Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
wiki:experiences:igraltist:patches:2.6.33.5 [2010/06/19 18:55] igraltist created |
wiki:experiences:igraltist:patches:2.6.33.5 [2010/06/19 19:17] igraltist |
||
---|---|---|---|
Line 1: | Line 1: | ||
[[wiki:experiences/igraltist|Back to igraltist's experiences]] | [[wiki:experiences/igraltist|Back to igraltist's experiences]] | ||
+ | |||
====== Patch for kernel rsbac-pax 2.6.33.5 ===== | ====== Patch for kernel rsbac-pax 2.6.33.5 ===== | ||
Line 6: | Line 7: | ||
* [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.5.tar.bz2|linux-kernel]] | * [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.5.tar.bz2|linux-kernel]] | ||
- | * [[http://download.rsbac.org/pre/rsbac-1.4.4-2.6.33.5.diff.bz2|rsbac-patch]] | + | * [[http://kasten-edv.de/download/rsbac/pre/rsbac-1.4.4-2.6.33.5.diff.bz2|rsbac-patch]] |
* [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.5-test24.patch|pax-patch]] | * [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.5-test24.patch|pax-patch]] | ||
At least apply this patch. | At least apply this patch. | ||
<code bash> | <code bash> | ||
+ | diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c linux-rsbac-pax-2.6.33.5/fs/exec.c | ||
+ | --- linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c 2010-06-19 19:07:51.878274060 +0200 | ||
+ | +++ linux-rsbac-pax-2.6.33.5/fs/exec.c 2010-06-19 18:09:29.958251588 +0200 | ||
+ | @@ -56,11 +56,24 @@ | ||
+ | #include <linux/fs_struct.h> | ||
+ | #include <linux/pipe_fs_i.h> | ||
+ | |||
+ | +#include <linux/random.h> | ||
+ | +#include <linux/seq_file.h> | ||
+ | + | ||
+ | +#ifdef CONFIG_PAX_REFCOUNT | ||
+ | +#include <linux/kallsyms.h> | ||
+ | +#include <linux/kdebug.h> | ||
+ | +#endif | ||
+ | + | ||
+ | #include <asm/uaccess.h> | ||
+ | #include <asm/mmu_context.h> | ||
+ | #include <asm/tlb.h> | ||
+ | #include "internal.h" | ||
+ | |||
+ | +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS | ||
+ | +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); | ||
+ | +EXPORT_SYMBOL(pax_set_initial_flags_func); | ||
+ | +#endif | ||
+ | + | ||
+ | #include <rsbac/hooks.h> | ||
+ | |||
+ | int core_uses_pid; | ||
+ | diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c linux-rsbac-pax-2.6.33.5/fs/pipe.c | ||
+ | --- linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c 2010-06-19 19:07:57.627376691 +0200 | ||
+ | +++ linux-rsbac-pax-2.6.33.5/fs/pipe.c 2010-06-19 18:10:56.358833619 +0200 | ||
+ | @@ -776,10 +776,10 @@ | ||
+ | |||
+ | mutex_lock(&inode->i_mutex); | ||
+ | pipe = inode->i_pipe; | ||
+ | - pipe->readers -= decr; | ||
+ | - pipe->writers -= decw; | ||
+ | + atomic_sub(decr, &pipe->readers); | ||
+ | + atomic_sub(decw, &pipe->writers); | ||
+ | |||
+ | - if (!pipe->readers && !pipe->writers) { | ||
+ | + if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) { | ||
+ | |||
+ | #ifdef CONFIG_RSBAC | ||
+ | union rsbac_target_id_t rsbac_target_id; | ||
+ | diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c linux-rsbac-pax-2.6.33.5/init/do_mounts.c | ||
+ | --- linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c 2010-06-19 19:08:06.855376578 +0200 | ||
+ | +++ linux-rsbac-pax-2.6.33.5/init/do_mounts.c 2010-06-19 18:12:12.449251431 +0200 | ||
+ | @@ -424,8 +424,8 @@ | ||
+ | mount_root(); | ||
+ | out: | ||
+ | devtmpfs_mount("dev"); | ||
+ | - sys_mount(".", "/", NULL, MS_MOVE, NULL); | ||
+ | - sys_chroot("."); | ||
+ | + sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL); | ||
+ | + sys_chroot((__force char __user *)"."); | ||
+ | |||
+ | /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */ | ||
+ | #ifdef CONFIG_RSBAC | ||
+ | diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c linux-rsbac-pax-2.6.33.5/mm/mprotect.c | ||
+ | --- linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c 2010-06-19 19:08:18.563250912 +0200 | ||
+ | +++ linux-rsbac-pax-2.6.33.5/mm/mprotect.c 2010-06-19 18:13:06.214533380 +0200 | ||
+ | @@ -24,10 +24,17 @@ | ||
+ | #include <linux/mmu_notifier.h> | ||
+ | #include <linux/migrate.h> | ||
+ | #include <linux/perf_event.h> | ||
+ | + | ||
+ | +#ifdef CONFIG_PAX_MPROTECT | ||
+ | +#include <linux/elf.h> | ||
+ | +#endif | ||
+ | + | ||
+ | #include <asm/uaccess.h> | ||
+ | #include <asm/pgtable.h> | ||
+ | #include <asm/cacheflush.h> | ||
+ | #include <asm/tlbflush.h> | ||
+ | +#include <asm/mmu_context.h> | ||
+ | + | ||
+ | #include <rsbac/hooks.h> | ||
+ | |||
+ | #ifndef pgprot_modify | ||
</code> | </code> |