xenlinux 2.6.24.7 + grsecurity working (sort of)

Discuss and suggest new grsecurity features

xenlinux 2.6.24.7 + grsecurity working (sort of)

Postby cormander » Tue Sep 02, 2008 1:56 pm

I've been working on merging the 2.6.24 xenlinux dom0 patch (got it from ubuntu-hardy) a updating it to 2.6.24.7, and applying the grsecurity patch for that version.

It compiles just fine and boots on x86_64 with various grsecurity options enabled, but with PaX turned off. As I start to turn features of pax on, there are build errors; normally "implicit declaration of", which leads me to believe that grsecurity mucks with xen's inclusion of macros and such from header files. I haven't figured out the cause yet. I see this probably a lot more heavily if I try to compile on x86 (32 bit).

Here are my patches thus far (apply the xen first, then grsecurity): http://download.ravencore.com/grsec/patches/

With a few PaX options enabled on x86_64 I was able to get it as far as:

Code: Select all
  GEN     .version
  CHK     include/linux/compile.h
dnsdomainname: Unknown host
  UPD     include/linux/compile.h
  CC      init/version.o
  LD      init/built-in.o
  LD      vmlinux
fs/built-in.o: In function `pax_report_fault':
/root/test/linux-2.6.24.7/fs/exec.c:1714: undefined reference to `pax_report_insns'
make: *** [vmlinux] Error 1


I've only started this a few days ago so this is really just my first attempt to do this for this version of the linux kernel and xen, I know that it's been successfully done with 2.6.18.

If anyone is interested in helping, let me know. Also, I have about 20+ other patches for this kernel version that I haven't posted to this directory yet, they're all CVEs and other things relevant to this kernel version.
cormander
 
Posts: 154
Joined: Tue Jan 29, 2008 12:51 pm

Return to grsecurity development