diff options
| author | Remi Gacogne | 2020-04-21 19:13:36 +0200 |
|---|---|---|
| committer | Remi Gacogne | 2020-04-21 19:13:36 +0200 |
| commit | df4a3ceb6c718c5b955738c949a82d7eca7088b0 (patch) | |
| tree | 2a8759775ae2c91152113ff78134d601623dbfab | |
| parent | 2684b7225dcc819300bc1bd7bab5952b6e255b99 (diff) | |
| download | aur-df4a3ceb6c718c5b955738c949a82d7eca7088b0.tar.gz | |
lkrg-dkms: Fix compilation with kernels >= 5.6
| -rw-r--r-- | .SRCINFO | 4 | ||||
| -rw-r--r-- | PKGBUILD | 12 | ||||
| -rw-r--r-- | kernel-5.6.patch | 81 |
3 files changed, 95 insertions, 2 deletions
@@ -1,17 +1,19 @@ pkgbase = lkrg-dkms pkgdesc = Linux Kernel Runtime Guard (DKMS) pkgver = 0.7 - pkgrel = 2 + pkgrel = 3 url = https://www.openwall.com/lkrg/ arch = x86_64 license = GPL2 depends = dkms source = https://www.openwall.com/lkrg//lkrg-0.7.tar.gz source = https://www.openwall.com/lkrg//lkrg-0.7.tar.gz.sign + source = kernel-5.6.patch source = dkms.conf validpgpkeys = 297AD21CF86C948081520C1805C027FD4BDC136E sha512sums = 6f856d31aa79705e38a5436a47cb4e3f414a7734794713e6831426f1eda0f36ff1800e94dbfa9b211ab5b85055716c9b4839a8e46d292c9de95fc57b6cc02519 sha512sums = SKIP + sha512sums = cfbd6e2f8f8ced230939ad4773328e5ad00bc92c99c2174d57115aeb1e0bcad756fa609f380e37d345db8eaeebaac662458b9ea95777dfca541388d2e1d169e6 sha512sums = ee259ac7e15fb6f6947ce6e64be808d6a1107d481ec0a7b4a35266bd720b639909c92e580fae2cecefe5318ce081a4d7431b5f941d1827f7783bee0a3206c5e8 pkgname = lkrg-dkms @@ -2,20 +2,30 @@ _pkgbase=lkrg pkgname=lkrg-dkms pkgver=0.7 -pkgrel=2 +pkgrel=3 pkgdesc='Linux Kernel Runtime Guard (DKMS)' arch=('x86_64') url='https://www.openwall.com/lkrg/' license=('GPL2') source=("${url}/${_pkgbase}-${pkgver}.tar.gz" "${url}/${_pkgbase}-${pkgver}.tar.gz.sign" + 'kernel-5.6.patch' 'dkms.conf') sha512sums=('6f856d31aa79705e38a5436a47cb4e3f414a7734794713e6831426f1eda0f36ff1800e94dbfa9b211ab5b85055716c9b4839a8e46d292c9de95fc57b6cc02519' 'SKIP' + 'cfbd6e2f8f8ced230939ad4773328e5ad00bc92c99c2174d57115aeb1e0bcad756fa609f380e37d345db8eaeebaac662458b9ea95777dfca541388d2e1d169e6' 'ee259ac7e15fb6f6947ce6e64be808d6a1107d481ec0a7b4a35266bd720b639909c92e580fae2cecefe5318ce081a4d7431b5f941d1827f7783bee0a3206c5e8') validpgpkeys=('297AD21CF86C948081520C1805C027FD4BDC136E') depends=('dkms') +prepare() { + cd "${_pkgbase}-${pkgver}" + # SELinux has been refactored in 5.6 + # A fix is available upstream in this commit but it doesn't apply cleanly: + # https://bitbucket.org/Adam_pi3/lkrg-main/commits/0f7c6350a844c4a65a6860bff1172035e3cccae3/raw" + patch --forward --strip=1 --input="${srcdir}/kernel-5.6.patch" +} + package() { # Copy dkms.conf install -Dm644 dkms.conf "${pkgdir}/usr/src/${_pkgbase}-${pkgver}/dkms.conf" diff --git a/kernel-5.6.patch b/kernel-5.6.patch new file mode 100644 index 000000000000..8e5ece93c098 --- /dev/null +++ b/kernel-5.6.patch @@ -0,0 +1,81 @@ +diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.c lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c +--- lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.c 2019-07-19 13:51:17.000000000 +0200 ++++ lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c 2020-04-21 19:04:29.138591608 +0200 +@@ -772,6 +772,7 @@ + "Entering function <p_validate_selinux>\n"); + + mutex_lock(&p_ed_guard_globals.p_selinux_lock); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + if (p_ed_guard_globals.p_selinux.p_selinux_enabled != *p_selinux_enabled) { + p_print_log(P_LKRG_CRIT, + "<Exploit Detection> Detected data corruption against SELINUX! 'selinux_enabled' has " +@@ -779,6 +780,7 @@ + *p_selinux_enabled,p_ed_guard_globals.p_selinux.p_selinux_enabled); + *p_selinux_enabled = p_ed_guard_globals.p_selinux.p_selinux_enabled; + } ++#endif + + #ifdef CONFIG_SECURITY_SELINUX_DEVELOP + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0) +@@ -1264,7 +1266,9 @@ + } + + #ifdef CONFIG_SECURITY_SELINUX ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + p_selinux_enabled = (int *)p_kallsyms_lookup_name("selinux_enabled"); ++#endif + #ifdef CONFIG_SECURITY_SELINUX_DEVELOP + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0) + p_selinux_state = (struct p_selinux_state *)p_kallsyms_lookup_name("selinux_state"); +@@ -1287,6 +1291,7 @@ + #endif + #endif + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + if (!p_selinux_enabled) { + p_print_log(P_LKRG_ERR, + "[ED] ERROR: Can't find 'selinux_enabled' variable :( Exiting...\n"); +@@ -1294,6 +1299,7 @@ + goto p_exploit_detection_init_out; + } + #endif ++#endif + + if (p_init_rb_ed_pids()) { + p_print_log(P_LKRG_ERR, +@@ -1314,7 +1320,9 @@ + p_ed_guard_globals.p_selinux.p_selinux_enforcing = *p_selinux_enforcing; + #endif + #endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + p_ed_guard_globals.p_selinux.p_selinux_enabled = *p_selinux_enabled; ++#endif + mutex_init(&p_ed_guard_globals.p_selinux_lock); + #endif + +diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.h lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.h +--- lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.h 2019-07-19 13:51:17.000000000 +0200 ++++ lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.h 2020-04-21 19:04:59.588485501 +0200 +@@ -222,7 +222,9 @@ + int p_selinux_enforcing; + #endif + #endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + int p_selinux_enabled; ++#endif + + }; + #endif +diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c lkrg-0.7/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c +--- lkrg-0.7.orig/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c 2019-05-09 17:08:25.000000000 +0200 ++++ lkrg-0.7/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c 2020-04-21 19:05:39.418333669 +0200 +@@ -91,7 +91,9 @@ + p_ed_guard_globals.p_selinux.p_selinux_enforcing = *p_selinux_enforcing; + #endif + #endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) + p_ed_guard_globals.p_selinux.p_selinux_enabled = *p_selinux_enabled; ++#endif + } + + // unlock shadow SELinux updates |