Re: fedora 9 help with unknown symbols in kernel -- cap_capget cap_capset_set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Skunk Worx wrote:
stan wrote:
Skunk Worx wrote:
stan wrote:
Skunk Worx wrote:
Hello,

I asked over on 'users' a few days ago and no help yet. I hope you don't mind my repeating the question here.

We're a small company using some altera-based boards and our own driver to control them.

Fedora 7 was working well, but we are getting some unknown symbols while evaluating an upgrade to F9.

Any help, comments, suggestions are greatly appreciated.

---
John

code and issues :

  struct sched_param param = {70};
  kernel_cap_t effective, inheritable, permitted, all;

  cap_set_full(all); // be sure we have enough permissions to call
                     // sched_setscheduler.
                     // probably only need CAP_SYS_NICE, but let's be
                     // "(un)safe"


  // save old permissions
  cap_capget(current,&effective, &inheritable, &permitted);

  // setup permissions to do this
  cap_capset_set(current,&all, &all, &all);

  // setup realtime priority
  ret=sched_setscheduler(current,SCHED_RR,&param);

  // restore permissions
  cap_capset_set(current,&effective, &inheritable, &permitted);


used to be able to do this in f7 / 2.6.23 kernel, now we get:

WARNING: "cap_capset_set" [/usr/CSM/src/ONI/oni_driver/oni.ko] undefined!
WARNING: "cap_capget" [/usr/CSM/src/ONI/oni_driver/oni.ko] undefined!

when building and of course:

oni: Unknown symbol cap_capget
oni: Unknown symbol cap_capset_set

when insmod'ing under f9 / 2.6.25

Now if you are writing drivers you are sophisticated users. I would think you have already tried these, but just in case.


We write our own driver, there is no "oni.ko" in Fedora...we add it.

I misunderstood. I thought you were linking a kernel module and it wasn't finding symbols.

[snip]
We've searched for the POSIX cap_* functions, and from what we can tell they should be exported, but for some reason no longer appear to be. I am not sure if this is the right language to explain the problem, but we can't seem to get to the symbols any more.


I think you are saying that they are no longer in a header file.

I'm looking at the source code for the two kernels now.

2.6.23:
-------
extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
./linux-2.6.23/include/linux/security.h

and

int cap_capget (struct task_struct *target, kernel_cap_t *effective,
EXPORT_SYMBOL(cap_capget);
./linux-2.6.23/security/commoncap.c


2.6.25:
-------
extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); ./linux-2.6.25/include/linux/security.h

and

int cap_capget (struct task_struct *target, kernel_cap_t *effective,
./linux-2.6.25/security/commoncap.c

...so someone took out a group of EXPORT_SYMBOLS :

EXPORT_SYMBOL(cap_capable);
EXPORT_SYMBOL(cap_settime);
EXPORT_SYMBOL(cap_ptrace);
EXPORT_SYMBOL(cap_capget);
EXPORT_SYMBOL(cap_capset_check);
EXPORT_SYMBOL(cap_capset_set);
EXPORT_SYMBOL(cap_bprm_set_security);
EXPORT_SYMBOL(cap_bprm_apply_creds);
EXPORT_SYMBOL(cap_bprm_secureexec);
EXPORT_SYMBOL(cap_inode_setxattr);
EXPORT_SYMBOL(cap_inode_removexattr);
EXPORT_SYMBOL(cap_task_post_setuid);
EXPORT_SYMBOL(cap_task_reparent_to_init);
EXPORT_SYMBOL(cap_syslog);
EXPORT_SYMBOL(cap_vm_enough_memory);

This seems relevant :

http://lists.openwall.net/linux-kernel/2007/08/14/418

...esp. the statement : "- remove a bunch of no longer used exports"

Sounds like people can't use the POSIX capability API to set things like CAP_SYS_NICE in their drivers any more, or maybe there is a new way to do such things.

At least one of our ring nodes (sometimes more) need to adjust the scheduler to keep up with the incoming data.

---
John


...I think I found it :

http://lwn.net/Articles/211207/

http://www.friedhoff.org/posixfilecaps.html

Very cool...I am looking forward to trying this.

---
John

--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux