I'm running Gentoo Linux and am using the hardened-2.6.7-r10 kernel which implements Grsecurity, unfortunately it doesn't completely work for me. Everything compiles just fine, however at the end of `make modules_install` I get:
- Code: Select all
WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_check_user_change
WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_check_group_change
WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_handle_chroot_caps
In my USE flags in /etc/make.conf I have "hardened" (installed my system with that), except for gcc which I have set to -hardened in /etc/portage/package.use.
I've looked a bit at the source code of Grsecurity and the missing symbols are present in linux/security/grsec_chroot.c, so my guess is the file isn't properly compiled or linked into the modules.
Because of the unknown symbols I can't load the commoncap module (and with that the capability module which requires commoncap), `modprobe capability` returns:
- Code: Select all
WARNING: Error inserting commoncap (/lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko): Unknown symbol in module, or unknown parameter (see dmesg)
FATAL: Error inserting capability (/lib/modules/2.6.7-hardened-r10/kernel/security/capability.ko): Unknown symbol in module, or unknown parameter (see dmesg)
Dmesg returns the following (which seems to give the impression that not only commoncap but capability itself has some problems aswell):
- Code: Select all
commoncap: Unknown symbol gr_check_user_change
commoncap: Unknown symbol gr_check_group_change
commoncap: Unknown symbol gr_handle_chroot_caps
capability: Unknown symbol cap_ptrace
capability: Unknown symbol cap_inode_setxattr
capability: Unknown symbol cap_syslog
capability: Unknown symbol cap_capget
capability: Unknown symbol cap_task_reparent_to_init
capability: Unknown symbol cap_task_post_setuid
capability: Unknown symbol cap_bprm_set_security
capability: Unknown symbol cap_bprm_secureexec
capability: Unknown symbol cap_capset_check
capability: Unknown symbol cap_bprm_apply_creds
capability: Unknown symbol cap_capable
capability: Unknown symbol cap_capset_set
capability: Unknown symbol cap_vm_enough_memory
capability: Unknown symbol cap_inode_removexattr
I've searched the forums here, at gentoo.org, searched the gentoo bug tracker and even googled for it but I can't even one other person who has the same problem. Posted pretty much the exact same post yesterday on the Gentoo forums but didn't get any replies which is what brings me here now.
Anybody here got any idea what it could be or how I could fix it?
Sidenote: I have typed all the output stuff above over by hand, as far as I can tell it's typo-free but you never know ...