xenlinux 2.6.24.7 + grsecurity working (sort of)
Posted: Tue Sep 02, 2008 1:56 pm
I've been working on merging the 2.6.24 xenlinux dom0 patch (got it from ubuntu-hardy) a updating it to 2.6.24.7, and applying the grsecurity patch for that version.
It compiles just fine and boots on x86_64 with various grsecurity options enabled, but with PaX turned off. As I start to turn features of pax on, there are build errors; normally "implicit declaration of", which leads me to believe that grsecurity mucks with xen's inclusion of macros and such from header files. I haven't figured out the cause yet. I see this probably a lot more heavily if I try to compile on x86 (32 bit).
Here are my patches thus far (apply the xen first, then grsecurity): http://download.ravencore.com/grsec/patches/
With a few PaX options enabled on x86_64 I was able to get it as far as:
I've only started this a few days ago so this is really just my first attempt to do this for this version of the linux kernel and xen, I know that it's been successfully done with 2.6.18.
If anyone is interested in helping, let me know. Also, I have about 20+ other patches for this kernel version that I haven't posted to this directory yet, they're all CVEs and other things relevant to this kernel version.
It compiles just fine and boots on x86_64 with various grsecurity options enabled, but with PaX turned off. As I start to turn features of pax on, there are build errors; normally "implicit declaration of", which leads me to believe that grsecurity mucks with xen's inclusion of macros and such from header files. I haven't figured out the cause yet. I see this probably a lot more heavily if I try to compile on x86 (32 bit).
Here are my patches thus far (apply the xen first, then grsecurity): http://download.ravencore.com/grsec/patches/
With a few PaX options enabled on x86_64 I was able to get it as far as:
- Code: Select all
GEN .version
CHK include/linux/compile.h
dnsdomainname: Unknown host
UPD include/linux/compile.h
CC init/version.o
LD init/built-in.o
LD vmlinux
fs/built-in.o: In function `pax_report_fault':
/root/test/linux-2.6.24.7/fs/exec.c:1714: undefined reference to `pax_report_insns'
make: *** [vmlinux] Error 1
I've only started this a few days ago so this is really just my first attempt to do this for this version of the linux kernel and xen, I know that it's been successfully done with 2.6.18.
If anyone is interested in helping, let me know. Also, I have about 20+ other patches for this kernel version that I haven't posted to this directory yet, they're all CVEs and other things relevant to this kernel version.