[grsec] aufs2.1 vs grsecurity
Dean Takemori
deant at hawaii.rr.com
Sat Feb 19 20:39:09 EST 2011
Hi,
I am attempting to build a custom hardened linux-live (http://www.linux-live.org/)
CD using grsecurity (http://grsecurity.net/index.php) and aufs2.1
(http://aufs.sourceforge.net/)
Sources:
linux-2.6.32.28
grsecurity-2.2.1-2.6.32.28-201102121148.patch
aufs2.1-32 (2011/02/14 standalone git snapshot)
> linux-2.6.32.28/fs/aufs/dynop.c: In function 'dy_aop':
> linux-2.6.32.28/fs/aufs/dynop.c:179:2: error: assignment of read-only member 'writepage'
> linux-2.6.32.28/fs/aufs/dynop.c:180:2: error: assignment of read-only member 'readpage'
> linux-2.6.32.28/fs/aufs/dynop.c:181:2: error: assignment of read-only member 'sync_page'
> linux-2.6.32.28/fs/aufs/dynop.c:182:2: error: assignment of read-only member 'writepages'
> linux-2.6.32.28/fs/aufs/dynop.c:183:2: error: assignment of read-only member 'set_page_dirty'
> linux-2.6.32.28/fs/aufs/dynop.c:184:2: error: assignment of read-only member 'readpages'
> linux-2.6.32.28/fs/aufs/dynop.c:185:2: error: assignment of read-only member 'write_begin'
> linux-2.6.32.28/fs/aufs/dynop.c:186:2: error: assignment of read-only member 'write_end'
> linux-2.6.32.28/fs/aufs/dynop.c:187:2: error: assignment of read-only member 'bmap'
> linux-2.6.32.28/fs/aufs/dynop.c:188:2: error: assignment of read-only member 'invalidatepage'
> linux-2.6.32.28/fs/aufs/dynop.c:189:2: error: assignment of read-only member 'releasepage'
> linux-2.6.32.28/fs/aufs/dynop.c:191:2: error: assignment of read-only member 'direct_IO'
> linux-2.6.32.28/fs/aufs/dynop.c:192:2: error: assignment of read-only member 'get_xip_mem'
> linux-2.6.32.28/fs/aufs/dynop.c:193:2: error: assignment of read-only member 'migratepage'
> linux-2.6.32.28/fs/aufs/dynop.c:194:2: error: assignment of read-only member 'launder_page'
> linux-2.6.32.28/fs/aufs/dynop.c:195:2: error: assignment of read-only member 'is_partially_uptodate'
> linux-2.6.32.28/fs/aufs/dynop.c:196:2: error: assignment of read-only member 'error_remove_page'
> linux-2.6.32.28/fs/aufs/dynop.c: In function 'dy_adx':
> linux-2.6.32.28/fs/aufs/dynop.c:302:3: error: assignment of read-only member 'direct_IO'
> linux-2.6.32.28/fs/aufs/dynop.c:303:3: error: assignment of read-only member 'get_xip_mem'
> linux-2.6.32.28/fs/aufs/dynop.c:305:3: error: assignment of read-only member 'direct_IO'
> linux-2.6.32.28/fs/aufs/dynop.c:306:3: error: assignment of read-only member 'get_xip_mem'
> linux-2.6.32.28/fs/aufs/dynop.c:308:4: error: assignment of read-only member 'get_xip_mem'
> make[3]: *** [fs/aufs/dynop.o] Error 1
> make[2]: *** [fs/aufs] Error 2
> make[1]: *** [fs] Error 2
> make: *** [sub-make] Error 2
To my nonexpert eyes, this appears to be the same or similar to problems reported
elsewhere with reiserfs4 and openafs
http://grsecurity.net/pipermail/grsecurity/2010-September/001055.html
http://grsecurity.net/pipermail/grsecurity/2010-October/001058.html
I notice that there exist aufs2 and aufs2.1 patches for the SystemRescueCD project
(www.sysresccd.org) for various kernels
http://kernel.sysresccd.org/sysresccd-1.6.4/
http://kernel.sysresccd.org/sysresccd-2.0.1/
But it's not clear to me what the "most correct" or most futureproof way to merge
three moving targets (kernel, grsec and aufs2.1) together.
Suggestions or comments anyone?
-dean takemori
More information about the grsecurity
mailing list