Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- wiki:experiences:igraltist:patches:2.6.33.5 [2010/06/19 18:55]
igraltist created
+++ wiki:experiences:igraltist:patches:2.6.33.5 [2010/06/19 19:36]
igraltist
@@ Line 1: / Line 1: @@
 [[wiki:experiences/igraltist|Back to igraltist's experiences]]
 ====== Patch for kernel rsbac-pax 2.6.33.5 =====
@@ Line 6: / Line 7: @@
   * [[http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.5.tar.bz2|linux-kernel]]
-  * [[http://download.rsbac.org/pre/rsbac-1.4.4-2.6.33.5.diff.bz2|rsbac-patch]]
+  * [[http://kasten-edv.de/download/rsbac/pre/rsbac-1.4.4-2.6.33.5.diff.bz2|rsbac-patch]]
   * [[http://www.grsecurity.net/~paxguy1/pax-linux-2.6.33.5-test24.patch|pax-patch]]
+Already patched kernel can download for testing
+[[http://kasten-edv.de/download/rsbac/pre|here]].
 At least apply this patch.
 <code bash>
+diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c linux-rsbac-pax-2.6.33.5/fs/exec.c
+--- linux-rsbac-pax-prepatch-2.6.33.5/fs/exec.c	2010-06-19 19:07:51.878274060 +0200
++++ linux-rsbac-pax-2.6.33.5/fs/exec.c	2010-06-19 18:09:29.958251588 +0200
+@@ -56,11 +56,24 @@
+ #include <linux/fs_struct.h>
+ #include <linux/pipe_fs_i.h>
++#include <linux/random.h>
++#include <linux/seq_file.h>
++
++#ifdef CONFIG_PAX_REFCOUNT
++#include <linux/kallsyms.h>
++#include <linux/kdebug.h>
++#endif
++
+ #include <asm/uaccess.h>
+ #include <asm/mmu_context.h>
+ #include <asm/tlb.h>
+ #include "internal.h"
++#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
++void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
++EXPORT_SYMBOL(pax_set_initial_flags_func);
++#endif
++
+ #include <rsbac/hooks.h>
+ int core_uses_pid;
+diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c linux-rsbac-pax-2.6.33.5/fs/pipe.c
+--- linux-rsbac-pax-prepatch-2.6.33.5/fs/pipe.c	2010-06-19 19:07:57.627376691 +0200
++++ linux-rsbac-pax-2.6.33.5/fs/pipe.c	2010-06-19 18:10:56.358833619 +0200
+@@ -776,10 +776,10 @@
+ 	mutex_lock(&inode->i_mutex);
+ 	pipe = inode->i_pipe;
+-	pipe->readers -= decr;
+-	pipe->writers -= decw;
++    atomic_sub(decr, &pipe->readers);
++    atomic_sub(decw, &pipe->writers);
+-	if (!pipe->readers && !pipe->writers) {
++    if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
+ #ifdef CONFIG_RSBAC
+ 		union rsbac_target_id_t rsbac_target_id;
+diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c linux-rsbac-pax-2.6.33.5/init/do_mounts.c
+--- linux-rsbac-pax-prepatch-2.6.33.5/init/do_mounts.c	2010-06-19 19:08:06.855376578 +0200
++++ linux-rsbac-pax-2.6.33.5/init/do_mounts.c	2010-06-19 18:12:12.449251431 +0200
+@@ -424,8 +424,8 @@
+ 	mount_root();
+ out:
+ 	devtmpfs_mount("dev");
+-	sys_mount(".", "/", NULL, MS_MOVE, NULL);
+-	sys_chroot(".");
++	sys_mount((__force char __user *)".", (__force char __user *)"/", NULL, MS_MOVE, NULL);
++	sys_chroot((__force char __user *)".");
+         /* RSBAC: OK, most stuff initialized and root mounted: Init RSBAC. */
+ #ifdef CONFIG_RSBAC
+diff -Nur linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c linux-rsbac-pax-2.6.33.5/mm/mprotect.c
+--- linux-rsbac-pax-prepatch-2.6.33.5/mm/mprotect.c	2010-06-19 19:08:18.563250912 +0200
++++ linux-rsbac-pax-2.6.33.5/mm/mprotect.c	2010-06-19 18:13:06.214533380 +0200
+@@ -24,10 +24,17 @@
+ #include <linux/mmu_notifier.h>
+ #include <linux/migrate.h>
+ #include <linux/perf_event.h>
++
++#ifdef CONFIG_PAX_MPROTECT
++#include <linux/elf.h>
++#endif
++
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+ #include <asm/cacheflush.h>
+ #include <asm/tlbflush.h>
++#include <asm/mmu_context.h>
++
+ #include <rsbac/hooks.h>
+ #ifndef pgprot_modify
 </code>

//