make bzImage = the following errors when pax is enabled as per the quickstart guide on hardened.gentoo.org: CC fs/stat.o CC fs/exec.o fs/exec.c: In function `pax_report_fault': fs/exec.c:1578: error: structure has no member named `curr_ip' fs/exec.c:1579: error: structure has no member named `curr_ip' fs/exec.c:1579: error: structure has no member named `curr_ip' fs/exec.c:1579: error: structure has no member named `curr_ip' fs/exec.c:1579: error: structure has no member named `curr_ip' make[1]: *** [fs/exec.o] Error 1 make: *** [fs] Error 2 I had the same experience with 2.6.7-rX Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.51-r14 (default-linux/x86/2004.3, gcc-3.3.5, glibc-2.3.4.20040808- r1, 2.6.10-hardened-r3 i686) ================================================================= System uname: 2.6.10-hardened-r3 i686 Intel(R) Pentium(R) 4 CPU 2.00GHz Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Jan 18 2005, 05:42:33)] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.59-r5 sys-devel/automake: 1.8.5-r1 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.2-r7 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share /config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig distlocks sandbox sfperms" GENTOO_MIRRORS="ftp://gentoo.chem.wisc.edu/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apache2 berkdb crypt curl doc fam hardened ldap libclamav maildir mailwrapper mmx nptl nptl-only pam pcre perl php postgres python readline samba sasl sse ssl tcpd unicode vhosts zlib" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS
Lowering severity to minor. You can work around this by simply enabling grsec. Eric Brown please attach your linux.config as a text/plain to the bug.
That's great! I was actually going to use GRSec but I was afraid to turn it all on at once. I'll post the config when I get into work tomorrow.
Created attachment 49557 [details] the broken .config This is the config without support for GRSec that causes the error. After enabling the one GRSec option though, it seems to build fine. Does this mean we should update the docs?
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#fsexec The docs have been updated for quite some time now ...
The PaX quickstart guide does not mention the need for the grsec option.
It's fixed in hardened-dev-sources-2.6.11-r1 (10 Mar 2005). Please close the bug. Users are encouraged to refresh their portage tree and get the new ebuild. Cheers, Lorenzo.
Fixed, thanks Lorenzo