base Kernel compile - how to patch for apparmor/firewall
SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
base Kernel compile - how to patch for apparmor/firewall
I got and reasonably successfully compiled/installed the 2.6.24.2 kernel working from kernel.org. I really wanted this kernel because it has "native" support (that is, no ndiswrapper needed) for my WiFi card (b43legacy). The wireless is working, which is nice (had to get the firmware properly placed).
I have these two problems though:
1) I have to shut off the firewall in Suse 10.2 to get networking to work. I get a bunch of iptables-batch errors at boot up.
2) I cannot figure out how to get patch the kernel to get apparmor support. I've been here: http://forge.novell.com/modules/xfmod/project/?apparmor and see a/the patch, but don't know how to apply it.
Any help with either of these problems would be greatly appreciated.
Kurt
Thanks, the apparmor patch didn't seem to work - I think it's because I am using 2.6.24.2 and not just 2.6.24-only. Is it possible to apply the patch to a later version?
security/apparmor/lsm.c:908: error: unknown field ‘socket_create’ specified in initializer
security/apparmor/lsm.c:908: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:909: error: unknown field ‘socket_post_create’ specified in initializer
security/apparmor/lsm.c:909: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:910: error: unknown field ‘socket_bind’ specified in initializer
security/apparmor/lsm.c:910: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:911: error: unknown field ‘socket_connect’ specified in initializer
security/apparmor/lsm.c:911: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:912: error: unknown field ‘socket_listen’ specified in initializer
security/apparmor/lsm.c:912: warning: initialization from incompatible pointer type
security/apparmor/lsm.c:913: error: unknown field ‘socket_accept’ specified in initializer
security/apparmor/lsm.c:913: warning: excess elements in struct initializer
security/apparmor/lsm.c:913: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:914: error: unknown field ‘socket_sendmsg’ specified in initializer
security/apparmor/lsm.c:914: warning: excess elements in struct initializer
security/apparmor/lsm.c:914: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:915: error: unknown field ‘socket_recvmsg’ specified in initializer
security/apparmor/lsm.c:915: warning: excess elements in struct initializer
security/apparmor/lsm.c:915: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:916: error: unknown field ‘socket_getsockname’ specified in initializer
security/apparmor/lsm.c:916: warning: excess elements in struct initializer
security/apparmor/lsm.c:916: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:917: error: unknown field ‘socket_getpeername’ specified in initializer
security/apparmor/lsm.c:917: warning: excess elements in struct initializer
security/apparmor/lsm.c:917: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:918: error: unknown field ‘socket_getsockopt’ specified in initializer
security/apparmor/lsm.c:918: warning: excess elements in struct initializer
security/apparmor/lsm.c:918: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:919: error: unknown field ‘socket_setsockopt’ specified in initializer
security/apparmor/lsm.c:919: warning: excess elements in struct initializer
security/apparmor/lsm.c:919: warning: (near initialization for ‘apparmor_ops’)
security/apparmor/lsm.c:920: error: unknown field ‘socket_shutdown’ specified in initializer
security/apparmor/lsm.c:920: warning: excess elements in struct initializer
security/apparmor/lsm.c:920: warning: (near initialization for ‘apparmor_ops’)
make[2]: *** [security/apparmor/lsm.o] Error 1
make[1]: *** [security/apparmor] Error 2
make: *** [security] Error 2
Here are the iptable/susefirewall2 messages that I get:
Feb 24 21:29:23 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:25 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:40 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:30:48 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 21:31:46 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 24 22:22:12 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 07:04:10 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 07:07:35 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:11 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:17 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Feb 25 21:15:21 balder SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Thanks, the apparmor patch didn't seem to work - I think it's because I am using 2.6.24.2 and not just 2.6.24-only. Is it possible to apply the patch to a later version?
Are you getting many rejects then (those should be dealt with on the apparmor development mailing list)? Are you sure you configured all AppArmor controls during kernel config?
Quote:
Originally Posted by petersk
Error: iptables-batch failed, re-running using iptables
Means that if you haven't got "/usr/sbin/iptables-batch" it'll re-run the commands using iptables. Apparently batchmode was submitted to iptables by SuSE but I don't know if it's in Patch-O-Matic (aka POM) or a specific SuSE addon.
No, I didn't get errors from quilt, I got those errors at compile time.
If you are sure you configured all AppArmor controls during kernel config then the patch didn't work for your kernel version. I'd get on a SuSE mailing list and ask the maintainers to provide one.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.