Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
vboxvideo module fails to load with hardened profile[SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
takuan4
n00b
n00b


Joined: 06 Feb 2007
Posts: 17

PostPosted: Wed Jan 21, 2015 12:56 am    Post subject: vboxvideo module fails to load with hardened profile[SOLVED] Reply with quote

I have been trying to get X to work with the virtual box video drivers instead of vesa in order to get the auto resize to work but for some reason it is not working with the hardened profile. Even with GRSecurity, etc.. turned off I always get the error:

Quote:

LoadModule: “vboxvideo”
Loading /usr/lib64/xorg/modules/drivers/vboxvideo_drv.so
Failed to load /usr/lib64/xorg/modules/drivers/vboxvideo_drv.so: /usr/lib64/xorg/modules/drivers/vboxvideo_drv.so: undefined symbol: vgaHWFreeHWRec
UnloadModule: “vboxvideo”
Unloading vboxvideo
Failed to load module “vboxvideo” (loader failed, ?)
No drivers available.


When I do a lsmod it shows that vboxvideo is already loaded.
I have tried with the unstable xf86-video-virtualbox-4.3.20 and stable 4.3.18
and with hardened-sources-3.17 and 3.15 with no luck.

When I install everything from a desktop profile I was able to run X with no problem but then when I changed it over to the hardened profile and turned GRSecurity on then the system started to break down in many other places, so I would like to install it from the hardened profile to begin with.


Last edited by takuan4 on Tue Jan 27, 2015 12:25 am; edited 1 time in total
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 418

PostPosted: Wed Jan 21, 2015 8:32 am    Post subject: Reply with quote

I have been using a hardened profile as vbox guest for some time now, and I always switch compilers to vanilla before emerging xf86-video-virtualbox on kernel update:

Code:
gcc-config 5
emerge @module-rebuild
gcc-config 1


Unfortunately I did not find another way, although I experimented with nopie/nopic and no-stack-protector and lazy binding in CFLAGS/LDFLAGS. I would be interested too if there is a way to get hardened vbox modules to work, or to automate the non-hardened build.
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 418

PostPosted: Fri Jan 23, 2015 9:54 am    Post subject: Reply with quote

I have read your PM but want to respond here because there is nothing really private in here :-)

Regarding BINDNOW: I tried with
Code:
-Wl,-z,lazy -Wl,-z,norelro


in LDFLAGS but it seems it was not enough.

My kernel config: http://dpaste.com/3FJBRVK

I got it by going from the last version from http://kernel-seeds.org/, getting the needed drivers by using http://kmuto.jp/debian/hcl/ and the search function in make menuconfig, configuring what I am used to from my normal desktop system, and going with make oldconfig from version to version. The only thing worth mentioning is

Code:
# CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set


Because with kernel stack overflow protection shared folders do not work and the vbox guest additions module oops'es on shutdown.
Back to top
View user's profile Send private message
takuan4
n00b
n00b


Joined: 06 Feb 2007
Posts: 17

PostPosted: Tue Jan 27, 2015 12:24 am    Post subject: Reply with quote

Thanks so much!

That solved all of my problems! :D
Back to top
View user's profile Send private message
sokolowskim
n00b
n00b


Joined: 04 Feb 2015
Posts: 2

PostPosted: Wed Feb 04, 2015 9:47 pm    Post subject: Reply with quote

which one of solutions worked?

was it (1) using the vanilla gcc profile or was it (2) the LDFLAGS and grsec KSTAKOVERFLOW, or (3) both were/are needed to make the X work? Thank you.

-M
Back to top
View user's profile Send private message
takuan4
n00b
n00b


Joined: 06 Feb 2007
Posts: 17

PostPosted: Wed Jun 17, 2015 10:22 pm    Post subject: Reply with quote

I'm very sorry for the late reply. It was to use the vanilla gcc profile
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum