Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 491342 - vmware-modules-279.0: ebuild can not apply hardened.patch
Summary: vmware-modules-279.0: ebuild can not apply hardened.patch
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-15 15:51 UTC by Manuel Ullmann
Modified: 2013-11-23 14:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
build.log of vmware-modules-279.0 (build.log,2.88 KB, text/plain)
2013-11-15 15:54 UTC, Manuel Ullmann 		Details
Output of applying hardened.patch (hardened.patch.out,6.12 KB, text/plain)
2013-11-15 15:55 UTC, Manuel Ullmann 		Details
Output of emerge --info (emerge-info,4.72 KB, text/plain)
2013-11-15 15:56 UTC, Manuel Ullmann 		Details
My kernel configuration (.config,84.11 KB, text/x-mpsub)
2013-11-15 16:12 UTC, Manuel Ullmann 		Details
Output of emerge --info '...vmware-modules...' (emerge-info,4.82 KB, text/plain)
2013-11-17 15:07 UTC, Manuel Ullmann 		Details
Output of emerge -pqv '...vmware-modules...' (emerge-pqv,77 bytes, text/plain)
2013-11-17 15:11 UTC, Manuel Ullmann 		Details
environment of portage on build time (environment,134.21 KB, text/plain)
2013-11-17 15:13 UTC, Manuel Ullmann 		Details
New hardened patch for wmware moduls for 279 (279-hardened.patch,3.26 KB, patch)
2013-11-23 10:22 UTC, Magnus Granberg 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Ullmann 2013-11-15 15:51:02 UTC 
The current and recently updated vmware-modules-279.0 ebuild can not apply hardened.patch. Therefore portage breaks.

Reproducible: Always

Steps to Reproduce:
1. emerge -1 vmware-modules (on a hardened system)
2.
3.
Actual Results:  
Portage fails to apply hardened.patch

Expected Results:  
Portage should successfully apply hardened.patch.

I´ll provide the patch and build log.
Comment 1 Manuel Ullmann 2013-11-15 15:54:33 UTC 
Created attachment 363334 [details]
build.log of vmware-modules-279.0
Comment 2 Manuel Ullmann 2013-11-15 15:55:13 UTC 
Created attachment 363336 [details]
Output of applying hardened.patch
Comment 3 Manuel Ullmann 2013-11-15 15:56:43 UTC 
Created attachment 363338 [details]
Output of emerge --info
Comment 4 Manuel Ullmann 2013-11-15 16:12:14 UTC 
Created attachment 363340 [details]
My kernel configuration

I actually don´t think, that this is needed. However I couldn´t get vmware-player to work so far. Starting a virtual machine does a hard reset on the host. I used the automatic configuration in grsecurity (host, vmware, performance).
This is documented here:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022578
PAX_KERNEXEC was disabled, otherwise X would have been acting strange. I´ve read somewhere that I should also disable CONFIG_PAX_MEMORY_UDEREF, so this is also disabled. Maybe the automatic configuration was failing, but I can´t test it due to this bug.

It would be nice, if it gets fixed fast. ;-)
Comment 5 Manuel Ullmann 2013-11-17 15:07:12 UTC 
Created attachment 363428 [details]
Output of emerge --info '...vmware-modules...'
Comment 6 Manuel Ullmann 2013-11-17 15:11:59 UTC 
Created attachment 363430 [details]
Output of emerge -pqv '...vmware-modules...'

Extend '...vmware-modules...' to '=app-emulation/vmware-modules-279.0::gentoo' in this attachment and attachment 363428 [details].
Comment 7 Manuel Ullmann 2013-11-17 15:13:04 UTC 
Created attachment 363432 [details]
environment of portage on build time
Comment 8 Manuel Ullmann 2013-11-22 22:30:59 UTC 
I noted, that the bug described in comment 4 is bug 382793. Well it's quite pointless to get this fixed on hardened amd64 with hardened-sources, as vmware-player will reset. However people could use gentoo-sources with hardened profile. I will switch to qemu/kvm with 32 bit guests (due to bug 363713). I'll see, if it works, but I think it should. At least there are a few comments in bug 363713 and the hardened mailing list, which indicate that. https://bugs.gentoo.org/382793?id=382793#c20 however indicates, that 64 bit guests are working. Maybe I test both.
Comment 9 Magnus Granberg gentoo-dev 2013-11-23 10:22:35 UTC 
Created attachment 363824 [details, diff]
New hardened patch for wmware moduls for 279

Test this patch.
Comment 10 Manuel Ullmann 2013-11-23 11:19:05 UTC 
Patch work like a charm. Thank you. Note, that the ebuild has to apply the new name scheme. Otherwise the old patch is loaded.
Comment 11 Magnus Granberg gentoo-dev 2013-11-23 13:11:35 UTC 
Vmware okay to update patch?
Comment 12 Andreas K. Hüttel archtester gentoo-dev 2013-11-23 13:23:52 UTC 
(In reply to Magnus Granberg from comment #11)
> Vmware okay to update patch?

Yes please do. Just use the same naming scheme as for the other patches now. Zorry, feel free to update the hardened patch in other places as well, I can't test it...
Comment 13 Magnus Granberg gentoo-dev 2013-11-23 14:08:01 UTC 
fixed in cvs for 279.0 and 279.1