linux-next: build failure after merge of the security-testing tree

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 540 bytes --]

Hi James,

After merging the security-testing tree, today's linux-next build
(powerpc ppc64_defconfig) failed like this:

security/Kconfig:144: can't open file "security/apparmor/Kconfig"

Caused by commit 32bd8e5273c0be4189274ab55c4d16862f0dd87d ("AppArmor:
Enable configuring and building of the AppArmor security module").  Looks
like a file was missed.

I have used the security-testing from next-20100729 for today.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: linux-next: build failure after merge of the security-testing tree

[James Morris]

On Fri, 30 Jul 2010, Stephen Rothwell wrote:

> Hi James,
> 
> After merging the security-testing tree, today's linux-next build
> (powerpc ppc64_defconfig) failed like this:
> 
> security/Kconfig:144: can't open file "security/apparmor/Kconfig"
> 
> Caused by commit 32bd8e5273c0be4189274ab55c4d16862f0dd87d ("AppArmor:
> Enable configuring and building of the AppArmor security module").  Looks
> like a file was missed.

I don't know how to use git.

Should be fixed now.

> 

-- 
James Morris
<jmorris@namei.org>

Re: linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]

Hi James,

On Fri, 30 Jul 2010 13:54:01 +1000 (EST) James Morris <jmorris@namei.org> wrote:
>
> I don't know how to use git.

:-)

> Should be fixed now.

Thanks.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: linux-next: build failure after merge of the security-testing tree

[John Johansen]

On 07/29/2010 08:54 PM, James Morris wrote:
> On Fri, 30 Jul 2010, Stephen Rothwell wrote:
> 
>> Hi James,
>>
>> After merging the security-testing tree, today's linux-next build
>> (powerpc ppc64_defconfig) failed like this:
>>
>> security/Kconfig:144: can't open file "security/apparmor/Kconfig"
>>
>> Caused by commit 32bd8e5273c0be4189274ab55c4d16862f0dd87d ("AppArmor:
>> Enable configuring and building of the AppArmor security module").  Looks
>> like a file was missed.
> 
> I don't know how to use git.
> 
> Should be fixed now.
> 
works for me,

thanks James

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

Hi James,

After merging the security-testing tree, today's linux-next build (x86_64
allmodconfig) failed like this (also some warnings ...):

security/apparmor/ipc.c: In function 'aa_ptrace':
security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
security/apparmor/domain.c: In function 'may_change_ptraced_domain':
security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)

Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
("AppArmor: LSM interface, and security module initialization")
interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
("param:param_ops") from the rr tree.

I applied the following merge fix patch:

From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Mon, 2 Aug 2010 12:00:43 +1000
Subject: [PATCH] AppArmor: update for module_param_named API change

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---
 security/apparmor/lsm.c |   36 ++++++++++++++++++++++++------------
 1 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8..d5666d3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
  * AppArmor sysfs module parameters
  */
 
-static int param_set_aabool(const char *val, struct kernel_param *kp);
-static int param_get_aabool(char *buffer, struct kernel_param *kp);
+static int param_set_aabool(const char *val, const struct kernel_param *kp);
+static int param_get_aabool(char *buffer, const struct kernel_param *kp);
 #define param_check_aabool(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aabool = {
+	.set = param_set_aabool,
+	.get = param_get_aabool
+};
 
-static int param_set_aauint(const char *val, struct kernel_param *kp);
-static int param_get_aauint(char *buffer, struct kernel_param *kp);
+static int param_set_aauint(const char *val, const struct kernel_param *kp);
+static int param_get_aauint(char *buffer, const struct kernel_param *kp);
 #define param_check_aauint(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aauint = {
+	.set = param_set_aauint,
+	.get = param_get_aauint
+};
 
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
 #define param_check_aalockpolicy(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aalockpolicy = {
+	.set = param_set_aalockpolicy,
+	.get = param_get_aalockpolicy
+};
 
 static int param_set_audit(const char *val, struct kernel_param *kp);
 static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
 __setup("apparmor=", apparmor_enabled_setup);
 
 /* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
 	return param_set_bool(val, kp);
 }
 
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_get_bool(buffer, kp);
 }
 
-static int param_set_aabool(const char *val, struct kernel_param *kp)
+static int param_set_aabool(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_set_bool(val, kp);
 }
 
-static int param_get_aabool(char *buffer, struct kernel_param *kp)
+static int param_get_aabool(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_get_bool(buffer, kp);
 }
 
-static int param_set_aauint(const char *val, struct kernel_param *kp)
+static int param_set_aauint(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_set_uint(val, kp);
 }
 
-static int param_get_aauint(char *buffer, struct kernel_param *kp)
+static int param_get_aauint(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
-- 
1.7.1

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

Re: linux-next: build failure after merge of the security-testing tree

[John Johansen]

On 08/01/2010 07:16 PM, Stephen Rothwell wrote:
> Hi James,
> 
> After merging the security-testing tree, today's linux-next build (x86_64
> allmodconfig) failed like this (also some warnings ...):
> 
> security/apparmor/ipc.c: In function 'aa_ptrace':
> security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
> security/apparmor/domain.c: In function 'may_change_ptraced_domain':
> security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
> security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
> security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
> security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
> 
> Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
> ("AppArmor: LSM interface, and security module initialization")
> interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
> ("param:param_ops") from the rr tree.
> 
> I applied the following merge fix patch:
> 
> From: Stephen Rothwell <sfr@canb.auug.org.au>
> Date: Mon, 2 Aug 2010 12:00:43 +1000
> Subject: [PATCH] AppArmor: update for module_param_named API change
> 
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
looks good, thanks Stephen

Signed-off-by: John Johansen <john.johansen@canonical.com>



> ---
>  security/apparmor/lsm.c |   36 ++++++++++++++++++++++++------------
>  1 files changed, 24 insertions(+), 12 deletions(-)
> 
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 8db33a8..d5666d3 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
>   * AppArmor sysfs module parameters
>   */
>  
> -static int param_set_aabool(const char *val, struct kernel_param *kp);
> -static int param_get_aabool(char *buffer, struct kernel_param *kp);
> +static int param_set_aabool(const char *val, const struct kernel_param *kp);
> +static int param_get_aabool(char *buffer, const struct kernel_param *kp);
>  #define param_check_aabool(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aabool = {
> +	.set = param_set_aabool,
> +	.get = param_get_aabool
> +};
>  
> -static int param_set_aauint(const char *val, struct kernel_param *kp);
> -static int param_get_aauint(char *buffer, struct kernel_param *kp);
> +static int param_set_aauint(const char *val, const struct kernel_param *kp);
> +static int param_get_aauint(char *buffer, const struct kernel_param *kp);
>  #define param_check_aauint(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aauint = {
> +	.set = param_set_aauint,
> +	.get = param_get_aauint
> +};
>  
> -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
> -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
> +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
> +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
>  #define param_check_aalockpolicy(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aalockpolicy = {
> +	.set = param_set_aalockpolicy,
> +	.get = param_get_aalockpolicy
> +};
>  
>  static int param_set_audit(const char *val, struct kernel_param *kp);
>  static int param_get_audit(char *buffer, struct kernel_param *kp);
> @@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
>  __setup("apparmor=", apparmor_enabled_setup);
>  
>  /* set global flag turning off the ability to load policy */
> -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
> +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;
> @@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
>  	return param_set_bool(val, kp);
>  }
>  
> -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
> +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;
>  	return param_get_bool(buffer, kp);
>  }
>  
> -static int param_set_aabool(const char *val, struct kernel_param *kp)
> +static int param_set_aabool(const char *val, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;
>  	return param_set_bool(val, kp);
>  }
>  
> -static int param_get_aabool(char *buffer, struct kernel_param *kp)
> +static int param_get_aabool(char *buffer, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;
>  	return param_get_bool(buffer, kp);
>  }
>  
> -static int param_set_aauint(const char *val, struct kernel_param *kp)
> +static int param_set_aauint(const char *val, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;
>  	return param_set_uint(val, kp);
>  }
>  
> -static int param_get_aauint(char *buffer, struct kernel_param *kp)
> +static int param_get_aauint(char *buffer, const struct kernel_param *kp)
>  {
>  	if (!capable(CAP_MAC_ADMIN))
>  		return -EPERM;

Re: linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

Hi Rusty,

On Mon, 02 Aug 2010 17:04:28 -0700 John Johansen <john.johansen@canonical.com> wrote:
>
> On 08/01/2010 07:16 PM, Stephen Rothwell wrote:
> > 
> > After merging the security-testing tree, today's linux-next build (x86_64
> > allmodconfig) failed like this (also some warnings ...):
> > 
> > security/apparmor/ipc.c: In function 'aa_ptrace':
> > security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
> > security/apparmor/domain.c: In function 'may_change_ptraced_domain':
> > security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
> > security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
> > security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
> > security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
> > 
> > Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
> > ("AppArmor: LSM interface, and security module initialization")
> > interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
> > ("param:param_ops") from the rr tree.
> > 
> > I applied the following merge fix patch:
> > 
> > From: Stephen Rothwell <sfr@canb.auug.org.au>
> > Date: Mon, 2 Aug 2010 12:00:43 +1000
> > Subject: [PATCH] AppArmor: update for module_param_named API change
> > 
> > Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> looks good, thanks Stephen
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>

The security-testing tree has been merged by Linus, so this patch can now
be added to the rr tree.

From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Mon, 2 Aug 2010 12:00:43 +1000
Subject: [PATCH] AppArmor: update for module_param_named API change

Fixes these build errors:
security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/lsm.c |   36 ++++++++++++++++++++++++------------
 1 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8..d5666d3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
  * AppArmor sysfs module parameters
  */
 
-static int param_set_aabool(const char *val, struct kernel_param *kp);
-static int param_get_aabool(char *buffer, struct kernel_param *kp);
+static int param_set_aabool(const char *val, const struct kernel_param *kp);
+static int param_get_aabool(char *buffer, const struct kernel_param *kp);
 #define param_check_aabool(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aabool = {
+	.set = param_set_aabool,
+	.get = param_get_aabool
+};
 
-static int param_set_aauint(const char *val, struct kernel_param *kp);
-static int param_get_aauint(char *buffer, struct kernel_param *kp);
+static int param_set_aauint(const char *val, const struct kernel_param *kp);
+static int param_get_aauint(char *buffer, const struct kernel_param *kp);
 #define param_check_aauint(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aauint = {
+	.set = param_set_aauint,
+	.get = param_get_aauint
+};
 
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
 #define param_check_aalockpolicy(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aalockpolicy = {
+	.set = param_set_aalockpolicy,
+	.get = param_get_aalockpolicy
+};
 
 static int param_set_audit(const char *val, struct kernel_param *kp);
 static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
 __setup("apparmor=", apparmor_enabled_setup);
 
 /* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
 	return param_set_bool(val, kp);
 }
 
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_get_bool(buffer, kp);
 }
 
-static int param_set_aabool(const char *val, struct kernel_param *kp)
+static int param_set_aabool(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_set_bool(val, kp);
 }
 
-static int param_get_aabool(char *buffer, struct kernel_param *kp)
+static int param_get_aabool(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_get_bool(buffer, kp);
 }
 
-static int param_set_aauint(const char *val, struct kernel_param *kp)
+static int param_set_aauint(const char *val, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
 	return param_set_uint(val, kp);
 }
 
-static int param_get_aauint(char *buffer, struct kernel_param *kp)
+static int param_get_aauint(char *buffer, const struct kernel_param *kp)
 {
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
-- 
1.7.1

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 792 bytes --]

Hi James,

After merging the security-testing tree, today's linux-next build (powerpc_ppc64_defconfig)
failed like this:

net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_conntrack_event':
net/netfilter/nf_conntrack_netlink.c:585: error: 'struct nf_conn' has no member named 'secmark'

Caused by commit fd0194de4cf2e64514aec35f40de458fca766656 ("conntrack:
export lsm context rather than internal secid via netlink").  This build
has CONFIG_NF_CONNTRACK_SECMARK not set ...

If you change a dependency on a CONFIG option, it is always worth build
testing with and without the option set.

I have used the security-testing tree from next-20101018 for today.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: linux-next: build failure after merge of the security-testing tree

[Eric Paris]

On Tue, 2010-10-19 at 14:57 +1100, Stephen Rothwell wrote:
> Hi James,
> 
> After merging the security-testing tree, today's linux-next build (powerpc_ppc64_defconfig)
> failed like this:
> 
> net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_conntrack_event':
> net/netfilter/nf_conntrack_netlink.c:585: error: 'struct nf_conn' has no member named 'secmark'
> 
> Caused by commit fd0194de4cf2e64514aec35f40de458fca766656 ("conntrack:
> export lsm context rather than internal secid via netlink").  This build
> has CONFIG_NF_CONNTRACK_SECMARK not set ...
> 
> If you change a dependency on a CONFIG option, it is always worth build
> testing with and without the option set.
> 
> I have used the security-testing tree from next-20101018 for today.

Ohhh, poop.  I didn't think I changed any config options but I see it
now.  Will fix by tomorrow.  Sorry and thanks for catching it.

-Eric

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 590 bytes --]

Hi James,

After merging the security-testing tree, today's linux-next build (x86_64
allmodconfig) failed like this:

security/built-in.o: In function `tomoyo_bprm_set_creds':
tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'

I am not sure what caused this (but tomoyo_load_policy is guarded by
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
and that is set in this build).

I have used the security-testing tree from next-20110628 for today.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: linux-next: build failure after merge of the security-testing tree

[Tetsuo Handa]

Stephen Rothwell wrote:
> Hi James,
> 
> After merging the security-testing tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
> 
> security/built-in.o: In function `tomoyo_bprm_set_creds':
> tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'
> 
Sorry. I forgot to add #ifndef there.
It is for embedded systems where running userspace policy loader is difficult.
Below patch fixes the error.

Regards.
---
 From 262f32874cd073fe2684e07dc838381f1dd01fd4 Mon Sep 17 00:00:00 2001
 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 29 Jun 2011 13:07:52 +0900
Subject: [PATCH] TOMOYO: Fix build error with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y .

I forgot to add #ifndef in commit 0e4ae0e0 "TOMOYO: Make several options
configurable.", resulting

  security/built-in.o: In function `tomoyo_bprm_set_creds':
  tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'

error.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 security/tomoyo/tomoyo.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 2615c7d..d6f68a0 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -51,12 +51,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 	 */
 	if (bprm->cred_prepared)
 		return 0;
+#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
 	/*
 	 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
 	 * for the first time.
 	 */
 	if (!tomoyo_policy_loaded)
 		tomoyo_load_policy(bprm->filename);
+#endif
 	/*
 	 * Release reference to "struct tomoyo_domain_info" stored inside
 	 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
-- 
1.6.1

Re: linux-next: build failure after merge of the security-testing tree

[James Morris]

On Wed, 29 Jun 2011, Tetsuo Handa wrote:

>  From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Wed, 29 Jun 2011 13:07:52 +0900
> Subject: [PATCH] TOMOYO: Fix build error with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y .
> 
> I forgot to add #ifndef in commit 0e4ae0e0 "TOMOYO: Make several options
> configurable.", resulting
> 
>   security/built-in.o: In function `tomoyo_bprm_set_creds':
>   tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'
> 

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

-- 
James Morris
<jmorris@namei.org>

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

Hi James,

After merging the security-testing tree, today's linux-next build
(powerpc ppc64_defconfig) failed like this:

fs/reiserfs/xattr_security.c: In function 'reiserfs_security_init':
fs/reiserfs/xattr_security.c:69:2: error: implicit declaration of function 'security_old_inode_init_security'

Caused by commit 9d8f13ba3f48 ("security: new
security_inode_init_security API adds function callback").  Forgotten
include?

I have used the security-testing tree from next-20110809 for today.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

Re: linux-next: build failure after merge of the security-testing tree

[Mimi Zohar]

On Wed, 2011-08-10 at 10:58 +1000, Stephen Rothwell wrote:
> Hi James,
> 
> After merging the security-testing tree, today's linux-next build
> (powerpc ppc64_defconfig) failed like this:
> 
> fs/reiserfs/xattr_security.c: In function 'reiserfs_security_init':
> fs/reiserfs/xattr_security.c:69:2: error: implicit declaration of function 'security_old_inode_init_security'
> 
> Caused by commit 9d8f13ba3f48 ("security: new
> security_inode_init_security API adds function callback").  Forgotten
> include?
> 
> I have used the security-testing tree from next-20110809 for today.

No, I left out the stub definition in the include.  James, how do you
want me to correct this and the missing 'inline'?  Should I be updating
the original patches or submitting them as new patches?

thanks,

Mimi

Re: linux-next: build failure after merge of the security-testing tree

[James Morris]

On Tue, 9 Aug 2011, Mimi Zohar wrote:

> No, I left out the stub definition in the include.  James, how do you
> want me to correct this and the missing 'inline'?  Should I be updating
> the original patches or submitting them as new patches?

Send a new patch,  thanks.


-- 
James Morris
<jmorris@namei.org>

linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 902 bytes --]

Hi James,

After merging the security-testing tree, today's linux-next build
(powerpc ppc64_defconfig) failed like this:

init/mounts.o: In function `security_old_inode_init_security':
(.opd+0xf0): multiple definition of `security_old_inode_init_security'
init/main.o:(.opd+0x108): first defined here
init/mounts.o: In function `.security_old_inode_init_security':
(.text+0x50): multiple definition of `.security_old_inode_init_security'
init/main.o:(.text+0x110): first defined here

etc ... (lots and lots)

Casued by commit e1c9b23adbe8 ("evm: building without EVM enabled fixes").

Please, please, build test this stuff.  This is the same error that that
patch was supposed to fix but on another function ...

I have used the security-tree tree from next-20110809 again.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: linux-next: build failure after merge of the security-testing tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1055 bytes --]

Hi James,

On Fri, 12 Aug 2011 12:47:23 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> After merging the security-testing tree, today's linux-next build
> (powerpc ppc64_defconfig) failed like this:
> 
> init/mounts.o: In function `security_old_inode_init_security':
> (.opd+0xf0): multiple definition of `security_old_inode_init_security'
> init/main.o:(.opd+0x108): first defined here
> init/mounts.o: In function `.security_old_inode_init_security':
> (.text+0x50): multiple definition of `.security_old_inode_init_security'
> init/main.o:(.text+0x110): first defined here
> 
> etc ... (lots and lots)
> 
> Casued by commit e1c9b23adbe8 ("evm: building without EVM enabled fixes").
> 
> Please, please, build test this stuff.  This is the same error that that
> patch was supposed to fix but on another function ...
> 
> I have used the security-tree tree from next-20110809 again.

I am still getting this ...
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]