grsecurity forums

On first sorry for my English beacuse I'm Polish
I have a problem with patching kernel with grsecurity. When I spend command patch<grsecurity-2.2.2-3.0.4-201108300622.patch displays an error (it's only part)

Code: Select all

2 out of 2 hunks FAILED -- saving rejects to file linux-3.0.4/net/netfilter/ipvs/ip_vs_sync.c.rej
patching file linux-3.0.4/net/netfilter/ipvs/ip_vs_xmit.c
Hunk #1 FAILED at 1151.
Hunk #2 FAILED at 1272.
2 out of 2 hunks FAILED -- saving rejects to file linux-3.0.4/net/netfilter/ipvs/ip_vs_xmit.c.rej
patching file linux-3.0.4/net/netfilter/Kconfig
Hunk #1 FAILED at 781.
1 out of 1 hunk FAILED -- saving rejects to file linux-3.0.4/net/netfilter/Kconfig.rej
patching file linux-3.0.4/net/netfilter/Makefile
Hunk #1 FAILED at 81.
1 out of 1 hunk FAILED -- saving rejects to file linux-3.0.4/net/netfilter/Makefile.rej
patching file linux-3.0.4/net/netfilter/nfnetlink_log.c
Hunk #1 FAILED at 70.
Hunk #2 FAILED at 505.


Kernel version is 3.0.3
My system is Ubuntu 11.04
What I ma?ke wrong? What must I do?

You must not be trying to apply the patch against a vanilla 3.0.4 kernel. It will apply cleanly with no errors against a vanilla kernel.

wget kernel
tar -zxf kernel
cd linux-3.0.4
patch -p1 < grsec-patch

-Brad

I have a similar problem:
vanilla-kernel-3.0.4
grsecurity-2.2.2-3.0.4-201108300001.patch
4200_fbcondecor-0.9.6.patch (Gentoo fbcondecor-patch).
and kernel panic:

Code: Select all

Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash by root

First time in my life I see a similar message and did not know what may be due.
I hope that in future versions of the patch the problem goes away.
My kernel config:
http://ompldr.org/vYTR2bw/kernel-3.0.4-grsec
GCC version.

Code: Select all

gcc --version                                                                               
gcc (Gentoo Hardened 4.4.5 p1.2, pie-0.4.5) 4.4.5

Gcc config:

Code: Select all

cc -v                                                                                       
Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-4.4.5/work/gcc-4.4.5/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/4.4.5 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/4.4.5/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/4.4.5 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/4.4.5/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/4.4.5/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/4.4.5/include/g++-v4 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --disable-fixed-point --without-ppl --without-cloog --enable-nls --without-included-gettext --with-system-zlib --disable-werror --enable-secureplt --disable-multilib --enable-libmudflap --disable-libssp --enable-esp --enable-libgomp --with-python-dir=/share/gcc-data/i686-pc-linux-gnu/4.4.5/python --enable-checking=release --disable-libgcj --with-arch=i686 --enable-languages=c,c++,fortran --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.4.5 p1.2, pie-0.4.5'
Thread model: posix
gcc version 4.4.5 (Gentoo Hardened 4.4.5 p1.2, pie-0.4.5)

Cheers!

I would need to see the messages that appear before the panic line. They would describe why the system panicked.

-Brad

Thanks
It solve problem
Sorry but I have another

root@BOB:/usr/src/linux-3.0.3# make
HOSTCC -fPIC tools/gcc/stackleak_plugin.o
In file included from /usr/lib/i386-linux-gnu/gcc/i686-linux-gnu/4.5.2/plugin/include/rtl.h:28:0,
from tools/gcc/stackleak_plugin.c:34:
/usr/lib/i386-linux-gnu/gcc/i686-linux-gnu/4.5.2/plugin/include/real.h:27:18: fatal error: mpfr.h: No such file or directory
compilation terminated.
make[1]: *** [tools/gcc/stackleak_plugin.o] Error 1
make: *** [gcc-plugins0] Error 2

robercik101 wrote:Sorry but I have another

the forums can be searched you know...

Kernel panic occurred immediately after the compilation was the result of a fatal exception, a few hours later he was not seen.

He was also a conflict Print Print content uvesa - grsecurity at uvesa permanent incorporation into the kernel

Code: Select all

CONFIG_FB_UVESA = y
CONFIG_CONNECTOR = y

August stopped the system at boot.
I changed the configuration of the kernel modules after compiling kernel - from the built-in rechargeable promoted,

Code: Select all

CONFIG_FB_UVESA = m
CONFIG_CONNECTOR = m

and the system got up and running as normal on standard vesa fb mode.

Code: Select all

root  # cat /proc/cmdline
root=/dev/sda1 vga=792 selinux=0  nosplash rw

Cheers!

jacekalex wrote:Kernel panic occurred immediately after the compilation was the result of a fatal exception, a few hours later he was not seen.

can you capture the full dmesg somehow and also send me your bzImage and vmlinux files that correspond to such a dmesg?

I'm sorry I did not answer earlier, but gave up UVESA, and left the VESA console - for him everything is working properly (fbcondecor too), also UVESA simply was not necessary.

Regards