* [gentoo-hardened] Re: aufs2 Monday GIT release
[not found] ` <11262.1274761932@jrobl>
@ 2010-05-28 12:16 ` Thomas Sachau
2010-05-28 12:35 ` pageexec
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Sachau @ 2010-05-28 12:16 UTC (permalink / raw
To: gentoo-hardened; +Cc: sfjro
[-- Attachment #1.1: Type: text/plain, Size: 1777 bytes --]
Since this is a conflict between aufs2 and pax/grsec patches, i would like to see the view of the
pax team too. Below are the two mails from aufs2 upstream together with the latest patch, which does
workaround the problem and contains some additional comments.
Since he is not subscribed, please keep him in CC.
Am 25.05.2010 06:32, schrieb sfjro@users.sourceforge.net:
>
> "Tommy[D]":
>> just tried to compile aufs2-standalone against my local kernel sources, b=
>> ut get the attached failure
>> for 2.6.33. The kernel is a development kernel from Gentoo with additiona=
>> l pax and grsec patches.
>
> I found the pax and grsec patches declare members as 'const'.
> grsecurity-2.1.14-2.6.33.4-201005151340.patch
> pax-linux-2.6.33.4-test19.patch
>
> For instance,
>
> struct address_space_operations {
> - int (*writepage)(struct page *page, struct writeback_control *wbc);
> - int (*readpage)(struct file *, struct page *);
> - void (*sync_page)(struct page *);
> + int (* const writepage)(struct page *page, struct writeback_control *wbc);
> + int (* const readpage)(struct file *, struct page *);
> + void (* const sync_page)(struct page *);
>
> It means setting writepage (and other members) is prohibited. But aufs
> sets them dynamically. I think this is the cause of your problem.
> I don't know whether making them 'const' is necessary or not.
>
>
> J. R. Okajima
>
> ------------------------------------------------------------------------------
>
>
and
>> If you really need to co-work aufs and grsec/pax, then this patch will
>> > solve the problem. But I don't think it a good approach.
> It was broken. Here is an updated one.
>
> J. R. Okajima
>
--
Thomas Sachau
Gentoo Linux Developer
[-- Attachment #1.2: a.patch.bz2 --]
[-- Type: application/x-bzip2, Size: 2024 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 316 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-hardened] Re: aufs2 Monday GIT release
2010-05-28 12:16 ` [gentoo-hardened] Re: aufs2 Monday GIT release Thomas Sachau
@ 2010-05-28 12:35 ` pageexec
0 siblings, 0 replies; 2+ messages in thread
From: pageexec @ 2010-05-28 12:35 UTC (permalink / raw
To: gentoo-hardened; +Cc: sfjro
On 28 May 2010 at 14:16, Thomas Sachau wrote:
> Since this is a conflict between aufs2 and pax/grsec patches, i would like to see the view of the
> pax team too. Below are the two mails from aufs2 upstream together with the latest patch, which does
> workaround the problem and contains some additional comments.
how about reading the unfolding discussion on the grsec list instead
of cross-posting? ;)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-05-28 12:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <26440.1274664907@jrobl>
[not found] ` <4BFA856B.5090203@gmx.de>
[not found] ` <11262.1274761932@jrobl>
2010-05-28 12:16 ` [gentoo-hardened] Re: aufs2 Monday GIT release Thomas Sachau
2010-05-28 12:35 ` pageexec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox