Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Nov 2013 01:13:16 +0700 (NOVT)
From:      Eugene Grosbein <eugen@grosbein.net>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/183817: [patch] [mac] [panic] kernel compiled with options INVARIANTS and MAC_PORTACL panices if loader loads mac_portacl.ko too
Message-ID:  <201311091813.rA9IDGMA002537@grosbein.net>
Resent-Message-ID: <201311091820.rA9IK3Jq075099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         183817
>Category:       kern
>Synopsis:       [patch] [mac] [panic] kernel compiled with options INVARIANTS and MAC_PORTACL panices if loader loads mac_portacl.ko too
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 09 18:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.net 9.2-STABLE FreeBSD 9.2-STABLE #5 r256953M: Sun Nov 10 00:52:12 NOVT 2013 root@grosbein.net:/usr/obj/usr/local/src/sys/DADV amd64

>Description:
		
	If the kernel is compiled with options INVARIANTS and options MAC_PORTACL
	and /boot/loader.conf has "mac_portacl_load=YES" then kernel panices
	as soon as /etc/rc.d/initrandom script runs "sysctl -a" at boot time:
	http://www.grosbein.net/files/portacl.jpg

>How-To-Repeat:
	Build custom kernel with options INVARIANTS and options MAC_PORTACL,
	have "mac_portacl_load=YES" in /boot/loader.conf and try to boot.

>Fix:

--- sys/security/mac/mac_policy.h.orig	2013-10-21 21:11:02.000000000 +0700
+++ sys/security/mac/mac_policy.h	2013-11-10 00:49:50.000000000 +0700
@@ -1021,6 +1021,7 @@
 	};								\
 	MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION,		\
 	    MAC_VERSION, MAC_VERSION);					\
+	MODULE_VERSION(mpname, 1);					\
 	DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY,		\
 	    SI_ORDER_MIDDLE)
 


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311091813.rA9IDGMA002537>