Waiting for upstream
Created attachment 143032 [details]
I've changed the ebuild to use syscall hooks (which still works) so it's at least usable with kernel 2.6.24. The ebuild uses the System.map file in the kernel sources directory. From informations from dazuko.org this System.map must be the current one for the kernel which will load the dazuko module, which will be the case if everything is set up correctly.
Upstream is against this kind of solution.
Added new pre-release, support via redirfs.
Masked as redirfs is none stable.
DO NOT use this, as it makes some file corrupt.
I'd love to update my system to 2.6.24-gentoo-r3 stable kernel. However, I need dazuko for antivir and 2.3.5_pre1 and redirfs-0.2-r1 are in p.mask. After reading comment #4, I will definitely not use both with p.unmasked.
I already tried to use antivir with dazuko-2.3.5_pre1 and redifs-0.2-r1. But the module throws a kernel bug, which I will attach as it might help to get this working.
I was thinking as well to use dazuko without redirfs and syscall hooks as emerald suggested. Could you be a bit elaborative about why upstream is against this kind of solution? Is there any regression using this kind of configuration compared to dazuko-2.3.4 with kernel <2.6.24? For the meantime this sounds like a solution until dazuko with redirfs is stable enough to be used on productive systems.
BR and thanks for your work
Created attachment 146331 [details]
Kernel Bug thrown by antivir when trying to use dazuko with redirfs
The syscall interface was removed from 2.6.24, although it can be still hacked.
Can you please send this error to dazuko mailing list? It will be better if you discuss it with upstream directly.
Okay. I will go looking for my bugzilla log-in for dazuko...
I will attach upstream URL of the bug for reference as soon as I have filed one.
One question though: Since security capability is not as module available any more in 2.6.24, is it required to compile security capabilities into the kernel or is it not needed? I'd like to check, whether I configured the kernel properly before filing a bug.
For reference, URL of upstream bug for kernel BUG described in comment 5 is https://savannah.nongnu.org/bugs/index.php?22640
alonbl: John Ogness has released a patch against the kernel to compile dazuko statically into the kernel.
URL to this patch is: http://www.dazuko.org/files/patch-linux26-dazuko-2.3.5-pre1.tar.gz
The archive contains a README file explaining how to patch the kernel tree. Basically, it adds config options to the menu and adds the dazuko code into the tree. With this patch, dazuko can be used without relying on security capability built as kernel module and redirfs.
I will test the patch against the actual stable 2.6.24 kernel on x86 and see how it works.
Is this solution an acceptable option to be persued by Gentoo?
I know this will include some coordination with the kernel team, maybe you could talk with Daniel if you deem this the right way to go.
And for completeness, the announcement can be found on the mailing list at: http://lists.gnu.org/archive/html/dazuko-devel/2008-03/msg00014.html
I am afraid that kernel patch will not be accepted by kernel herd.
And I am not willing to maintain branched sources.
So we have to wait for out of kernel solution.
*** Bug 217891 has been marked as a duplicate of this bug. ***
alonbl was retired (#147110), reassigning remaining bugs.
dazuko-2.3.6_pre2 is in cvs. It's supposed to be the last 2.x version.