm/mprotect.c
 +--- rsbac-2.6.33-prepar-pax/mm/mprotect.c 2010-05-07 15:14:53.831981467 +0200
 ++++ rsbac-pax-2.6.33/mm/mprotect.c 2010-05-07 15:05:33.261719663 +0200
 +@@ -24,10 +24,16 @@
 + #include <linux/mmu_notifier.h>
 + #include <linux/migrate.h>
 + #include <linux/perf_event.h>
 ++
 ++#ifdef CONFIG_PAX_MPROTECT
 ++#include <linux/elf.h>
 ++#endif
 ++
 + #include <asm/uaccess.h>
 + #include <asm/pgtable.h>
 + #include <asm/cacheflush.h>
 + #include <asm/tlbflush.h>
 ++#include <asm/mmu_context.h>
 + #include <rsbac/hooks.h>
 + 
 + #ifndef pgprot_modify
 +</code>
//
wiki/experiences/igraltist/patches/2.6.33.3.txt · Last modified: 2010/05/07 13:22 by igraltist

wiki/experiences/igraltist/patches/2.6.33.3.txt · Last modified: 2010/05/07 13:22 by igraltist
This website is kindly hosted by m-privacy