the patches for systrace dissappeared from gentoo-sources-2.4.25. As near as I can tell, there was no notice about this, so I'm hoping it was an accident that can be easily fixed. There may well be more stuff "missing" from 2.4.25: the patch set size is 8 meg (uncompressed) instead of 20 meg for 2.4.22-r5: 20656 gentoo-sources-2.4.22-r5.patch 8268 gentoo-sources-2.4.25.patch supporting info: There are no systrace patches in gentoo-sources-2.4.25.patch.bz2: % bzcat gentoo-sources-2.4.25.patch.bz2 | grep SYSTR % The same search for 2.4.22-r5 (which is also the patch set for r7) has a bunch of systrace related stuff: % bzcat gentoo-sources-2.4.22-r5.patch.bz2 | grep SYSTR +DRIVERS-$(CONFIG_SYSTRACE) += drivers/systrace/str.o +bool 'Systrace support' CONFIG_SYSTRACE +#ifdef CONFIG_SYSTRACE +#endif /* CONFIG_SYSTRACE */ +#ifdef CONFIG_SYSTRACE +#endif /* CONFIG_SYSTRACE */ +subdir-$(CONFIG_SYSTRACE) += systrace + { 0x0090E0, "SYSTRAN CORP." }, + case SYSTR_POLICY_NEW: + case SYSTR_POLICY_ASSIGN: + case SYSTR_POLICY_MODIFY: + if (fst->npolicies > SYSTR_MAX_POLICIES /* && !fst->issuser */) + pol->sysent[i] = SYSTR_POLICY_ASK; +#ifndef SYSTRACE_PRIVATE_H +#define SYSTRACE_PRIVATE_H +#define POLICY_VALID(x) ((x) == SYSTR_POLICY_PERMIT || \ + (x) == SYSTR_POLICY_ASK || \ + (x) == SYSTR_POLICY_NEVER) +#endif /* SYSTRACE_PRIVATE_H */ +#define SYSTRACE_MINOR 226 + SYSTRACE_MINOR, + if (SYSTR_MSG_NOPROCESS(strp)) + policy = SYSTR_POLICY_PERMIT; + policy = SYSTR_POLICY_ASK; + policy = SYSTR_POLICY_NEVER; + case SYSTR_POLICY_PERMIT: + case SYSTR_POLICY_ASK: + if (strp->answer == SYSTR_POLICY_NEVER) { + case SYSTR_POLICY_NEVER: + if (repl->strr_nrepl < 0 || repl->strr_nrepl > SYSTR_MAXARGS) + if (ISSET(ans->stra_flags, SYSTR_FLAGS_RESULT)) + if (ISSET(ans->stra_flags, SYSTR_FLAGS_SETEUID)) { + if (ISSET(ans->stra_flags, SYSTR_FLAGS_SETEGID)) { + case SYSTR_READ: + case SYSTR_WRITE: + case SYSTR_READ: + for (i = 0; i < argsize / sizeof(register_t) && i < SYSTR_MAXARGS; i++) + return (systrace_make_msg(strp, SYSTR_MSG_RES)); + for (i = 0; i < (argsize / sizeof(register_t)) && i < SYSTR_MAXARGS; i++ ) + return (systrace_make_msg(strp, SYSTR_MSG_ASK)); + return (systrace_make_msg(strp, SYSTR_MSG_UGID)); + return (systrace_make_msg(strp, SYSTR_MSG_EXECVE)); + msg->msg_type = SYSTR_MSG_CHILD; +#ifdef CONFIG_SYSTRACE +#endif /* CONFIG_SYSTRACE */ +#ifndef _SYSTRACE_H +#define _SYSTRACE_H +#define SYSTR_EMULEN 8 /* sync with sys proc */ + char emul[SYSTR_EMULEN]; +#define SYSTR_MAX_POLICIES 64 +#define SYSTR_MAXARGS 64 + u32 args[SYSTR_MAXARGS]; +#define SYSTR_MSG_ASK 1 +#define SYSTR_MSG_RES 2 +#define SYSTR_MSG_EMUL 3 +#define SYSTR_MSG_CHILD 4 +#define SYSTR_MSG_UGID 5 +#define SYSTR_MSG_EXECVE 6 +#define SYSTR_MSG_NOPROCESS(x) \ + ((x)->msg.msg_type == SYSTR_MSG_CHILD) +#define SYSTR_READ 1 +#define SYSTR_WRITE 2 +#define SYSTR_POLICY_NEW 1 +#define SYSTR_POLICY_ASSIGN 2 +#define SYSTR_POLICY_MODIFY 3 + int strr_argind[SYSTR_MAXARGS]; + size_t strr_off[SYSTR_MAXARGS]; + size_t strr_offlen[SYSTR_MAXARGS]; +#define SYSTR_POLICY_ASK 0 +#define SYSTR_POLICY_PERMIT 1 +#define SYSTR_POLICY_NEVER 2 +#define SYSTR_FLAGS_RESULT 0x001 +#define SYSTR_FLAGS_SETEUID 0x002 +#define SYSTR_FLAGS_SETEGID 0x004 +#endif /* _SYSTRACE_H */ <and so on...> ------------------------ And if someone could answer this question for me, I would appreciate it (this is not directly related to the bug): where are the definitions for the patch files kept? I'm assuming somewhere in CVS, but it wasn't obvious where? I looked, but couldn't find it. Thanks in advance.
Bug 45524 (CRYPTO_API missing) seems similar to this one, as does 45450 (i2c missing) (which was closed because i2c was dropped on purpose...)
The gentoo-sources patchset was slimmed down considerable. In its old form, it was almost impossible to maintain. current patch list is /usr/src/linux-2.4.25-gentoo/patches.txt
IMHO slimming down the patches is a reasonable thing to do: I can understand the desire. But doing it without notice, as part of a "minor" upgrade seems to be a mistake. Shouldn't this at least have appeared in the forums, newsgroups, or cvs comments? The weekly newsletter? Or was it discussed, and I just didn't find it in any of the searches I did (always possible, I admit). If you determined to cut down the patches, perhaps a note announcing that you are going to do it? And where to get the patches from (as near as I can tell, we're outside of emerge-land to add patches back -- we have to retrieve the patches manually add them into the kernel by hand. Right?) Once again: I'm not challenging the decision, but I do think there really is a "bug" here with the lack of an announcment or transition plan.
Other problems: Can't install Extended Attributes/ACL support (REQUIRED FOR ME) - http://acl.bestbits.at/download.html (Don't give me any nonsense about ACLs being evil...) grsecurity makes it impossible to apply the patches. I'm trying to modify the existing patches to make them compatible with grsecurity, but I might not bother. 2.4.25-gentoo doesn't seem nearly as cool as 2.4.22-r7. :-( I might just go to 2.6, but I've heard problems about that too.