[rsbac] RSBAC + sparc64
Andre Pohl
apohl at gmx.de
Tue Jan 28 13:59:47 MET 2003
Hi!
I tried again with those patches applied. The "Function not implemented"
error is gone, but I couldn't get the admin tools running. I compiled
them with gcc 2.95.4 with asm link in <kernel>/include set to
asm-sparc64 and the assembler exits with an error. gcc 3.0 compiles the
package, but I get tons of warnings about shifting over the range of a
type (32bit usermode, 64bit kernelmode?). When I try to set the
auth_may_setuid attribute for /bin/login I get an error "Unknown error
1018".
After patching the unistd.h in asm-sparc I tried to compile the admin
tools changing the <kernel>/include/asm link to asm-sparc. Now the tools
are build without any critical warning or error but when I try to set
the auth_may_setuid for /bin/login I get a "RSBAC_EINVALIDVALUE" error.
Andre
Amon Ott wrote:
>On Thursday 23 January 2003 12:06, Peter Busser wrote:
>
>
>>>I'm trying to install a RSBAC enabled Linux on an Ultrasparc IIe based
>>>system. I followed the installation steps as described and the kernel is
>>>build without problems but when I try to use the admin tools I always
>>>get the error "Function not implemented". I recompiled the kernel
>>>several times and changed some of the settings but that didn't fix the
>>>problem.
>>>
>>>
>>"Function not implemented" means that the program is trying to call system
>>calls which do not exist. Perhaps the RSBAC patch does not change the
>>
>>
>Sparc64
>
>
>>system call table (or not properly). Or you did not enable RSBAC properly in
>>the kernel.
>>
>>
>>
>>>System:
>>>Ultraparc IIe 500Mhz
>>>512 MB RAM
>>>Debian 3.0
>>>GCC 2.95.4 (or 3.0)
>>>
>>>
>
>The syscall numbers for sparc64 seem to be limited to one byte, so the chosen
>RSBAC number 270 does not work.
>
>Could you please patch these files with the attached diffs and retry:
>
>arch/sparc64/kernel/systbls.S
>include/asm-sparc64/unistd.h
>
>Amon.
>--
>http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>
>
>------------------------------------------------------------------------
>
>--- unistd.h~ 2002-10-07 16:50:59.000000000 +0200
>+++ unistd.h 2003-01-23 15:38:14.000000000 +0100
>@@ -274,9 +274,9 @@
> #define __NR_nfsservctl 254
> #define __NR_aplib 255
>
>-/* RSBAC - we use 270 */
>+/* RSBAC - we just use 235, which seems to be unused */
> #ifdef CONFIG_RSBAC
>-#define __NR_rsbac 270
>+#define __NR_rsbac 235
> #endif
>
> #define _syscall0(type,name) \
>
>
>------------------------------------------------------------------------
>
>--- systbls.S~ 2002-10-07 16:50:58.000000000 +0200
>+++ systbls.S 2003-01-23 15:35:41.000000000 +0100
>@@ -66,20 +66,16 @@
> /*220*/ .word sys32_sigprocmask, sys32_create_module, sys32_delete_module, sys32_get_kernel_syms, sys_getpgid
> .word sys32_bdflush, sys32_sysfs, sys_nis_syscall, sys32_setfsuid16, sys32_setfsgid16
> /*230*/ .word sys32_select, sys_time, sys_nis_syscall, sys_stime, sys_nis_syscall
>+#ifdef CONFIG_RSBAC
>+ .word sys_rsbac, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#else
> .word sys_nis_syscall, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#endif
> /*240*/ .word sys_munlockall, sys_sched_setparam, sys_sched_getparam, sys_sched_setscheduler, sys_sched_getscheduler
> .word sys_sched_yield, sys_sched_get_priority_max, sys_sched_get_priority_min, sys32_sched_rr_get_interval, sys32_nanosleep
> /*250*/ .word sys32_mremap, sys32_sysctl, sys_getsid, sys_fdatasync, sys32_nfsservctl
> .word sys_aplib
>
>-#ifdef CONFIG_RSBAC
>- /* we use 270, until sys_security gets defined here */
>- .rept 269-255
>- .long sys_nis_syscall
>- .endr
>- .long sys_rsbac
>-#endif
>-
> /* Now the 64-bit native Linux syscall table. */
>
> .align 1024
>@@ -133,20 +129,16 @@
> /*220*/ .word sys_nis_syscall, sys_create_module, sys_delete_module, sys_get_kernel_syms, sys_getpgid
> .word sys_bdflush, sys_sysfs, sys_nis_syscall, sys_setfsuid, sys_setfsgid
> /*230*/ .word sys_select, sys_nis_syscall, sys_nis_syscall, sys_stime, sys_nis_syscall
>+#ifdef CONFIG_RSBAC
>+ .word sys_rsbac, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#else
> .word sys_nis_syscall, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
>+#endif
> /*240*/ .word sys_munlockall, sys_sched_setparam, sys_sched_getparam, sys_sched_setscheduler, sys_sched_getscheduler
> .word sys_sched_yield, sys_sched_get_priority_max, sys_sched_get_priority_min, sys_sched_rr_get_interval, sys_nanosleep
> /*250*/ .word sys64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
> .word sys_aplib
>
>-#ifdef CONFIG_RSBAC
>- /* we use 270, until sys_security gets defined here */
>- .rept 269-255
>- .long sys_nis_syscall
>- .endr
>- .long sys_rsbac
>-#endif
>-
> #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
> defined(CONFIG_SOLARIS_EMUL_MODULE)
> /* Now the 32-bit SunOS syscall table. */
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>rsbac mailing list
>rsbac at rsbac.org
>http://www.rsbac.org/mailman/listinfo/rsbac
>
>
More information about the rsbac
mailing list