Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Dazuko - how?

  1. #1

    Question Dazuko - how?

    did anybody manage to install dazuko on 11.0?
    trying to build & install i got error that security capabilities are built-in the kernel - on 10.3 it was a module

    on the other hand dazuko rpm installs but in no way i can load it

    if somebody acopmlished the task, no matter which way, i'll appreciate if shares how to

  2. #2
    Join Date
    Jun 2008
    Location
    PHX
    Posts
    481

    Default Re: Dazuko - how?

    What RPM's did you install... both dazuko and dazuko-kmp-default?
    <>---><^>

  3. #3

    Default Re: Dazuko - how?

    i installed dazuko-2.3.4.4-42.1-86_64 and dazuko-kmp-default-2.3.4.4_2.6.25.5_1.1-42.1-86_64

  4. #4
    Join Date
    Mar 2008
    Location
    NE Arkansas
    Posts
    1,126

    Default Re: Dazuko - how?

    Quote Originally Posted by Rhaddamant View Post
    did anybody manage to install dazuko on 11.0?
    trying to build & install i got error that security capabilities are built-in the kernel - on 10.3 it was a module

    on the other hand dazuko rpm installs but in no way i can load it

    if somebody acopmlished the task, no matter which way, i'll appreciate if shares how to
    Dazuko and Apparmor conflict; It's one or the other, sorry.

    to get dazuko to run, uninstall everything apparmor & give it a go.
    Desktop Asus X-99 Viper. uefi & secure Boot, Win10, Leap 15.1 B & Leap 43.2; and, Laptop: ASUS GL752VW Optimus, uefi+Secure Boot, Win10, Leap 15 & T-weed

  5. #5

    Default Re: Dazuko - how?

    Snakedriver,

    is that for sure? on 10.3 apparmor was allowing dazuko to load as secondary lsm module and they worked together- i confirm that personally

    why was it changed in 11.0?!

  6. #6
    Join Date
    Mar 2008
    Location
    NE Arkansas
    Posts
    1,126

    Default Re: Dazuko - how?

    Quote Originally Posted by Rhaddamant View Post
    Snakedriver,

    is that for sure? on 10.3 apparmor was allowing dazuko to load as secondary lsm module and they worked together- i confirm that personally

    why was it changed in 11.0?!
    It wasn't; Didn't work for me in 10.3 I had to remove Apparmor.

    They both build kernel modules and those modules conflict, AFAIK.

    Exactly what dazuko did you have loaded?
    Try to duplicate "load as secondary lsm module" is the best that I can do.

    I think you will find that Developers, including SuSE want only one LSM; see: Linux Security Modules - Wikipedia, the free encyclopedia
    That reasoning is what leads openSUSE to it's own developed AppArmor.
    AppArmor documentation can be had here: Novell Doc: OpenSUSE 11.0 - Table of Contents

    Good luck
    Desktop Asus X-99 Viper. uefi & secure Boot, Win10, Leap 15.1 B & Leap 43.2; and, Laptop: ASUS GL752VW Optimus, uefi+Secure Boot, Win10, Leap 15 & T-weed

  7. #7

    Default Re: Dazuko - how?

    in 10.3 capabilities were build as module - not in the kernel - and capabilities.ko was located in /lib/modules/`uname -r`/security/
    i was able to build dazuko from source and load it copying dazuko.ko in the same dir, depmod -a

    now, /lib/modules/`uname -r`/security doesn't exist... capabilities is built-in the kernel and:

    # ~/Install/dazuko-2.3.5 # ./configure --disable-local-dpath
    checking host system type... Linux
    checking for make utility... ok (make)
    checking for C compiler... ok (cc)
    kernel source in /lib/modules/2.6.25.5-1.1-default/source... yes
    kernel build source in /lib/modules/2.6.25.5-1.1-default/build... yes
    acquiring Linux kernel code configuration... ok
    checking if Linux is RSBAC patched... no
    checking if devfs is enabled... no
    discovered host system... Linux (2.6.25)
    checking if security module support is enabled... yes
    verifying capabilities are not built-in... built-in
    error: capabilities are built-in to the kernel:
    you will need to recompile a kernel with capabilities
    as a kernel module

    in the way above i configured dazuko on 10.3, you can see now the result


    # ~/Install/dazuko-2.3.5 # ./configure --enable-syscalls --mapfile=/boot/System.map-2.6.25.5-1.1-default
    checking host system type... Linux
    checking for make utility... ok (make)
    checking for C compiler... ok (cc)
    kernel source in /lib/modules/2.6.25.5-1.1-default/source... yes
    kernel build source in /lib/modules/2.6.25.5-1.1-default/build... yes
    acquiring Linux kernel code configuration... ok
    checking if Linux is RSBAC patched... no
    checking if devfs is enabled... no
    discovered host system... Linux (2.6.25)
    checking whether __d_path() is exported... yes
    checking for System.map file... ok (/boot/System.map-2.6.25.5-1.1-default)
    locating sys_call_table... ok (0xffffffff8045b390)
    checking sys_call_table status... read-only

    IMPORTANT NOTE:
    If you get a kernel panic or segmentation fault while loading
    the Dazuko module, you will need to reboot and try to
    configure Dazuko again with the --sct-readonly option.

    locating do_execve... ok (0xffffffff802a57f5)
    identifying device API... ok
    inspecting class type... ok (class)
    inspecting suspend function... ok (suspend2)
    inspecting task_struct structure... ok (using parent)
    disabling ON_EXEC events (only available on x86 platforms)
    configure: creating Makefile
    configure: creating library/Makefile
    configure: creating example_c/Makefile

    ./configure successful

    =======================
    Configuration summary
    =======================

    module events = ON_OPEN ON_CLOSE
    devfs support = no
    rsbac support = no
    hooking via syscalls = yes
    local __d_path() = no
    path resolution = registered daemon context
    module debug = no
    library 1.x compatibility = yes

    # ~/Install/dazuko-2.3.5 # make
    make -C /lib/modules/2.6.25.5-1.1-default/build SUBDIRS="/root/Install/dazuko-2.3.5" modules
    make[1]: Entering directory `/usr/src/linux-2.6.25.5-1.1-obj/x86_64/default'
    make -C /usr/src/linux-2.6.25.5-1.1 O=/usr/src/linux-2.6.25.5-1.1-obj/x86_64/default/. modules
    CC [M] /root/Install/dazuko-2.3.5/dazuko_core.o
    CC [M] /root/Install/dazuko-2.3.5/dazuko_transport.o
    CC [M] /root/Install/dazuko-2.3.5/dazuko_linux.o
    /root/Install/dazuko-2.3.5/dazuko_linux.c:90: error: conflicting types for __d_path
    /usr/src/linux-2.6.25.5-1.1/include/linux/dcache.h:303: error: previous declaration of __d_path was here
    /root/Install/dazuko-2.3.5/dazuko_linux.c: In function dazuko_get_filename_dentry:
    /root/Install/dazuko-2.3.5/dazuko_linux.c:659: error: struct nameidata has no member named dentry
    /root/Install/dazuko-2.3.5/dazuko_linux.c: In function dazuko_get_full_filename:
    /root/Install/dazuko-2.3.5/dazuko_linux.c:899: error: struct nameidata has no member named mnt
    /root/Install/dazuko-2.3.5/dazuko_linux.c: In function dazuko_fill_file_struct_cleanup:
    /root/Install/dazuko-2.3.5/dazuko_linux.c:1004: error: implicit declaration of function path_release
    /root/Install/dazuko-2.3.5/dazuko_linux.c: In function xp_sys_hook:
    /root/Install/dazuko-2.3.5/dazuko_linux.c:2179: error: invalid operands to binary == (have struct path and void *)
    /root/Install/dazuko-2.3.5/dazuko_linux.c:2187: error: struct fs_struct has no member named rootmnt
    /root/Install/dazuko-2.3.5/dazuko_linux.c:2257: error: struct fs_struct has no member named rootmnt
    /root/Install/dazuko-2.3.5/dazuko_linux.c:2261: error: incompatible types in assignment
    make[4]: *** [/root/Install/dazuko-2.3.5/dazuko_linux.o] Error 1
    make[3]: *** [_module_/root/Install/dazuko-2.3.5] Error 2
    make[2]: *** [sub-make] Error 2
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/usr/src/linux-2.6.25.5-1.1-obj/x86_64/default'
    make: *** [dummy_rule] Error 2


    finally, if i install the dazuko & dazuko-kmp-default rpms and try to load dazuko module:

    # ~/Install/dazuko-2.3.5 # modprobe dazuko
    WARNING: Error inserting redirfs (/lib/modules/2.6.25.5-1.1-default/updates/redirfs.ko): Unknown symbol in module, or unknown parameter (see dmesg)
    FATAL: Error inserting dazuko (/lib/modules/2.6.25.5-1.1-default/updates/dazuko.ko): Unknown symbol in module, or unknown parameter (see dmesg)

    also, removing apparmor doesn't change anything, i got the same errors

    is there any way to use dazuko on 11.0?

  8. #8
    Join Date
    Mar 2008
    Location
    NE Arkansas
    Posts
    1,126

    Default Re: Dazuko - how?

    Quote Originally Posted by Rhaddamant View Post
    i
    is there any way to use dazuko on 11.0?
    18 Jun 2008 - Dazuko 2.3.5 and nullfs 0.0.3 have been merged together as DazukoFS.
    Does it have to be in that file system???

    I assume you did (from the readme):
    Code:
    # cd /linux/src/dir/linux-a.b.c.d
    # zcat /proc/config.gz > .config
    # zcat patch-dazuko-linux-a.b.c.diff.gz | patch -p1
    # make menuconfig
      (select Dazuko in the Security section and exit, saving changes)
    # make
    etc
    Desktop Asus X-99 Viper. uefi & secure Boot, Win10, Leap 15.1 B & Leap 43.2; and, Laptop: ASUS GL752VW Optimus, uefi+Secure Boot, Win10, Leap 15 & T-weed

  9. #9

    Default Re: Dazuko - how?

    no, my previous post was about errors trying to build dazuko from source without nullfs

    attempt to build a new kernel patched with dazukoFS fails at patching and respectively at make bzImage... i am trying now to fix patch by hand, will see

    looks like no way to run dazuko on 11.0 and the question is what to do when you need an antivirus guard in lan with $M systems... great!

    also would like to mention that if you want to build a new kernel with capabilities compiled like module (like 10.3), you cannot do that there is no option <module> in make xconfig. if .config is edited by hand make bzImage tells that module is invalid option and asks for yes/no...

  10. #10

    Default Re: Dazuko - how? [SOLVED]

    thanks to Ann Davis dazuko runs on 11.0

    patch here

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •