Re: new problem in dazuko

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: new problem in dazuko

John Ogness-2
张伟 wrote:

> I was installing dazuko in Linux kernel 2.6.9, but have some problems
> when use "./configure"
>  
> checking host system type... Linux
> checking for make utility... ok (make)
> checking for C compiler... ok (cc)
> kernel source in /lib/modules/2.6.9-34.EL/source... yes
> kernel build source in /lib/modules/2.6.9-34.EL/build... yes
> acquiring Linux kernel code configuration... ok
> checking if Linux is RSBAC patched... no
> checking if devfs is enabled... no
> discovered host system... Linux (2.6.9)
> checking if security module support is enabled... yes
> verifying capabilities are not built-in... built-in :(
> error: capabilities are built-in to the kernel:
>        you will need to recompile a kernel with capabilities
>        as a kernel module
> 1.whether I must open CONFIG_SECURITY_CAPABILITIES module, and recompile
> my kernel?

Yes. CONFIG_SECURITY_CAPABILITIES must be a module. You will need to
recompile your kernel after you make this change. You will also need to
make sure you load dazuko before the capability module.


> 2.whether have other methods not check this module?

If recompiling the kernel is not an option, you can use syscall hooking
instead. For this you will need the correct System.map file for your
kernel. This is often available as /boot/System.map, but not always.
Then you can configure Dazuko with:

$ ./configure --enable-syscalls --mapfile=/boot/System.map


John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: new problem in dazuko

John Ogness-2
张伟 wrote:
> (1).recompile my kernel with CONFIG_SECURITY_CAPABILITIES as module, OK
> (2)../configure, OK
> (3)."rmmod capability", OK
> (4).load dazuko "/sbin/insmod dazuko.ko", OK
> (5)."modprobe capability", failed.
>    FATAL: Error inserting capability (/lib/modules/2.6.9-5.EL.rootcustom/kernel/security/capability.ko): Invalid argument, why?
> (6).run dazuko example_c /usr/src/sw, but can not see any information from function print_access() when I access  /usr/src/sw. why?

You may have SElinux activated as a security module. SElinux does not
allow Dazuko to work correctly.


>> $ ./configure --enable-syscalls --mapfile=/boot/System.map
>
> This way can succeed.

This may be your only option.

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: panic (sys_call_table == NULL)

John Ogness-2
张伟 wrote:
> I reinstall my linux AS 4.0, and reinstall dazuko,
> 1)./configure --enable-syscalls --mapfile=/boot/System.map
> locating sys_call_table... ok (0xa0000001005fdee8)
> checking sys_call_table status... read-only
> IMPORTANT NOTE:
> If you get a kernel panic or segmentation fault while loading
> the Dazuko module, you will need to reboot and try to
> configure Dazuko again with the --sct-readonly option.
> 2)when I /sbin/insmod dazuko.ko, dazuko: panic (sys_call_table == NULL)

Please look at this support thread:

http://savannah.nongnu.org/support/?105824

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel