LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 02-24-2008, 09:15 PM   #1
petersk
Member
 
Registered: Aug 2005
Distribution: Suse
Posts: 53

Rep: Reputation: 15
base Kernel compile - how to patch for apparmor/firewall


I got and reasonably successfully compiled/installed the 2.6.24.2 kernel working from kernel.org. I really wanted this kernel because it has "native" support (that is, no ndiswrapper needed) for my WiFi card (b43legacy). The wireless is working, which is nice (had to get the firmware properly placed).
I have these two problems though:
1) I have to shut off the firewall in Suse 10.2 to get networking to work. I get a bunch of iptables-batch errors at boot up.
2) I cannot figure out how to get patch the kernel to get apparmor support. I've been here: http://forge.novell.com/modules/xfmod/project/?apparmor and see a/the patch, but don't know how to apply it.

Any help with either of these problems would be greatly appreciated.
Kurt
 
Old 02-26-2008, 12:08 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by petersk View Post
I have to shut off the firewall in Suse 10.2 to get networking to work. I get a bunch of iptables-batch errors at boot up.
Talking *about* errors won't help, posting them in full just might.


Quote:
Originally Posted by petersk View Post
I cannot figure out how to get patch the kernel to get apparmor support. I've been here: http://forge.novell.com/modules/xfmod/project/?apparmor and see a/the patch, but don't know how to apply it.
See http://en.opensuse.org/AppArmor_Geeks
 
Old 02-26-2008, 08:24 PM   #3
petersk
Member
 
Registered: Aug 2005
Distribution: Suse
Posts: 53

Original Poster
Rep: Reputation: 15
Thanks, the apparmor patch didn't seem to work - I think it's because I am using 2.6.24.2 and not just 2.6.24-only. Is it possible to apply the patch to a later version?

security/apparmor/lsm.c:908: error: unknown field ‘socket_create’ specified in initializer
security/apparmor/lsm.c:908: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:909: error: unknown field ‘socket_post_create’ specified in initializer
security/apparmor/lsm.c:909: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:910: error: unknown field ‘socket_bind’ specified in initializer
security/apparmor/lsm.c:910: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:911: error: unknown field ‘socket_connect’ specified in initializer
security/apparmor/lsm.c:911: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:912: error: unknown field ‘socket_listen’ specified in initializer
security/apparmor/lsm.c:912: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:913: error: unknown field ‘socket_accept’ specified in initializer
security/apparmor/lsm.c:913: warning: excess elements in struct initializer
security/apparmor/lsm.c:913: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:914: error: unknown field ‘socket_sendmsg’ specified in initializer
security/apparmor/lsm.c:914: warning: excess elements in struct initializer
security/apparmor/lsm.c:914: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:915: error: unknown field ‘socket_recvmsg’ specified in initializer
security/apparmor/lsm.c:915: warning: excess elements in struct initializer
security/apparmor/lsm.c:915: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:916: error: unknown field ‘socket_getsockname’ specified in initializer
security/apparmor/lsm.c:916: warning: excess elements in struct initializer
security/apparmor/lsm.c:916: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:917: error: unknown field ‘socket_getpeername’ specified in initializer
security/apparmor/lsm.c:917: warning: excess elements in struct initializer
security/apparmor/lsm.c:917: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:918: error: unknown field ‘socket_getsockopt’ specified in initializer
security/apparmor/lsm.c:918: warning: excess elements in struct initializer
security/apparmor/lsm.c:918: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:919: error: unknown field ‘socket_setsockopt’ specified in initializer
security/apparmor/lsm.c:919: warning: excess elements in struct initializer
security/apparmor/lsm.c:919: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:920: error: unknown field ‘socket_shutdown’ specified in initializer
security/apparmor/lsm.c:920: warning: excess elements in struct initializer
security/apparmor/lsm.c:920: warning: (near initialization for ‘apparmor_ops’)
make[2]: *** [security/apparmor/lsm.o] Error 1
make[1]: *** [security/apparmor] Error 2
make: *** [security] Error 2


Here are the iptable/susefirewall2 messages that I get:
Feb 24 21:29:23 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:25 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:40 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:48 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:31:46 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 22:22:12 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 07:04:10 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 07:07:35 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:11 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:17 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:21 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables

Kurt

Last edited by petersk; 02-26-2008 at 08:35 PM.
 
Old 02-27-2008, 02:17 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by petersk View Post
Thanks, the apparmor patch didn't seem to work - I think it's because I am using 2.6.24.2 and not just 2.6.24-only. Is it possible to apply the patch to a later version?
Are you getting many rejects then (those should be dealt with on the apparmor development mailing list)? Are you sure you configured all AppArmor controls during kernel config?


Quote:
Originally Posted by petersk View Post
Error: iptables-batch failed, re-running using iptables
Means that if you haven't got "/usr/sbin/iptables-batch" it'll re-run the commands using iptables. Apparently batchmode was submitted to iptables by SuSE but I don't know if it's in Patch-O-Matic (aka POM) or a specific SuSE addon.
 
Old 02-27-2008, 03:43 PM   #5
petersk
Member
 
Registered: Aug 2005
Distribution: Suse
Posts: 53

Original Poster
Rep: Reputation: 15
I can't configure the kernel with AppArmor, because I can't get the patch to work on 2.6.24.3 (now).
Kurt
 
Old 02-27-2008, 07:01 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
OK, but those errors you've shown don't look like errors from patch output?
 
Old 02-28-2008, 09:07 AM   #7
petersk
Member
 
Registered: Aug 2005
Distribution: Suse
Posts: 53

Original Poster
Rep: Reputation: 15
No, I didn't get errors from quilt, I got those errors at compile time.
 
Old 03-05-2008, 03:06 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by petersk View Post
No, I didn't get errors from quilt, I got those errors at compile time.
If you are sure you configured all AppArmor controls during kernel config then the patch didn't work for your kernel version. I'd get on a SuSE mailing list and ask the maintainers to provide one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Firewall your applications with AppArmor LXer Syndicated Linux News 0 12-06-2006 12:33 AM
LXer: Day 3 at OLS: NFS, USB, AppArmor, and the Linux Standard Base LXer Syndicated Linux News 0 07-22-2006 05:54 PM
Base install sarge - kernel compile? insyte Debian 3 08-13-2004 04:58 PM
No more modules after kernel compile w/ ck patch uglydot Slackware 3 11-10-2003 04:04 PM
ACPI patch and kernel compile error crisponions Linux - Laptop and Netbook 3 10-29-2003 07:52 PM


All times are GMT -5. The time now is 11:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration