commit 263f44b7db5e923bba36d3570b532be74c30288e
Author: Jan Rękorajski <[email protected]>
Date: Tue Oct 7 21:45:43 2014 +0200
- fix new CAP_LAST_U32_VALID_MASK for vserver
kernel-vserver-fixes.patch | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
---
diff --git a/kernel-vserver-fixes.patch b/kernel-vserver-fixes.patch
index b46a561..18721f9 100644
--- a/kernel-vserver-fixes.patch
+++ b/kernel-vserver-fixes.patch
@@ -9,3 +9,21 @@
if (pid->hide_pid < hide_pid_min)
return true;
if (in_group_p(pid->pid_gid))
+
+upstream addition of masking all capabilities above CAP_LAST_CAP did not
account for linux-vserver CAP_CONTEXT
+
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=76f01555c78e496203105bd29b878db3431a2260
+
+diff -urNpd linux-3.10.56-vs2.3.6.9~/include/linux/capability.h
linux-3.10.56-vs2.3.6.9/include/linux/capability.h
+--- linux-3.10.56-vs2.3.6.9~/include/linux/capability.h 2014-09-18
12:28:39.000000000 -0500
++++ linux-3.10.56-vs2.3.6.9/include/linux/capability.h 2014-10-05
23:00:59.000000000 -0500
+@@ -79,7 +79,8 @@ extern const kernel_cap_t __cap_init_eff
+ #else /* HAND-CODED capability initializers */
+
+ #define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1)
+-#define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1)
-1)
++#define CAP_LAST_U32_VALID_MASK ((CAP_TO_MASK(CAP_LAST_CAP + 1)
-1) \
++ | CAP_TO_MASK(CAP_CONTEXT))
+
+ # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
+ # define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/263f44b7db5e923bba36d3570b532be74c30288e
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
