Hello
We have problem to build kernel for debian lenny with xen and grsecurity.
We use 2.6.32.5 kernel version and patch grsecurity-2.2.1-2.6.32.27-201012121726.patch, but we have problems when we want to compile it.
Anyone know how to build kernel in debian way with xen and grsecurity ?
Best regards
Sebastian Stach
Debian lenny xen + grsecurity
5 posts
• Page 1 of 1
Debian lenny xen + grsecurity
by sebagred » Tue Dec 14, 2010 9:22 am
- sebagred
- Posts: 2
- Joined: Tue Dec 14, 2010 7:58 am
Re: Debian lenny xen + grsecurity
by specs » Wed Dec 15, 2010 5:07 am
You should choose whether you want a kernel with grsecurity or a kernel with debian-patches and grsecurity.
For a kernel with grsecurity download the latest vanilla kernel available from http://www.kernel.org with the corresponding patch for grsecurity. Patch it, configure it, make it, install it, test it.
This would be the first step to get grsecurity running on any system. The latest patch is allways supported in this forum (currently 2.6.32.27).
If you want the debian patches as well you could look at cormanders repository.
Of course this would mean you'd have to apply the grsecurity patches to the debian-kernel yourself or you would have to apply the debian-patches to the grsec-patched kernel.
Original thread where he posted the above:
viewtopic.php?f=3&t=2272&p=9754&hilit=debian#p9754
For a kernel with grsecurity download the latest vanilla kernel available from http://www.kernel.org with the corresponding patch for grsecurity. Patch it, configure it, make it, install it, test it.
This would be the first step to get grsecurity running on any system. The latest patch is allways supported in this forum (currently 2.6.32.27).
If you want the debian patches as well you could look at cormanders repository.
I started tracking grsecurity patches in git since 2.6.32.8, you can see the various patches as commits by searching my name as author. Here is a link to the gitweb search for it:
http://git.cormander.com/?p=linux-2.6.s ... +Henderson
Every new patch gets pulled down into this repo. If you want you can clone it like so:
git clone git://git.cormander.com/linux-2.6.stable-grsec.git
Then issue the "git diff" command between the linux version tag and the sha1sum of whichever patch you wanted, and it'll give you the full diff for it.
Of course this would mean you'd have to apply the grsecurity patches to the debian-kernel yourself or you would have to apply the debian-patches to the grsec-patched kernel.
Original thread where he posted the above:
viewtopic.php?f=3&t=2272&p=9754&hilit=debian#p9754
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
Re: Debian lenny xen + grsecurity
by sebagred » Wed Dec 15, 2010 6:53 am
Hello
We can build kernel with grsec but we have problems when we want to build kernel with xen and grsecurity patches:
linux-2.6-xen is 2.6.32
$ git clone git://git.kernel.org/pub/scm/linux/kern ... my/xen.git linux-2.6-xen
$ cd linux-2.6-xen
$ git reset --hard
$ make clean
$ git pull
GRSECURITY
$ patch -p1 < grsecurity-2.2.1-2.6.32.27-201012130740.patch
$ make menuconfig
$ ON grsecurity
$ make
HOSTLD scripts/kconfig/conf
scripts/kconfig/conf -s arch/x86/Kconfig
CHK include/linux/version.h
UPD include/linux/version.h
CHK include/linux/utsrelease.h
UPD include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
CC kernel/bounds.s
GEN include/linux/bounds.h
CC arch/x86/kernel/asm-offsets.s
In file included from /usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable.h:327,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess_64.h:12,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess.h:640,
from include/linux/uaccess.h:5,
from include/linux/crypto.h:26,
from arch/x86/kernel/asm-offsets_64.c:8,
from arch/x86/kernel/asm-offsets.c:4:
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h: In function 'native_set_pmd':
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:80: error: implicit declaration of function 'pax_open_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:82: error: implicit declaration of function 'pax_close_kernel'
In file included from /usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable.h:680,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess_64.h:12,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess.h:640,
from include/linux/uaccess.h:5,
from include/linux/crypto.h:26,
from arch/x86/kernel/asm-offsets_64.c:8,
from arch/x86/kernel/asm-offsets.c:4:
include/asm-generic/pgtable.h: At top level:
include/asm-generic/pgtable.h:348: error: conflicting types for 'pax_open_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:80: note: previous implicit declaration of 'pax_open_kernel' was here
include/asm-generic/pgtable.h:352: error: conflicting types for 'pax_close_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:82: note: previous implicit declaration of 'pax_close_kernel' was here
make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2
We also try to build kernel from debian kernel with debian-patches for xen and grsecurity patch. Then we get error:
CALL scripts/checksyscalls.sh
CHK include/linux/compile.h
CC mm/mmap.o
mm/mmap.c: In function 'expand_downwards':
mm/mmap.c:1912: error: 'struct vm_area_struct' has no member named 'vm_prev'
make[1]: *** [mm/mmap.o] Error 1
Best regards,
Sebastian Stach
We can build kernel with grsec but we have problems when we want to build kernel with xen and grsecurity patches:
linux-2.6-xen is 2.6.32
$ git clone git://git.kernel.org/pub/scm/linux/kern ... my/xen.git linux-2.6-xen
$ cd linux-2.6-xen
$ git reset --hard
$ make clean
$ git pull
GRSECURITY
$ patch -p1 < grsecurity-2.2.1-2.6.32.27-201012130740.patch
$ make menuconfig
$ ON grsecurity
$ make
HOSTLD scripts/kconfig/conf
scripts/kconfig/conf -s arch/x86/Kconfig
CHK include/linux/version.h
UPD include/linux/version.h
CHK include/linux/utsrelease.h
UPD include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
CC kernel/bounds.s
GEN include/linux/bounds.h
CC arch/x86/kernel/asm-offsets.s
In file included from /usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable.h:327,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess_64.h:12,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess.h:640,
from include/linux/uaccess.h:5,
from include/linux/crypto.h:26,
from arch/x86/kernel/asm-offsets_64.c:8,
from arch/x86/kernel/asm-offsets.c:4:
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h: In function 'native_set_pmd':
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:80: error: implicit declaration of function 'pax_open_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:82: error: implicit declaration of function 'pax_close_kernel'
In file included from /usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable.h:680,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess_64.h:12,
from /usr/src/linux-2.6-xen/arch/x86/include/asm/uaccess.h:640,
from include/linux/uaccess.h:5,
from include/linux/crypto.h:26,
from arch/x86/kernel/asm-offsets_64.c:8,
from arch/x86/kernel/asm-offsets.c:4:
include/asm-generic/pgtable.h: At top level:
include/asm-generic/pgtable.h:348: error: conflicting types for 'pax_open_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:80: note: previous implicit declaration of 'pax_open_kernel' was here
include/asm-generic/pgtable.h:352: error: conflicting types for 'pax_close_kernel'
/usr/src/linux-2.6-xen/arch/x86/include/asm/pgtable_64.h:82: note: previous implicit declaration of 'pax_close_kernel' was here
make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2
We also try to build kernel from debian kernel with debian-patches for xen and grsecurity patch. Then we get error:
CALL scripts/checksyscalls.sh
CHK include/linux/compile.h
CC mm/mmap.o
mm/mmap.c: In function 'expand_downwards':
mm/mmap.c:1912: error: 'struct vm_area_struct' has no member named 'vm_prev'
make[1]: *** [mm/mmap.o] Error 1
Best regards,
Sebastian Stach
- sebagred
- Posts: 2
- Joined: Tue Dec 14, 2010 7:58 am
Re: Debian lenny xen + grsecurity
by specs » Wed Dec 15, 2010 12:00 pm
You should ask brad if xenlinux is supported.
Some people had success with xen (at least xen-unstable, 2.6.32.21and 64 bit).
viewtopic.php?f=1&t=1913&start=30
Some people had success with xen (at least xen-unstable, 2.6.32.21and 64 bit).
viewtopic.php?f=1&t=1913&start=30
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
Re: Debian lenny xen + grsecurity
by PaX Team » Thu Dec 23, 2010 1:24 pm
our patches are generated against vanilla linux (the Linus tree), for everything else you'll need a proper port which may involve more or less worksebagred wrote:We can build kernel with grsec but we have problems when we want to build kernel with xen and grsecurity patches:
.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
5 posts
• Page 1 of 1