Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 434922

Summary: net-fs/openafs-1.6.1 doesn't built with sys-kernel/hardened-sources with grsecurity/PaX enabled
Product: Gentoo Linux Reporter: Benjamin Gaillard <gentoo>
Component: HardenedAssignee: The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled>
Severity: normal CC: aparicio99, pageexec, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Attachments: net-fs/openafs grsecurity fix
Updated net-fs/openafs-kernel ebuild
Updated net-fs/openafs ebuild

Description Benjamin Gaillard 2012-09-13 16:34:13 UTC
Created attachment 323684 [details]
net-fs/openafs grsecurity fix

When grsecurity/PaX is enabled in sys-kernel/hardened-sources, the 'constify' plugin is enabled, causing a net-fs/openafs-1.6.1 (and probably earlier versions too) build failure.

Some ./configure tests wrongfully fail because of this as well as code modifying the 'func' field of 'struct rxevent'.

Here is a patch that corrects the issue without breaking compatibility with non-hardened kernels.
Comment 1 Benjamin Gaillard 2012-09-13 16:36:08 UTC
Created attachment 323686 [details]
Updated net-fs/openafs-kernel ebuild
Comment 2 Benjamin Gaillard 2012-09-13 16:38:37 UTC
Created attachment 323688 [details]
Updated net-fs/openafs ebuild

May not be affected by the bug, but just to be consistent with net-fs/openafs-kernel...
Comment 3 Anthony Basile gentoo-dev 2013-06-24 21:55:12 UTC
Sorry for the delay on this one, it got burried :(

Is constify still an issue on the latest hardened-sources?
Comment 4 Benjamin Gaillard 2013-07-01 16:25:15 UTC
This is not really an issue any more: since hardened-sources version 3.8 it's possible to disable the 'constify' plugin altogether (CONFIG_PAX_CONSTIFY_PLUGIN).

There is another compilation issue related to the section mismatch verification phase which is enforced by OpenAFS (it refuses to continue if there are warnings although they aren't really relevant), but this is unrelated to this bug and much easier to circumvent.