Hi everyone.
I was looking for a kernel patch that will let me use grsecurity and the acl posix with the xfs filesystem.
I didn't find it so i made it on my own taking and modifing the acl-backport for the 2.4.27 kernel.
This patch is only for 2.4.27 kernel with the 2.0.1 grsecurity patch.
Now, as i am not an expert of kernel pogramming, i wonder if what i have build is correct and if the grsecurity + xfs-acl patches can work together without any problem (like filesystem corruption or security issues and so on...).
You can view the patch here:
http://oss.sgi.com/archives/linux-xfs/2 ... 00096.html
Any suggestion?
Thanks
Marco
grsecurity and xfs posix acl
2 posts
• Page 1 of 1
grsecurity and xfs posix acl
by madcat » Mon Oct 18, 2004 10:26 am
- madcat
- Posts: 11
- Joined: Mon Oct 18, 2004 10:21 am
by Terra » Tue Oct 19, 2004 3:41 pm
I'm using grsecurity-2.0.1-2.4.27 and 010-xfs-split-acl.from.2.4.23.diff (use google for find). First use grsec pach, and xfs - second. 2 or 3 (don't remember) rejects happinens. 2 rejects in namei.c try to solve manually or try to apply this patch (not tested by me)
- Code: Select all
--- namei.c~ 2004-10-12 17:34:44.000000000 +0400
+++ namei.c 2004-10-12 17:43:18.000000000 +0400
@@ -1083,8 +1083,10 @@
goto exit_dput;
}
- error = vfs_create(dir->d_inode, dentry,
- mode & ~current->fs->umask);
+ if (!IS_POSIXACL(dir->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_create(dir->d_inode, dentry, mode);
+
if (!error)
gr_handle_create(dentry, nd->mnt);
@@ -1438,9 +1441,11 @@
if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
error = -EACCES;
- if(!error)
- error = vfs_mkdir(nd.dentry->d_inode, dentry,
- mode & ~current->fs->umask);
+ if(!error) {
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ }
if(!error)
gr_handle_create(dentry, nd.mnt);
- Terra
- Posts: 9
- Joined: Fri Apr 11, 2003 5:18 pm
2 posts
• Page 1 of 1