Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 71625 - (kernel) commoncap.ko and capability.ko have unknown symbols
Summary: (kernel) commoncap.ko and capability.ko have unknown symbols
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-17 17:17 UTC by Marijn
Modified: 2005-01-02 17:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marijn 2004-11-17 17:17:38 UTC 
Hi, 

I'm using the hardened-2.6.7-r10 kernel and everything compiles just fine, however at the end of `make modules_install` I get: 

WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_check_user_change 
WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_check_group_change 
WARNING: /lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko needs unknown symbol gr_handle_chroot_caps 

In my USE flags in /etc/make.conf I have "hardened" (installed my system with that), except for gcc which I have set to -hardened in /etc/portage/package.use. 

To start named I need the capability module which however depends on commoncap. When I do `modprobe capability` it returns: 

WARNING: Error inserting commoncap (/lib/modules/2.6.7-hardened-r10/kernel/security/commoncap.ko): Unknown symbol in module, or unknown parameter (see dmesg) 
FATAL: Error inserting capability (/lib/modules/2.6.7-hardened-r10/kernel/security/capability.ko): Unknown symbol in module, or unknown parameter (see dmesg) 

Dmesg returns the following (which seems to give the impression that not only commoncap but capability itself has some problems aswell): 

Code: 
commoncap: Unknown symbol gr_check_user_change 
commoncap: Unknown symbol gr_check_group_change 
commoncap: Unknown symbol gr_handle_chroot_caps 
capability: Unknown symbol cap_ptrace 
capability: Unknown symbol cap_inode_setxattr 
capability: Unknown symbol cap_syslog 
capability: Unknown symbol cap_capget 
capability: Unknown symbol cap_task_reparent_to_init 
capability: Unknown symbol cap_task_post_setuid 
capability: Unknown symbol cap_bprm_set_security 
capability: Unknown symbol cap_bprm_secureexec 
capability: Unknown symbol cap_capset_check 
capability: Unknown symbol cap_bprm_apply_creds 
capability: Unknown symbol cap_capable 
capability: Unknown symbol cap_capset_set 
capability: Unknown symbol cap_vm_enough_memory 
capability: Unknown symbol cap_inode_removexattr 


Anybody got any idea what's going ?

Reproducible: Always
Steps to Reproduce:
1. emerge hardened-dev-sources
2. enable grsecurity, pax and compile Default Linux Capabilities as a module
3. make && make modules_install

Actual Results:  
See details.

Expected Results:  
No warnings whatsoever, the symbols should've been known.

Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-
r1, 2.6.7-hardened-r10 i686)
=================================================================
System uname: 2.6.7-hardened-r10 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.14.90.0.8-r1
Headers:  sys-kernel/linux26-headers-2.6.7-r4
Libtools: sys-devel/libtool-1.5.2-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=athlon-tbird -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3
/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /us
r/lib/mozilla/defaults/pref /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=athlon-tbird -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/ 
http://www.gigaload.org/gentoo.org/ 
http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dfx X acl acpi alsa apache2 apm arts avi bitmap-fonts bzlib canna crypt 
divx4linux doc encode esd fam fortran ftp gdbm gif gnome gpm gstreamer gtk gtk2 
hardened iconv imlib ipv6 java jpeg kde libg++ libwww mad mikmod mime mozilla 
mpeg mysql ncurses nls odbc oggvorbis opengl pam pda pdflib perl php png python 
qt quicktime readline recode samba sdl session slang sockets socks5 spell 
sqlite ssl svga tcltk tcpd tiff truetype unicode usb vhost wxwindows x86 xml 
xml2 xv xvid zlib"
Comment 1 Adam Mondl (RETIRED) gentoo-dev 2004-12-09 19:20:50 UTC 
It appears that you have resolved this issue:
http://forums.grsecurity.net/viewtopic.php?t=987
Comment 2 Marijn 2004-12-10 18:16:52 UTC 
No, I just thought that it was a bug in grsecurity and the reply pointed out that it wasn't. I just didn't want to bother them with a bug that isn't theirs.

I eventually "fixed" my problem by compiling the "Default Linux Capabilities" directly into the kernel instead of making it a module, however the bug is still there (also in the new -r16 release). When I compile it as a module (which I'd prefer) I still get the unknown symbol error.
Comment 3 Adam Mondl (RETIRED) gentoo-dev 2005-01-02 17:55:19 UTC 
For future hardened-dev-sources kernels, building "Default Linux Capabilities" as a module will not be supported.  The reason for this is due to both it being a bad  security idea in general, and because of the recent kernel vulnerability in the capability module.  (see bug 75963 for more information)