Package Details: caitsith-lkm 0.2_20170515-3

Git Clone URL: https://aur.archlinux.org/caitsith-lkm.git (read-only)
Package Base: caitsith-lkm
Description: CaitSith LKM-based LSM version
Upstream URL: http://caitsith.osdn.jp/
Keywords: caitsith module
Licenses: GPL
Submitter: Torsten
Maintainer: Torsten
Last Packager: Torsten
Votes: 3
Popularity: 0.000216
First Submitted: 2014-04-15 10:27
Last Updated: 2017-05-22 15:42

Latest Comments

Torsten commented on 2017-05-05 11:10

@egrupled: thanks for your help!

egrupled commented on 2017-05-05 09:39

Ok, It was my specific issue. I had "kernel.kptr_restrict=2" set in sysctl, after changing it to "1" module successfully loaded. Maybe "0" would be even better. Anyway problem solved. Now as it's tested I think you can adjust PKGBUILD as I suggested in previous comment:

prepare() {
cp -a "/usr/lib/modules/${_kernver}/build" "${srcdir}"
cd "${srcdir}/build/"
tar -zxf "${srcdir}/caitsith-patch-${_basever}-${_timestamp}.tar.gz"
sed -i -e 's_/sbin/init_/usr/lib/systemd/systemd_' caitsith/config.h
}
build() {
cd "${srcdir}/build/"
make SUBDIRS=caitsith modules
}

package() {
cd "${srcdir}/build"
make SUBDIRS=caitsith MODLIB="${pkgdir}/usr/lib/modules/${_kernver}/kernel/" modules_install
sed -i -e "s/KERNEL_VERSION='.*'/KERNEL_VERSION='${_kernver}'/" "${startdir}/caitsith-lkm.install"
}

egrupled commented on 2017-05-04 14:19

Ok. I found svn repo here https://osdn.net/projects/caitsith/ and here some comments https://www.mail-archive.com/tomoyo-users-en@lists.osdn.me/msg00052.html

I'll try to contact developer

Torsten commented on 2017-05-04 13:53

I have currently no time to look into this issue. Hopefully I have time by end of next week for this. If you find a patch in the meantime, please let me know

egrupled commented on 2017-05-04 13:49

No I don't want dealing with AUR infrastructure :)
I found this when I was looking for replacement for grsec as it's no more available for new kernels.
Anyway it looks broken for now. After "modprobe caitsith" I get:

Can't resolve security_bprm_committed_creds().
Sorry, I couldn't guess dependent symbols.
I need some changes for supporting your environment.
Please contact the author.

Torsten commented on 2017-05-04 13:25

@egrupled thanks for your comments! Do you want to be a 'Co-Maintainer' for this package?

I didn't test it as I currently not use caitsith (there was/is some incompatibility with grsec).

egrupled commented on 2017-05-04 13:18

Thanks for updating this.

I was partially wrong. /usr/lib/modules/${_kernver}/extramodules/ is a symlink so there's conflict while installing files. In order to change install dir as I suggested you would need to specify exact kernel version because uname -r shows this:
4.11.0-1-ARCH
and we need this:
4.11-ARCH
and install it to /usr/lib/modules/extramodules-4.11-ARCH. See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/acpi_call how it look like.

In this case I recommend go back as it was before so we install it to current kernel without specified version (user have to manually rebuild it after every kernel update), sorry.

Additionally I looked at PKGBUILD and found it could be enhanced a little:

1. We should change init to systemd as it's default in Arch, see http://caitsith.osdn.jp/#2.1.3

2. We can use make install insted of manually copying files.

Here's enhanced part of PKGBUILD:

prepare() {
cp -a "/usr/lib/modules/${_kernver}/build" "${srcdir}"
cd "${srcdir}/build/"
tar -zxf "${srcdir}/caitsith-patch-${_basever}-${_timestamp}.tar.gz"
sed -i -e 's_/sbin/init_/usr/lib/systemd/systemd_' caitsith/config.h
}
build() {
cd "${srcdir}/build/"
make SUBDIRS=caitsith modules
}

package() {
cd "${srcdir}/build"
make SUBDIRS=caitsith MODLIB="${pkgdir}/usr/lib/modules/${_kernver}/kernel/" modules_install
sed -i -e "s/KERNEL_VERSION='.*'/KERNEL_VERSION='${_kernver}'/" "${startdir}/caitsith-lkm.install"
}

egrupled commented on 2017-05-04 08:51

Install directory should be:
"${pkgdir}/usr/lib/modules/${_kernver}/extramodules/caitsith.ko"

instead of:
"${pkgdir}/usr/lib/modules/${_kernver}/kernel/extra/caitsith.ko"