bscheckenbach | 7 Apr 10:13 2006
Picon

kernel-2.6.16 + dazuko-2.2.0

Hello all,

after the update from Fedora Core 4 with 2.6.15-1.1831_FC4smp to 2.6.16 (SMP), 
using packet kernel-2.6.16-1.2069_FC4.src.rpm from the Fedora site, I'm not able
to compile dazuko-2.2.0.

Maybe they are changes in the LSM interface with 2.6.16 ?  Attached you find 
include/linux/security.h from ther source i'm using.

./configure --kernelsrcdir=/usr/src/redhat/BUILD/kernel-2.6.16prep --disable-local-dpath

shows at the end:
./configure successful
=======================
Configuration summary
=======================
module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no
module debug = no
library 1.x compatibility = yes

'make install' stops with :
CC [M] /home/bernhard/tmp/dazuko-2.2.0/dazuko_linux26_lsm.o
/home/bernhard/tmp/dazuko-2.2.0/dazuko_linux26_lsm.c: In Funktion »dazuko_security_xfrm_policy_alloc«:
/home/bernhard/tmp/dazuko-2.2.0/dazuko_linux26_lsm.c:1258: Fehler: »struct
security_operations« hat kein Element namens »xfrm_policy_alloc«
...etc.
(Continue reading)

John Ogness | 10 Apr 20:19 2006
Picon

Re: kernel-2.6.16 + dazuko-2.2.0

bscheckenbach <at> online.de wrote:
> after the update from Fedora Core 4 with 2.6.15-1.1831_FC4smp to 2.6.16 (SMP), 
> using packet kernel-2.6.16-1.2069_FC4.src.rpm from the Fedora site, I'm not able
> to compile dazuko-2.2.0.
> 
> Maybe they are changes in the LSM interface with 2.6.16 ?  Attached you find 
> include/linux/security.h from ther source i'm using.

Thank you. It was indeed a problem with using the LSM hooks. LSM has
quite an interesting (and non-consistent) naming scheme. I have fixed
the problem in CVS. Please try this version and let me know if it is ok.

$ env CVS_RSH=ssh cvs -z3 \
-d:pserver:anonymous <at> cvs.savannah.nongnu.org:/sources/dazuko \
co dazuko

John Ogness

--

-- 
Dazuko Maintainer
Amon Ott | 18 Apr 09:31 2006
Picon

LSM to be removed?

It seems that LSM is about to be removed from the kernel, because only 
one in-tree module has been using it and this one can have individual 
hooks in the future. Now we can all start wondering why.

http://marc.theaimsgroup.com/?t=114530170700005&r=1&w=2

I am once more glad about my old decision not to use LSM for RSBAC.

Amon.
--

-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
John Ogness | 29 Apr 11:37 2006

2.2.1-pre1 posted

Hi,

I have posted the first pre-release for 2.2.1. This version adds support
for the lastest Linux 2.6.17-rc2 Linux kernel. It should now also be
easier to build Dazuko for Linux 2.6 when you have fresh kernel sources.
The Makefile includes the Linux 2.6 build tools as dependencies so that
they will be built if necessary.

There are a lot of patches waiting for me. Specifically integration of
system call hooking for Linux 2..6 and support for RedirFS. I would like
both of these feature to appear in the 2.3.0 version. I promise that I
will get to these eventually, but I am extremely busy lately.

The little free time that I have for Dazuko lately has been spent mainly
on DazukoFS development and stress testing. It is going extremely well
for Linux 2.6 and FreeBSD 6 and I am anxious to get it out as an
experimental preview release. It is still far from being complete, but
it has now been developed enough that it could be used for thinks such
as basic anti-virus protection.

John Ogness

--

-- 
Dazuko Maintainer

Gmane