Created attachment 295143 [details] build log, use flags, emerge info Hi, I am trying to emerge sys-fs/aufs3 on Gentoo Hardened with inotify use flag, but I get this compile error: hfsnotify.c:208:2: error: assignment of read-only member 'br_hfsn_ops' I tried to find the reason myself, but I got stuck. 'struct fsnotify_ops br_hfsn_ops' is defined in 'struct au_branch', but there is no const modifier. In 'include/linux/fsnotify_backend.h' (where fsnotify_ops is defined) in 'fsnotify_group' 'ops' field is declared const. Removing this const declaration solves the problem... but probably breaking kernel is a poor/bad solution. Am I missing something? A false positive detected by gcc constify plugin?
Might be good to CC maintainers.
Yes Justin, just filed upstream to aufs-users ML: https://sourceforge.net/mailarchive/forum.php?thread_name=CAJQUg4inJjbdKbwpTURKXnk5Z3rPCnQDAyWEE2G1A0vYhdAdSA%40mail.gmail.com&forum_name=aufs-users Thanks (In reply to comment #1) > Might be good to CC maintainers.
I am the gentoo maintainer. I saw your mail on the aufs mailing list. But sadly I am not experienced with fixing hardened issues.
Created attachment 326184 [details, diff] Fix compilation of sys-fs/aufs3 with hardened (PaX kernels) There was a discussion on the Gentoo Hardened list archives (of which I was not a participant, but found through Google) on exactly this issue with an outcome that would've solved the original posters issue. I'm not an expert on the matter by any means but it would seem the PaX Team spelled out the problem and a solution quite clearly. Someone even posted a link to patch from PLD Linux that fixes the build failure. Please see: http://gentoo.2317880.n4.nabble.com/Re-aufs3-0-fails-to-emerge-on-Gentoo-hardened-and-kernel-3-0-4-td163600.html [PaX Team wrote:] "i think arekm's patch [from PLD Linux] is fine, probably even better than what gentoo includes now, so feel free to push it into gentoo as well." The "pax.patch" included with sys-fs/aufs3 in Gentoo is clearly broken. As the original poster observed, a (hardened) kernel won't even compile if CONFIG_AUFS_HNOTIFY is enabled. The PLD patch appears to works fine, with the caveat that I have only tested it on recent kernels. Why not use that one instead? The attached patch comes from PLD Linux, with only trivial changes to a line or so of blank/whitespace in the context of diffs.
Thanks for that patch. @hardened could you please comment on that. Should it be included? I cannot test this, so I must rely on you.
OKay, I lost interest in this topic. @hardened, it's up to you. You can touch the package and fix what ever needs to be fixed for you.
(In reply to comment #5) > Thanks for that patch. > > @hardened could you please comment on that. Should it be included? I cannot > test this, so I must rely on you. i was travelling, hence the lack of response. the patch looks ok to me. whether it could be done in a better way (by not requiring overriding constified structures) is something left for someone else to figure out in the future ;).
(In reply to comment #6) > OKay, I lost interest in this topic. > > @hardened, it's up to you. You can touch the package and fix what ever needs > to be fixed for you. jlec, just add the patch contingent on USE="pax_kernel". I haven't been following this issue closely and I noticed that there already is a pax.patch in FILESDIR, so I don't want to guess.
(In reply to comment #8) > following this issue closely and I noticed that there already is a pax.patch > in FILESDIR, so I don't want to guess. Can't say what the other patch does. It was there from the beginning of my maintainership and it still applies so I never changed it.
+*aufs3-3_p20121015-r1 (25 Oct 2012) + + 25 Oct 2012; Justin Lecher <jlec@gentoo.org> +files/pax-2.patch, + +aufs3-3_p20121015-r1.ebuild: + Add Arch linux patch for hardened kernels, #393559 +
Hello. This patch should invalidate the older patch. After this addition, aufs3 can not be emerged for hardened-sources because the two patches are exclusive. There is a bug report open but Justin wasn't CC'd, thus I comment here. Bug link: https://bugs.gentoo.org/show_bug.cgi?id=439772