[rsbac] RSBAC + sparc64

Andre Pohl apohl at gmx.de
Tue Jan 28 13:59:47 MET 2003 

Hi!

I tried again with those patches applied. The "Function not implemented" 
error is gone, but I couldn't get the admin tools running. I compiled 
them with gcc 2.95.4 with asm link in <kernel>/include set to 
asm-sparc64 and the assembler exits with an error. gcc 3.0 compiles the 
package, but I get tons of warnings about shifting over the range of a 
type (32bit usermode, 64bit kernelmode?). When I try to set the 
auth_may_setuid attribute for /bin/login I get an error "Unknown error 
1018".

After patching the unistd.h in asm-sparc I tried to compile the admin 
tools changing the <kernel>/include/asm link to asm-sparc. Now the tools 
are build without any critical warning or error but when I try to set 
the auth_may_setuid for /bin/login I get a "RSBAC_EINVALIDVALUE" error.


Andre


Amon Ott wrote:

>On Thursday 23 January 2003 12:06, Peter Busser wrote:
>  
>
>>>I'm trying to install a RSBAC enabled Linux on an Ultrasparc IIe based 
>>>system. I followed the installation steps as described and the kernel is 
>>>build without problems but when I try to use the admin tools I always 
>>>get the error "Function not implemented". I recompiled the kernel 
>>>several times and changed some of the settings but that didn't fix the 
>>>problem.
>>>      
>>>
>>"Function not implemented" means that the program is trying to call system
>>calls which do not exist. Perhaps the RSBAC patch does not change the 
>>    
>>
>Sparc64
>  
>
>>system call table (or not properly). Or you did not enable RSBAC properly in
>>the kernel.
>>
>>    
>>
>>>System:
>>>Ultraparc IIe 500Mhz
>>>512 MB RAM
>>>Debian 3.0
>>>GCC 2.95.4 (or 3.0)
>>>      
>>>
>
>The syscall numbers for sparc64 seem to be limited to one byte, so the chosen 
>RSBAC number 270 does not work.
>
>Could you please patch these files with the attached diffs and retry:
>
>arch/sparc64/kernel/systbls.S
>include/asm-sparc64/unistd.h
>
>Amon.
>--
>http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>  
>
>------------------------------------------------------------------------
>
>--- unistd.h~	2002-10-07 16:50:59.000000000 +0200
>+++ unistd.h	2003-01-23 15:38:14.000000000 +0100
>@@ -274,9 +274,9 @@
> #define __NR_nfsservctl         254
> #define __NR_aplib              255
> 
>-/* RSBAC - we use 270 */
>+/* RSBAC - we just use 235, which seems to be unused */
> #ifdef CONFIG_RSBAC
>-#define __NR_rsbac		270
>+#define __NR_rsbac		235
> #endif
> 
> #define _syscall0(type,name) \
>  
>
>------------------------------------------------------------------------
>
>--- systbls.S~	2002-10-07 16:50:58.000000000 +0200
>+++ systbls.S	2003-01-23 15:35:41.000000000 +0100
>@@ -66,20 +66,16 @@
> /*220*/	.word sys32_sigprocmask, sys32_create_module, sys32_delete_module, sys32_get_kernel_syms, sys_getpgid
> 	.word sys32_bdflush, sys32_sysfs, sys_nis_syscall, sys32_setfsuid16, sys32_setfsgid16
> /*230*/	.word sys32_select, sys_time, sys_nis_syscall, sys_stime, sys_nis_syscall
>+#ifdef CONFIG_RSBAC
>+	.word sys_rsbac, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#else
> 	.word sys_nis_syscall, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#endif
> /*240*/	.word sys_munlockall, sys_sched_setparam, sys_sched_getparam, sys_sched_setscheduler, sys_sched_getscheduler
> 	.word sys_sched_yield, sys_sched_get_priority_max, sys_sched_get_priority_min, sys32_sched_rr_get_interval, sys32_nanosleep
> /*250*/	.word sys32_mremap, sys32_sysctl, sys_getsid, sys_fdatasync, sys32_nfsservctl
> 	.word sys_aplib
> 
>-#ifdef CONFIG_RSBAC
>-	/* we use 270, until sys_security gets defined here */
>-	.rept 269-255
>-		.long sys_nis_syscall
>-	.endr
>-	.long sys_rsbac
>-#endif
>-
> 	/* Now the 64-bit native Linux syscall table. */
> 
> 	.align	1024
>@@ -133,20 +129,16 @@
> /*220*/	.word sys_nis_syscall, sys_create_module, sys_delete_module, sys_get_kernel_syms, sys_getpgid
> 	.word sys_bdflush, sys_sysfs, sys_nis_syscall, sys_setfsuid, sys_setfsgid
> /*230*/	.word sys_select, sys_nis_syscall, sys_nis_syscall, sys_stime, sys_nis_syscall
>+#ifdef CONFIG_RSBAC
>+	.word sys_rsbac, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#else
> 	.word sys_nis_syscall, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#endif
> /*240*/	.word sys_munlockall, sys_sched_setparam, sys_sched_getparam, sys_sched_setscheduler, sys_sched_getscheduler
> 	.word sys_sched_yield, sys_sched_get_priority_max, sys_sched_get_priority_min, sys_sched_rr_get_interval, sys_nanosleep
> /*250*/	.word sys64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
> 	.word sys_aplib
> 
>-#ifdef CONFIG_RSBAC
>-	/* we use 270, until sys_security gets defined here */
>-	.rept 269-255
>-		.long sys_nis_syscall
>-	.endr
>-	.long sys_rsbac
>-#endif
>-
> #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
>     defined(CONFIG_SOLARIS_EMUL_MODULE)
> 	/* Now the 32-bit SunOS syscall table. */
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>rsbac mailing list
>rsbac at rsbac.org
>http://www.rsbac.org/mailman/listinfo/rsbac
>  
>

More information about the rsbac mailing list