Hello, thanks for your response. I don't have these issues anymore. Back then I tried to compile the Akari LSM module for a grsec enabled Archlinux kernel, somehow that failed. I use the grsec enabled Archlinux kernel with the in-tree tomoyo (and the caitsith kernel patch) at the moment (no external modules). I don't have any issues with that. I still get some warnings related to the caitsith patch and the size overflow plugin. I guess that all kernel patches applied after the grsec patch will result in these warnings since the size overflow plugin doesn't know about them before hand (not sure how the size overflow plugin works). I think compiling the LSM module failed back then, because of some constify'ing done by grsec. The in-tree tomoyo and the caitsith kernel patch work flawlessly for me with grsec. Thanks, Torsten On Sun, 5 Jun 2016 20:30:05 +0900 Tetsuo Handa <pengu****@I-lov*****> wrote: > Hello. > > Sorry, but I didn't know that this post was pending for 5 months > due to "Cause: Post by non-member to a members-only list". I added > your address to the list of "accept" rule. > > twoertwein wrote: > > Hi, > > > > I tried to build akari (1.0.35_20151111) for a grsec patched 4.3.3 Linux kernel > > (https://grsecurity.net/test/grsecurity-3.1-4.3.3-201512282134.patch). Besides > > some messages/warnings of the kind "Function ... is missing from the > > size_overflowhash table ...", I get errors about assignments to read-only object. > > Akari successfully compiles without grsec enabled. Same happens for the caitsith module > > > > Best regards, > > Torsten > > Well, I've never seen these messages. > > According to https://forums.grsecurity.net/viewtopic.php?f=7&t=3043 , > Emese Revfy ( re.em****@gmail***** ) knows about "Function ... is missing from > the size_overflowhash table ..." message. I think consulting her will be better. > > About "error: assignment of read-only location" message and > "error: assignment of member ‘...’ in read-only object" message, > I can't find problems in my side because they are not marked as "const". > I think consulting PaX team members will be better. > > > > > ==> Making package: akari 1.0.35_20151111-1 (Thu Dec 31 22:50:28 CET 2015) > > ==> Checking runtime dependencies... > > ==> Checking buildtime dependencies... > > ==> Retrieving sources... > > -> Found akari-1.0.35-20151111.tar.gz > > -> Found akari-1.0.35-20151111.tar.gz.asc > > ==> Validating source files with sha256sums... > > akari-1.0.35-20151111.tar.gz ... Passed > > akari-1.0.35-20151111.tar.gz.asc ... Passed > > ==> Verifying source file signatures with gpg... > > akari-1.0.35-20151111.tar.gz ... Passed > > ==> Extracting sources... > > ==> Removing existing $pkgdir/ directory... > > ==> Starting build()... > > CC [M] akari/test.o > > CC [M] akari/probe.o > > CC [M] akari/permission.o > > CC [M] akari/gc.o > > CC [M] akari/memory.o > > Creating an empty policy/profile.conf > > Creating an empty policy/exception_policy.conf > > Creating an empty policy/domain_policy.conf > > Creating an empty policy/manager.conf > > Creating an empty policy/stat.conf > > CC [M] akari/realpath.o > > Function ccs_scan_bprm is missing from the size_overflow hash table +ccs_scan_bprm+fndecl+2+16274+ > > Function argc is missing from the size_overflow hash table +argc+ccs_condition+0+63399+ > > Function ccs_scan_bprm is missing from the size_overflow hash table +ccs_scan_bprm+fndecl+4+16274+ > > Function envc is missing from the size_overflow hash table +envc+ccs_condition+0+56582+ > > Function total_len is missing from the size_overflow hash table +total_len+ccs_path_info+0+38974+ > > CC [M] akari/load_policy.o > > Function ccs_commit_ok is missing from the size_overflow hash table +ccs_commit_ok+fndecl+2+20580+ > > Checking whether umode_t is used by include/linux/security.h or not. > > LD [M] akari/akari_test.o > > Generating built-in policy for TOMOYO 1.8.x. > > CC [M] akari/lsm.o > > CC [M] akari/policy_io.o > > In file included from akari/lsm.c:12:0: > > akari/lsm-4.2.c: In function ‘swap_hook’: > > akari/lsm-4.2.c:1215:13: error: assignment of read-only location ‘*original’ > > *original = shp->hook; > > ^ > > akari/lsm-4.2.c: In function ‘ccs_init’: > > akari/lsm-4.2.c:1236:39: error: assignment of member ‘find_task_by_vpid’ in read-only object > > ccsecurity_exports.find_task_by_vpid = probe_find_task_by_vpid(); > > ^ > > akari/lsm-4.2.c:1239:41: error: assignment of member ‘find_task_by_pid_ns’ in read-only object > > ccsecurity_exports.find_task_by_pid_ns = probe_find_task_by_pid_ns(); > > ^ > > akari/lsm-4.2.c:1242:37: error: assignment of member ‘d_absolute_path’ in read-only object > > ccsecurity_exports.d_absolute_path = probe_d_absolute_path(); > > ^ > > scripts/Makefile.build:258: recipe for target 'akari/lsm.o' failed > > make[1]: *** [akari/lsm.o] Error 1 > > make[1]: *** Waiting for unfinished jobs.... > > Function ccs_read is missing from the size_overflow hash table +ccs_read+fndecl+3+10+ > > Function ccs_read_self is missing from the size_overflow hash table +ccs_read_self+fndecl+3+1495+ > > Function ccs_write_self is missing from the size_overflow hash table +ccs_write_self+fndecl+3+26838+ > > Function writebuf_size is missing from the size_overflow hash table +writebuf_size+ccs_io_buffer+0+17632+ > > Function numbers_count is missing from the size_overflow hash table +numbers_count+ccs_condition+0+22932+ > > Function read_user_buf_avail is missing from the size_overflow hash table +read_user_buf_avail+ccs_io_buffer+0+33672+ > > Function query_len is missing from the size_overflow hash table +query_len+ccs_query+0+63116+ > > Function envc is missing from the size_overflow hash table +envc+ccs_condition+0+56582+ > > Function names_count is missing from the size_overflow hash table +names_count+ccs_condition+0+60468+ > > Function argc is missing from the size_overflow hash table +argc+ccs_condition+0+63399+ > > Function condc is missing from the size_overflow hash table +condc+ccs_condition+0+43125+ > > Makefile:1469: recipe for target '_module_akari' failed > > make: *** [_module_akari] Error 2 > > ==> ERROR: A failure occurred in build(). > > Aborting... > > > > _______________________________________________ > > tomoyo-users-en mailing list > > tomoy****@lists***** > > http://lists.osdn.me/mailman/listinfo/tomoyo-users-en > > > >
TOMOYO
Fork