rumen_yotov at dir.bg
Sat Aug 6 20:28:44 CEST 2005
Павел Петлинский wrote:
>I want to use RSBAC with GRSecurity patch.
>I use RSBAC sources from Gentoo distrib, and try to patch it by GRSecurity patch.
>But at the end (everytime, when patch ask to apply patch anyway, i say 'no'), i have i kernel config 2 PaX section (Security section), one before,
>and one after GRSecurity section.
>Some one can explane - how to patch correctly?
>rsbac mailing list
>rsbac at rsbac.org
Not much help here but anyway, IMHO latest RSBAC has PaX included, which
is also true for GRSecurity. But that's not the biggest problem.
Maybe a bigger one is the fact that both RSBAC&grsec2 have some sort of
MandatoryAccessControl (MAC) which is common for both (e.g. ACL,sec.
capabilities etc.). Technically just unpack some vanilla kernel and
manually apply the patches, then look out for any rejects (patch order
is also important). See also "man patch".
Using Gentoo too, here just compile the kernel step by step:
1.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3/rX unpack (this
will only unpack and patch the sources);
2.Then go to: /var/tmp/portage/linux-2.6.11-rsbac-r3/work directory and
apply the patch (GRSEC2) manually, it too has the PaX patch integrated;
3.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 install (will
make 'compile&install' steps) does nothing here as this is just kernel
source, but the steps must be made in order to be able to make the next one;
4.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 qmerge (merge
step - copy to usr/src/linux dir);
5.ebuild /usr/portage/sys-kernel/rsbac-sources-2.6.11-r3 clean (to clean
the work dir, it's more then 250MB ;)
Or edit the ebuild and include the grsec patch too (epatch function);
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3397 bytes
Desc: S/MIME Cryptographic Signature
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050806/3415961c/smime.bin
More information about the rsbac