SPECS (LINUX_2_6_20): kernel.spec - pax related config changes

Fri, 02 Mar 2007 02:47:40 -0800 

Author: mguevara                     Date: Fri Mar  2 10:47:32 2007 GMT
Module: SPECS                         Tag: LINUX_2_6_20
---- Log message:
- pax related config changes

---- Files affected:
SPECS:
   kernel.spec (1.441.2.1698.2.55 -> 1.441.2.1698.2.56) 

---- Diffs:

================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1698.2.55 SPECS/kernel.spec:1.441.2.1698.2.56
--- SPECS/kernel.spec:1.441.2.1698.2.55 Fri Mar  2 02:26:14 2007
+++ SPECS/kernel.spec   Fri Mar  2 11:47:26 2007
@@ -1202,8 +1202,22 @@
                sed -i 's:# CONFIG_PAX_EMUTRAMP is not 
set:CONFIG_PAX_EMUTRAMP=y:' $1
        %endif
        %ifarch %{ix8664}
-               sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not set:# 
CONFIG_PAX_MEMORY_UDEREF=y:' $1
+               sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not 
set:CONFIG_PAX_MEMORY_UDEREF=y:' $1
        %endif
+
+       # Now we have to check MAC system integration. Grsecurity (full) uses 
PAX_HAVE_ACL_FLAGS
+       # setting (direct acces). grsec_minimal probably have no idea about PaX 
so we probably 
+       # could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be 
used
+       # PAX_HOOK_ACL_FLAGS. SELinux should also be able to make PaX settings 
via hooks 
+
+       %if %{with grsec_full}
+               # no change needed CONFIG=PAX_HAVE_ACL_FLAGS=y is taken from 
the kernel-pax.config
+       %else
+               # grsec_minimal or selinux ?
+               sed -i 's:CONFIG_PAX_HAVE_ACL_FLAGS=y:# 
CONFIG_PAX_HAVE_ACL_FLAGS is not set:' $1
+               sed -i 's:# CONFIG_PAX_HOOK_ACL_FLAGS is not 
set:CONFIG_PAX_HOOK_ACL_FLAGS=y:' $1
+       %endif
+
        return 0
 }
 
@@ -2043,6 +2057,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.1698.2.56  2007/03/02 10:47:26  mguevara
+- pax related config changes
+
 Revision 1.441.2.1698.2.55  2007/03/02 01:26:14  mguevara
 - changed grsec and pax stuff - testing pax-only build (with grsec_minimal)
 - added kernel-grsec_minimal.config
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/SPECS/kernel.spec?r1=1.441.2.1698.2.55&r2=1.441.2.1698.2.56&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to