Author: baggins Date: Tue Nov 22 15:53:16 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- fixes wrt minimal grsec
---- Files affected:
SOURCES:
linux-2.6-vs2.1.patch (1.1.2.1 -> 1.1.2.2)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-vs2.1.patch
diff -u SOURCES/linux-2.6-vs2.1.patch:1.1.2.1
SOURCES/linux-2.6-vs2.1.patch:1.1.2.2
--- SOURCES/linux-2.6-vs2.1.patch:1.1.2.1 Tue Nov 22 16:31:34 2005
+++ SOURCES/linux-2.6-vs2.1.patch Tue Nov 22 16:53:10 2005
@@ -6402,12 +6402,12 @@
if (!dir->i_op || !dir->i_op->link)
return -EPERM;
@@ -2049,7 +2128,8 @@ asmlinkage long sys_link(const char __us
- new_dentry = lookup_create(&nd, 0);
- error = PTR_ERR(new_dentry);
- if (!IS_ERR(new_dentry)) {
-- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
-+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-+ new_dentry, &nd);
+ }
+ if (!error)
+ #endif
+- error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
new_dentry);
++ error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
++ new_dentry, &nd);
dput(new_dentry);
}
up(&nd.dentry->d_inode->i_sem);
@@ -7928,9 +7928,9 @@
}
}
@@ -1297,6 +1315,7 @@ static struct inode *proc_pid_make_inode
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
- }
+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
+ #endif
+ inode->i_xid = vx_task_xid(task);
security_task_to_inode(task, inode);
@@ -8040,8 +8040,8 @@
struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry,
struct nameidata *nd)
{
@@ -1952,13 +2012,14 @@ struct dentry *proc_pid_lookup(struct in
- if (!task)
- goto out;
+ }
+ #endif
- inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
+ /* check for context visibility */
@@ -8056,9 +8056,9 @@
- put_task_struct(task);
- goto out;
- }
- inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
- inode->i_op = &proc_tgid_base_inode_operations;
- inode->i_fop = &proc_tgid_base_operations;
+
+ #ifdef CONFIG_GRKERNSEC_PROC_USER
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
@@ -1987,6 +2048,8 @@ struct dentry *proc_pid_lookup(struct in
goto out;
}
@@ -8103,7 +8103,7 @@
if (p && !thread_group_leader(p))
p = NULL;
}
-@@ -2069,11 +2137,15 @@ static int get_tgid_list(int index, unsi
+@@ -2069,19 +2137,23 @@ static int get_tgid_list(int index, unsi
for ( ; p != &init_task; p = next_task(p)) {
int tgid = p->pid;
@@ -8113,6 +8113,14 @@
+ /* check for context visibility */
+ if (!proc_pid_visible(p, tgid))
+ continue;
+ #if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ if (tmp->uid && (p->uid != tmp->uid)
+ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
+ #endif
+ )
+ continue;
+ #endif
if (--index >= 0)
continue;
- tgids[nr_tgids] = tgid;
@@ -8307,9 +8315,9 @@
static struct super_block *proc_get_sb(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
@@ -77,6 +80,7 @@ void __init proc_root_init(void)
- proc_device_tree_init();
- #endif
+ #else
proc_bus = proc_mkdir("bus", NULL);
+ #endif
+ proc_vx_init();
}
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-vs2.1.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
