[rsbac] missing syscall on space

Jens Kasten jens.kasten at kasten-edv.de
Mon Feb 19 20:18:45 CET 2018


Am 19.02.2018 19:51, schrieb Jens Kasten:
Btw.

cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline

gcc (Gentoo 7.3.0 p1.0) 7.3.0 with --enable-default-pie 
--enable-default-ssp




> Yes this fixed the issue, thanks.
> 
> In arch/arm/include/generated/uapi/asm/unistd-common.h there the
> "#define __NR_rsbac" can be deletet.
> Its already defined in arch/arm/include/uapi/asm/unistd.h.
> 
> Am 19.02.2018 10:12, schrieb Amon Ott:
>> Am 18.02.2018 um 16:10 schrieb Jens Kasten:
>>> I got on latest linux-4.14.y this:
>>> 
>>> cat /proc/rsbac-info/active
>>> Version: 1.5.2, API min: 1.4.0, API max: 1.5.0
>>> Mode: SOFTMODE
>>> Softmode: available
>>> Ind-Soft: available
>>> Switching off: available for FF AUTH CAP JAIL RES
>>> Switching on: available for FF AUTH CAP JAIL RES MPROTECT
>>> Module: FF   on
>>> Module: AUTH on
>>> Module: CAP  on
>>> Module: JAIL on
>>> Module: RES  on
>>> Module: MPROTECT on
>>> 
>>> but rsbac_version
>>> Error: Function not implemented
>>> Tools:  1.5.1, API: 1.4.10
>>> Kernel: 0.0.0, API min: 1.4.0, API max: 1.5.0
>>> 
>>> The syscall on userspace is somehow missing on arm.
>> 
>> Please pull --rebase and retry, just added the missing entry.
>> 
>> Amon.
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac


More information about the rsbac mailing list