Bug#839902: Include aufs4 patches

Thu, 06 Oct 2016 02:34:15 -0700 

Package: linux-grsec-base
Version: 4
Severity: normal

There are many live distros which rely on aufs, and cannot use overlayfs
due to compatibility issues. Because linux-grsec does not contain the
aufs patches, live distros which require the extra security provided by
grsec are SoL. I request that you add the aufs patches to linux-grsec.
There are compatibility patches required, but they are helpfully provided by Gentoo. The relevant patches are available in the most up to date form 
under the names 4508_aufs4-mmap-pax.patch and 4511_pax-4.4.2.patch, in
the Pentoo repo:

https://github.com/pentoo/pentoo-livecd/tree/master/kernel/4.4.8

Maintainance should be very easy as the most important patch,
4511_pax-4.4.2.patch, is small and simple. 4508_aufs4-mmap-pax.patch is
just a version of 4508_aufs4-mmap.patch which is compatible with PaX. For 
kernel 4.5.7-r5, applying the following in order works:

4506_aufs4-kbuild.patch
4507_aufs4-mmap-pax.patch
4509_aufs4-standalone.patch
4510_aufs4-files.patch
4511_pax-4.4.2.patch

There are a few issues with variables that are automatically constified
being written to, but that can be trivially fixed with the following:

diff --git a/fs/aufs/i_op.c b/fs/aufs/i_op.c
index b9bbc42..3d74af8 100644
--- a/fs/aufs/i_op.c
+++ b/fs/aufs/i_op.c
@@ -1336,5 +1336,5 @@ static int aufs_update_time(struct inode *inode,

 /* no getattr version will be set by module.c:aufs_init() */
-struct inode_operations aufs_iop_nogetattr[AuIop_Last],
+inode_operations_no_const aufs_iop_nogetattr[AuIop_Last],
        aufs_iop[] = {
        [AuIop_SYMLINK] = {
diff --git a/fs/aufs/inode.h b/fs/aufs/inode.h
index a582a15..78c2577 100644
--- a/fs/aufs/inode.h
+++ b/fs/aufs/inode.h
@@ -162,5 +162,5 @@ enum {
        AuIop_Last
 };
-extern struct inode_operations aufs_iop[AuIop_Last],
+extern inode_operations_no_const aufs_iop[AuIop_Last],
        aufs_iop_nogetattr[AuIop_Last];

diff --git a/fs/aufs/sysfs.c b/fs/aufs/sysfs.c
index ad0af71..1f72a80 100644
--- a/fs/aufs/sysfs.c
+++ b/fs/aufs/sysfs.c
@@ -307,5 +307,5 @@ void sysaufs_br_init(struct au_branch *br)
        int i;
        struct au_brsysfs *br_sysfs;
-       struct attribute_no_const *attr;
+       attribute_no_const *attr;

        br_sysfs = br->br_sysfs;

-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!

Reply via email to