From eugen@grosbein.net  Sat Nov  9 18:13:52 2013
Return-Path: <eugen@grosbein.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id B93FD5D3;
	Sat,  9 Nov 2013 18:13:52 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 20F2A2BDE;
	Sat,  9 Nov 2013 18:13:51 +0000 (UTC)
Received: from grosbein.net (188-123-32-240.rdtc.ru [188.123.32.240] (may be forged))
	by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id rA9IDIdM016964;
	Sun, 10 Nov 2013 01:13:43 +0700 (NOVT)
	(envelope-from eugen@grosbein.net)
Received: from grosbein.net (localhost [127.0.0.1])
	by grosbein.net (8.14.7/8.14.7) with ESMTP id rA9IDH9H002538;
	Sun, 10 Nov 2013 01:13:17 +0700 (NOVT)
	(envelope-from eugen@grosbein.net)
Received: (from eugen@localhost)
	by grosbein.net (8.14.7/8.14.7/Submit) id rA9IDGMA002537;
	Sun, 10 Nov 2013 01:13:16 +0700 (NOVT)
	(envelope-from eugen)
Message-Id: <201311091813.rA9IDGMA002537@grosbein.net>
Date: Sun, 10 Nov 2013 01:13:16 +0700 (NOVT)
From: Eugene Grosbein <eugen@grosbein.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patch] [mac] [panic] kernel compiled with options INVARIANTS and MAC_PORTACL panices if loader loads mac_portacl.ko too
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         183817
>Category:       kern
>Synopsis:       [patch] [mac] [panic] kernel compiled with options INVARIANTS and MAC_PORTACL panices if loader loads mac_portacl.ko too
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 09 18:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.net 9.2-STABLE FreeBSD 9.2-STABLE #5 r256953M: Sun Nov 10 00:52:12 NOVT 2013 root@grosbein.net:/usr/obj/usr/local/src/sys/DADV amd64

>Description:
		
	If the kernel is compiled with options INVARIANTS and options MAC_PORTACL
	and /boot/loader.conf has "mac_portacl_load=YES" then kernel panices
	as soon as /etc/rc.d/initrandom script runs "sysctl -a" at boot time:
	http://www.grosbein.net/files/portacl.jpg

>How-To-Repeat:
	Build custom kernel with options INVARIANTS and options MAC_PORTACL,
	have "mac_portacl_load=YES" in /boot/loader.conf and try to boot.

>Fix:

--- sys/security/mac/mac_policy.h.orig	2013-10-21 21:11:02.000000000 +0700
+++ sys/security/mac/mac_policy.h	2013-11-10 00:49:50.000000000 +0700
@@ -1021,6 +1021,7 @@
 	};								\
 	MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION,		\
 	    MAC_VERSION, MAC_VERSION);					\
+	MODULE_VERSION(mpname, 1);					\
 	DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY,		\
 	    SI_ORDER_MIDDLE)
 


>Release-Note:
>Audit-Trail:
>Unformatted:
