From: High M. <hi...@os...> - 2003-05-14 18:03:34
|
-----Forwarded Message----- > From: High Mobley <hi...@pr...> > To: Geoff Thorpe <ge...@ge...> > Subject: Re: [uml-user] Mandrake 9.1, SKAS, etc > Date: 13 May 2003 19:45:48 -0400 > > On Tue, 2003-05-13 at 16:21, Geoff Thorpe wrote: > > Hi all, > > > > Just sounding out in case there is someone out there who's already been > > looking at UML hosting on mandrake 9.1 systems? I'm looking at putting a > > few UMLs together and would like the host to remain, as much as is > > possible, within the padded walls of mandrake's urpmi-based environment > > and pre-patched kernel assumptions. In particular, I'm wondering about > > producing a modified kernel RPM for the host that completely matches the > > stock kernel RPM *except* for the addition of SKAS support. Doable? Done? > > > > Background, whys, wherefores, etc: I'm reluctant to build a kernel from > > scratch for this system because it is administered graphically on a daily > > basis by someone who does not want their GUI admin fluff to start doing > > anything "differently". Eg. hotplug, GUI-based autodetection tools, > > graphic admin of lilo, urpmi control of kernels, etc. With mandrake's > > automatic handling of so much kernel, kernel-module, and "/boot" stuff, > > this would be too easy for me to inadvertently sod up using vanilla > > kernel sources. On the other hand, I would *really* prefer to have SKAS > > working than have this running in TT mode. I've heard that one day Jeff > > and Linus are going to have an iotcl() to replace /proc/mm and the world > > will be a truly good place, but I'm wondering how it can be made livable > > in the mean time. :-) > > > > So, I've seen various discussions going on about this w.r.t. Redhat > > systems, but was curious if anyone had tackled this on mandrake's latest? > > If I've already missed discussion about this - apologies, any reference > > would be most welcome. > > > > Cheers, > > Geoff > > I took the kernel source RPM for Mandrake 9.0 and added the skas patch > to get a UML host kernel built as an RPM. Worked fine for me, though it > took me a little while to understand exactly what the kernel SRPM was > doing. The key is to find the bzipped tarball of all the patches in the > $RPM_DIR/SOURCE directory. You want to unzip and untar this file, add > the skas patch in the correct place, add the /proc/mm option in the > default kernel config file, and then re-tar and bzip the file. Finally, > edit the kernel SRPM spec file to build the kernel you want and run the > rpm -b command to build the kernel. > One word of caution though... You'll want to dig thru the recent posts > to this list for a version of the SKAS patch that plays nicely with the > recent kernel ptrace vulnerability fix. > > -- > High Mobley <hi...@pr...> Forgot to CC the list on my reply to Geoff... -- High Mobley <hi...@os...> |
From: Geoff T. <ge...@ge...> - 2003-05-15 22:10:29
|
Hello, On May 14, 2003 11:02 am, High Mobley wrote: > I took the kernel source RPM for Mandrake 9.0 and added the skas > patch to get a UML host kernel built as an RPM. Worked fine for me, > though it took me a little while to understand exactly what the > kernel SRPM was doing. The key is to find the bzipped tarball of all > the patches in the $RPM_DIR/SOURCE directory. You want to unzip and > untar this file, add the skas patch in the correct place, add the > /proc/mm option in the default kernel config file, and then re-tar > and bzip the file. Finally, edit the kernel SRPM spec file to build > the kernel you want and run the rpm -b command to build the kernel. > One word of caution though... You'll want to dig thru the recent > posts to this list for a version of the SKAS patch that plays nicely > with the recent kernel ptrace vulnerability fix. I've just tried wandering into this for the first time. Wow, what a horrid mess. I found the SKAS patch that supposedly plays ball with the ptrace fix and have since been trying to make sense of all this. I noted that the "ZG" (grsecurity) series of patches bundled in mandrake's SRPM smashes mprotect.c to pieces and, for me at least, this makes the skas patch fail no matter which order the patches get applied. This probably means there's some way to control which patches are (and are not) applied by the scripts/apply_patches script. However between that and trying to work out which kernel config will be absorbed and processed by the build, I'm starting to find this all somewhat hairy. Anyway, I'll have another hack at this later and see if it yields, but thought I'd mention where I was up to in case you (or anyone else) has useful insights for me? Which version of the SRPM were you using this with BTW? I'm on Mandrake 9.1 with the kernel-2.4.21.0.13mdk-1-1mdk SRPM. Cheers, Geoff -- Geoff Thorpe ge...@ge... http://www.geoffthorpe.net/ |
From: Geoff T. <ge...@ge...> - 2003-05-18 21:26:48
|
Just an update ... On May 15, 2003 06:07 pm, Geoff Thorpe wrote: [snip] > On May 14, 2003 11:02 am, High Mobley wrote: > > I took the kernel source RPM for Mandrake 9.0 and added the skas > > patch to get a UML host kernel built as an RPM. Worked fine for me, > > though it took me a little while to understand exactly what the > > kernel SRPM was doing. The key is to find the bzipped tarball of all [snip] > I've just tried wandering into this for the first time. Wow, what a > horrid mess. I found the SKAS patch that supposedly plays ball with the > ptrace fix and have since been trying to make sense of all this. [snip] I managed to hack the Mandrake kernel SRPM and the SKAS3 patch to all tie together and produce me a kernel RPM that could be installed side-by-side with the "normal" one. I was thinking of making these changes available to people, but then on reflection realised that future versions and/or other RPM distributions would require continual adaptation and hacking. This is what I faced in adapted High Mobley's useful comments about mdk9.0 to the more thorny issues presented in mdk9.1. So ... I think I'll try to instead write this whole process up in the form of a HOWTO, including examples of what I encountered but in a way that will hopefully work for other people and/or future versions if possible. Please mail me offlist if you know someone has already done this or if you can think of an appropriate place to put such a document when I get round to it. Cheers, Geoff -- Geoff Thorpe ge...@ge... http://www.geoffthorpe.net/ |