Author: zbyniu Date: Tue Feb 26 02:01:33 2008 GMT Module: SPECS Tag: LINUX_2_6 ---- Log message: - kernel-grsec_fixes.patch added; hardening grsec options if with pax
---- Files affected: SPECS: kernel.spec (1.441.2.1843 -> 1.441.2.1844) ---- Diffs: ================================================================ Index: SPECS/kernel.spec diff -u SPECS/kernel.spec:1.441.2.1843 SPECS/kernel.spec:1.441.2.1844 --- SPECS/kernel.spec:1.441.2.1843 Tue Feb 26 00:01:04 2008 +++ SPECS/kernel.spec Tue Feb 26 03:01:28 2008 @@ -344,6 +344,7 @@ Patch9999: linux-2.6-grsec_full.patch Patch10000: linux-2.6-grsec-caps.patch Patch10001: linux-2.6-grsec-common.patch +Patch10002: kernel-grsec_fixes.patch URL: http://www.kernel.org/ BuildRequires: binutils >= 3:2.14.90.0.7 @@ -893,12 +894,14 @@ %patch9999 -p1 %{?with_vserver:%patch10000 -p1} %{?with_vserver:%patch10001 -p1} +%{?with_vserver:%patch10002 -p1} %else %if %{with grsec_full} %patch9999 -p1 %{?with_vserver:%patch10000 -p1} %{?with_vserver:%patch10001 -p1} +%{?with_vserver:%patch10002 -p1} %else %if %{with grsec_minimal} %patch1000 -p1 @@ -998,7 +1001,7 @@ %ifarch %{ix86} sed -i 's:# CONFIG_PAX_SEGMEXEC is not set:CONFIG_PAX_SEGMEXEC=y:' $1 # performance impact on CPUs without NX bit - sed -i 's:# CONFIG_PAX_PAGEEXEC=y:# CONFIG_PAX_PAGEEXEC is not set:' $1 + sed -i 's:CONFIG_PAX_PAGEEXEC=y:# CONFIG_PAX_PAGEEXEC is not set:' $1 # Testing KERNEXEC # sed -i 's:CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM=y:# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set:' $1 @@ -1025,9 +1028,14 @@ # PAX_HOOK_ACL_FLAGS. SELinux should also be able to make PaX settings via hooks %if %{with grsec_full} + # Hardening grsec options if with pax + sed -i "s:# CONFIG_GRKERNSEC_PROC_MEMMAP is not set:CONFIG_GRKERNSEC_PROC_MEMMAP=y:" $1 + # almost rational (see HIDESYM help) + sed -i "s:# CONFIG_GRKERNSEC_HIDESYM is not set:CONFIG_GRKERNSEC_HIDESYM=y:" $1 + # no change needed CONFIG=PAX_HAVE_ACL_FLAGS=y is taken from the kernel-pax.config %else - # grsec_minimal or selinux ? + # selinux or other hooks? sed -i 's:CONFIG_PAX_HAVE_ACL_FLAGS=y:# CONFIG_PAX_HAVE_ACL_FLAGS is not set:' $1 sed -i 's:# CONFIG_PAX_HOOK_ACL_FLAGS is not set:CONFIG_PAX_HOOK_ACL_FLAGS=y:' $1 %endif @@ -1594,6 +1602,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.441.2.1844 2008-02-26 02:01:28 zbyniu +- kernel-grsec_fixes.patch added; hardening grsec options if with pax + Revision 1.441.2.1843 2008-02-25 23:01:04 zbyniu - grsec_full.patch is ready; PaX config magic cleanup; rel 0.4 ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/kernel.spec?r1=1.441.2.1843&r2=1.441.2.1844&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
