Author: mguevara Date: Sat Dec 16 01:46:28 2006 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- should be ready for 2.6.19.1
- double check security/commoncap.c
---- Files affected:
SOURCES:
grsecurity-2.1.9-2.6.19.1.patch (1.1.2.4 -> 1.1.2.5)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.9-2.6.19.1.patch
diff -u SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.4
SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.5
--- SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.4 Sat Dec 16 02:14:07 2006
+++ SOURCES/grsecurity-2.1.9-2.6.19.1.patch Sat Dec 16 02:46:23 2006
@@ -24654,18 +24654,21 @@
sys_close(fd);
if (len <= 0 || len == 32 || buf[len - 1] != '\n')
goto fail;
-@@ -142,12 +144,12 @@ dev_t name_to_dev_t(char *name)
+@@ -158,7 +159,7 @@ dev_t name_to_dev_t(char *name)
int part, mount_result;
#ifdef CONFIG_SYSFS
- int mkdir_err = sys_mkdir("/sys", 0700);
+ int mkdir_err = sys_mkdir((char __user *)"/sys", 0700);
- /*
+ /*
+ * When changing resume2 parameter for Software Suspend, sysfs may
+ * already be mounted.
+@@ -163,7 +164,7 @@ dev_t name_to_dev_t(char *name)
* When changing resume2 parameter for Software Suspend, sysfs may
- * already be mounted.
+ * already be mounted.
*/
- mount_result = sys_mount("sysfs", "/sys", "sysfs", 0, NULL);
-+ mount_result = sys_mount((char __user *)"sysfs", (char __user *)"/sys",
(char __user *)"sysfs", 0, NULL)
++ mount_result = sys_mount((char __user *)"sysfs", (char __user *)"/sys",
(char __user *)"sysfs", 0, NULL);
if (mount_result < 0 && mount_result != -EBUSY)
goto out;
#endif
@@ -28703,25 +28706,20 @@
diff -urNp linux-2.6.19.1/security/commoncap.c
linux-2.6.19.1/security/commoncap.c
--- linux-2.6.19.1/security/commoncap.c 2006-11-29 16:57:37.000000000
-0500
+++ linux-2.6.19.1/security/commoncap.c 2006-12-03 15:16:30.000000000
-0500
-@@ -23,10 +23,11 @@
- #include <linux/ptrace.h>
+@@ -23,6 +23,7 @@
#include <linux/xattr.h>
#include <linux/hugetlb.h>
+ #include <linux/vs_context.h>
+#include <linux/grsecurity.h>
int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
{
-- NETLINK_CB(skb).eff_cap = current->cap_effective;
-+ NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink();
- return 0;
- }
-
@@ -44,7 +45,15 @@ EXPORT_SYMBOL(cap_netlink_recv);
int cap_capable (struct task_struct *tsk, int cap)
{
/* Derived from include/linux/sched.h:capable. */
-- if (cap_raised(tsk->cap_effective, cap))
-+ if (cap_raised (tsk->cap_effective, cap) && gr_task_is_capable(tsk,
cap))
+- if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap))
++ if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap) &&
gr_task_is_capable(tsk, cap))
+ return 0;
+ return -EPERM;
+}
@@ -28775,9 +28773,9 @@
--- linux-2.6.19.1/security/dummy.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.1/security/dummy.c 2006-12-03 15:16:30.000000000 -0500
@@ -28,6 +28,7 @@
- #include <linux/hugetlb.h>
#include <linux/ptrace.h>
#include <linux/file.h>
+ #include <linux/vs_context.h>
+#include <linux/grsecurity.h>
static int dummy_ptrace (struct task_struct *parent, struct task_struct
*child)
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.9-2.6.19.1.patch?r1=1.1.2.4&r2=1.1.2.5&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
