[rsbac] rsbac on raspberry pi
Jens Kasten
jens at kasten-edv.de
Mon Jul 6 16:25:28 CEST 2015
I have upload the config and patch and a small howto.
mkdir raspberry-pi
cd raspberry-pi
wget https://www.kasten-edv.de/download/rsbac/config-3.18.16-rsbac-4+
wget
https://www.kasten-edv.de/download/rsbac/rpi-3.18.16-rsbac-pax.patch
git clone https://github.com/raspberrypi/linux.git
git clone https://github.com/raspberrypi/tools
cd linux
git checkout remotes/origin/rpi-3.18.y
patch -p1 < ../rpi-3.18.16-rsbac-pax.patch | tee patch.log
grep FAIL patch.log
cp ../config-3.18.16-rsbac-4+ .config
ARCH=arm CROSS_COMPILE=armv6j-hardfloat-linux-gnueabi- make menuconfig
ARCH=arm CROSS_COMPILE=armv6j-hardfloat-linux-gnueabi- make -j4
ARCH=arm CROSS_COMPILE=armv6j-hardfloat-linux-gnueabi-
INSTALL_MOD_PATH=../modules make modules_install
cd ../tools/mkimage
./imagetool-uncompressed.py ../../linux/arch/arm/boot/zImage
mv kernel.img ../../kernel.img-3.18.16-rsbac+
cd ../..
rm modules/lib/modules/3.18.16-rsbac+/{build,source}
scp -r modules/lib/modules/3.18.16-rsbac+ root at pi:/lib/modules
scp kernel.img-3.18.16-rsbac+ root at pi:/boot
On raspberry-pi do a copy from your running kernel.img and cp the
kernel.img-3.18.16-rsbac+ to kernel.img
Example /boot/cmdline.txt
console=tty1 root=/dev/mmcblk0p3 rootfstype=ext4 elevator=deadline
rootwait rsbac_softmode rsbac_nosyslog rsbac_cap_process_hiding
reboot for testing :D
Am 2015-07-06 07:45, schrieb Javier Juan Martínez Cabezón:
> Damn! How did you do?!, Are you running the modified kernel/firmware
> owned by raspberry pi fundation?, ¿rsbac sources?, ¿did you patched
> it
> by hand? ¿had to solve rejections?, did you need to dance around a
> camp
> fire?.
>
> I'm compiling a gentoo hardened in a raspberry pi 2 model B. ¿Can you
> send your .config? ¿Did you have troubles building paxtest?
>
> Jens 1 tazok 0
>
>
>
>
>
> On 05/07/15 23:16, Jens Kasten wrote:
>> Hi,
>>
>> on my Raspberry Pi runs a Gentoo/hardened with RSBAC and PAX :D
>>
>> Linux raspberry-pi 3.18.16-rsbac-4+ #2 PREEMPT Sun Jul 5 22:49:47 CEST
>> 2015 armv6l BCM2708 GNU/Linux
>>
>> For PAX this options must at moment disabled:
>> CONFIG_PAX_REFCOUNT, CONFIG_PAX_USERCOPY
>>
>> There is an issue left with PAX but need a bit time.
>>
>>
>> Jens
>>
>> _______________________________________________
>> rsbac mailing list
>> rsbac at rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list