View previous topic :: View next topic |
Author |
Message |
cyan051 n00b
Joined: 21 Aug 2004 Posts: 64
|
Posted: Sat Sep 03, 2005 2:07 pm Post subject: custom 2.6.13 kernel |
|
|
this morning i decided its time to upgrade the kernel on my E250 box...
so this is what i chose to go with:
grsecurity 2.26 cvs [based on 2.6.13-mm1 sources]
genpatches base+extra 2.6.13-1
reiser4 for 2.6.13-mm1
netfilter patch-o-matic-ng base cvs
netfilter l7-filter 1.4
netfilter iptables 1.3.3 extensions
i wish i could add vserver support, but so far vserver patches are not even close of being compatible with the rest...
so far i found few new broken things:
Code: | CONFIG_IP_NF_SET
CONFIG_IP_NF_MATCH_U32 |
and of course, preemptive support still not working (although there is some progress)...
and i definitly run into a new bug...
why, oh, why did someone had to meddle with smp support?
Quote: | arch/sparc64/kernel/smp.c is broken in function setup_per_cpu_areas |
obviously, this is still work in progress...
[UPDATE]:
new per_cpu code memory allocation doesn't like bigger page sizes (normally i use 64KB page size on sparc64)...
set this to make it work:
Code: | CONFIG_SPARC64_PAGE_SIZE_8KB |
[UPDATE]:
for some reason, i had to re-emerge sys-apps/sysvinit 'cause my /sbin/init was not starting at all with the new kernel...
now the system is up and everything (seems to be) is up and running... |
|
Back to top |
|
|
PtitGNU n00b
Joined: 16 Feb 2004 Posts: 13 Location: Waterloo, BE
|
Posted: Sat Sep 03, 2005 6:10 pm Post subject: |
|
|
For the 'ipset' problem... I wrote a patch for the 2.6.12... can you try with it ?
http://free.ptitgnu.be/set/ip_set.c-nolockhelp.patch
--
PtitGNU _________________ Gentoo GNU/Linux 2008.0 - Kernel 2.6.26-r2 - KDE 3.5.10 |
|
Back to top |
|
|
cyan051 n00b
Joined: 21 Aug 2004 Posts: 64
|
Posted: Sat Sep 03, 2005 8:07 pm Post subject: |
|
|
thnx for the patch...works quite nicely on my 2.6.13 branch...
btw, regarding your http link - putting the patch to load inside a frame prohibts agenst like wget from grabbing it... |
|
Back to top |
|
|
cyan051 n00b
Joined: 21 Aug 2004 Posts: 64
|
Posted: Sun Sep 04, 2005 3:45 pm Post subject: |
|
|
i started patching this kernel this morning with vserver patches (2.1.0-rc5)...
quite a lot of work had to be done manually
build notes:
- mandatory re-emerge of iptables to build using new headers in /usr/src/linux
- recommeded re-emerge of sysvinit or init might not start after kernel initialization
- i've skipped patches against asm-i386 since i'm using sparc64 platform
- gracl also required patching to sort out some circular references with vserver
- smp support requires small kernel page size (8KB) due to new code in smp.c (starting with kernel 2.6.12-rc5)
- util-vserver doesn't really like glibc, so you must build dietlibc
- dietlibc segfaults when using gcc optimizations, so build in O2 only
- the same applies to all binaries using dietlibc
warnings:
- nfs support is somewhat non-consistent (but does work) with multiple redefinitions of dprintk
- forget about preemptive support in this combination (well, preemptive is a no-no on sparc anyhow)
- proc hardening is duplicated in grsec and vserver patches, but i don't see major problems so far
status:
- iptable, grsec, etc. - working 100%
- vserver - legacy support broken, testing under way
all-in-all, not even close to being done...
[UPDATE]
the trick with util-vserver is to use --disable-internal-headers
Code: | root@helios:/etc/vservers# ./testme.sh
Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl
chcontext is working.
chbind is working.
Linux 2.6.13-cyan sparc64/0.30.208/0.30.208 [Ea] (0)
VCI: 0002:0001 267 03000114
---
[000]# succeeded.
[001]# succeeded.
[011]# succeeded.
[031]# succeeded.
[101]# succeeded.
[102]# succeeded.
[201]# succeeded.
[202]# succeeded. |
so now i have a working vserver as well... |
|
Back to top |
|
|
cyan051 n00b
Joined: 21 Aug 2004 Posts: 64
|
Posted: Thu Sep 08, 2005 7:12 pm Post subject: |
|
|
ahh, seems that 2.6.13-mm reiser4 pacthes do miss some stuff when applied against grsec cvs tree...
so i overlaid 2.6.12 vanilla reiser4 patches and seems to work now (still keeping the reiser4 code for 2.6.12-mm)...
i think this is the craziest kernel combo i ever did
[UPDATE:]
reiser4 still seems to be broken on 64bit platforms
i've checked with namesys and no plan when its going to be fixed... |
|
Back to top |
|
|
|