Date: Tue, 30 Jun 2020 16:32:11 +0200 From: Solar Designer <solar@...nwall.com> To: Ganime Yalur <ganime1961tire@...il.com> Cc: lkrg-users@...ts.openwall.com Subject: Re: config_jump_label Trouble with compiling Hi all, Ganime first e-mailed us about this privately. Unfortunately, Ganime still has not joined the list, hence the CC on this reply. On Tue, Jun 30, 2020 at 04:06:10PM +0200, Ganime Yalur wrote: > > I'm running 5.6.17 kernel without config_jump_label . > > > > I'm trying to compile 0.8 lkrg > > > > Compiling stops and message spit out: > > ....lkrg currently requires config_jump_label,but this might change..if > > you hit this problem, please contact lkrg developers... We've counted your vote to have this supported. Thanks. For now, please enable CONFIG_JUMP_LABEL to use LKRG. > > Now I'm here, and want edited source files to solve my problem... It's up to Adam whether and when to implement this support. He might make the corresponding git commits soon, not soon, or not at all. Maybe it was a bad idea to ask people to contact us about this, after all, as this seems to have created unjustified expectations. > > Btw my setup running apparmor and firejail. > > > > I want activate lockdown integrity in future any troubles found with lkrg? I'm not familiar with lockdown, but I guess you'd need to have the LKRG module signed. No troubles are expected. Apparently, Mikhail Morfikov who is here on lkrg-users has such a setup: https://www.openwall.com/lists/lkrg-users/2020/06/14/8 > > If I should ain't activate lockdown? There are no specific guidelines on what other protection mechanisms you should or should not use along with LKRG. My advice is that you think of what threat models are relevant to your use case and use protection mechanisms that fit those threat models. > > Don't forget compiling was done without lockdown activate. LKRG should be built against the kernel build tree that you actually intend to use. So if you're going to change kernel build options, you should preferably (and might have to) rebuild LKRG as well. If you're only going to change kernel command-line parameters without rebuilding the kernel, then you don't need to rebuild LKRG. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.