SOURCES (LINUX_2_6): linux-2.6-grsec-minimal.patch - as vserver is...

baggins baggins at pld-linux.org
Fri May 5 15:21:45 CEST 2006 

Author: baggins                      Date: Fri May  5 13:21:45 2006 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- as vserver is now applied unconditionally,
  so this patch must apply over vserver

---- Files affected:
SOURCES:
   linux-2.6-grsec-minimal.patch (1.1.2.6 -> 1.1.2.7) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec-minimal.patch
diff -u SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.6 SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.7
--- SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.6	Sat Apr 29 11:59:05 2006
+++ SOURCES/linux-2.6-grsec-minimal.patch	Fri May  5 15:21:39 2006
@@ -93,9 +93,9 @@
 --- linux-2.6.16.2/fs/namei.c	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/fs/namei.c	2006-04-11 18:10:35.961452750 +0200
 @@ -32,6 +32,7 @@
- #include <linux/file.h>
- #include <linux/fcntl.h>
- #include <linux/namei.h>
+ #include <linux/vserver/inode.h>
+ #include <linux/vs_tag.h>
+ #include <linux/vserver/debug.h>
 +#include <linux/grsecurity.h>
  #include <asm/namei.h>
  #include <asm/uaccess.h>
@@ -142,18 +142,20 @@
  	error = __do_follow_link(&path, nd);
  	if (error)
  		return error;
-@@ -2251,7 +2273,13 @@
+@@ -2251,8 +2273,14 @@
  	new_dentry = lookup_create(&nd, 0);
  	error = PTR_ERR(new_dentry);
  	if (!IS_ERR(new_dentry)) {
--		error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+-		error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
+-			new_dentry, &nd);
 +		error = 0;
 +		if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
 +				       old_nd.dentry->d_inode,
 +				       old_nd.dentry->d_inode->i_mode, to))
 +			error = -EPERM;
 +		if (!error)
-+			error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
++			error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
++				new_dentry, &nd);
  		dput(new_dentry);
  	}
  	mutex_unlock(&nd.dentry->d_inode->i_mutex);
@@ -199,9 +201,9 @@
  	E(PROC_TGID_SMAPS,     "smaps",   S_IFREG|S_IRUGO),
  #endif
 @@ -1330,6 +1336,9 @@
- 		inode->i_uid = task->euid;
- 		inode->i_gid = task->egid;
  	}
+ 	/* procfs is xid tagged */
+ 	inode->i_tag = (tag_t)vx_task_xid(task);
 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
 +	inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
 +#endif
@@ -231,9 +233,9 @@
  		case PROC_TID_STAT:
  			inode->i_fop = &proc_info_file_operations;
  			ei->op.proc_read = proc_tid_stat;
-@@ -1985,6 +2002,17 @@
- 	if (!task)
- 		goto out;
+@@ -1985,11 +2002,29 @@
+ 	if (!proc_pid_visible(task, tgid))
+ 		goto out_drop_task;
  
 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
 +	if (current->uid && (task->uid != current->uid)
@@ -247,13 +249,9 @@
 +#endif
 +
  	inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
+ 	if (!inode)
+ 		goto out_drop_task;
  
- 
-@@ -1992,7 +2020,15 @@
- 		put_task_struct(task);
- 		goto out;
- 	}
-+
 +#ifdef CONFIG_GRKERNSEC_PROC_USER
 +	inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
@@ -276,8 +274,8 @@
  
  	index--;
 @@ -2104,6 +2143,14 @@
- 		int tgid = p->pid;
- 		if (!pid_alive(p))
+ 		/* check for context visibility */
+ 		if (!proc_pid_visible(p, tgid))
  			continue;
 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
 +		if (tmp->uid && (p->uid != tmp->uid)
@@ -289,7 +287,7 @@
 +#endif
  		if (--index >= 0)
  			continue;
- 		tgids[nr_tgids] = tgid;
+ 		tgids[nr_tgids] = vx_map_tgid(tgid);
 diff -urN linux-2.6.16.2/fs/proc/inode.c linux-2.6.16.2-grsec/fs/proc/inode.c
 --- linux-2.6.16.2/fs/proc/inode.c	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/fs/proc/inode.c	2006-04-11 17:44:40.077707500 +0200
@@ -303,8 +301,8 @@
  			inode->i_gid = de->gid;
 +#endif
  		}
- 		if (de->size)
- 			inode->i_size = de->size;
+ 		if (de->vx_flags)
+ 			PROC_I(inode)->vx_flags = de->vx_flags;
 diff -urN linux-2.6.16.2/fs/proc/internal.h linux-2.6.16.2-grsec/fs/proc/internal.h
 --- linux-2.6.16.2/fs/proc/internal.h	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/fs/proc/internal.h	2006-04-11 17:44:40.077707500 +0200
@@ -422,9 +420,9 @@
 +#else
  	proc_bus = proc_mkdir("bus", NULL);
 +#endif
+ 	proc_vx_init();
  }
  
- static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
 diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
 --- linux-2.6.16.2/grsecurity/Kconfig	1970-01-01 01:00:00.000000000 +0100
 +++ linux-2.6.16.2-grsec/grsecurity/Kconfig	2006-04-11 19:03:04.020561250 +0200
@@ -1090,9 +1088,9 @@
 --- linux-2.6.16.2/ipc/shm.c	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/ipc/shm.c	2006-04-11 17:44:40.121710250 +0200
 @@ -30,6 +30,7 @@
- #include <linux/capability.h>
- #include <linux/ptrace.h>
  #include <linux/seq_file.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
@@ -1170,9 +1168,9 @@
  #include <linux/audit.h>
  #include <linux/capability.h>
 +#include <linux/grsecurity.h>
+ #include <linux/vs_pid.h>
  #include <asm/param.h>
  #include <asm/uaccess.h>
- #include <asm/unistd.h>
 @@ -380,6 +381,7 @@
  		}
  		if (tsk == sig->curr_target)
@@ -1269,8 +1267,8 @@
  #ifdef CONFIG_NET_RADIO
  #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
 @@ -97,6 +98,7 @@
- #include <net/sock.h>
  #include <linux/netfilter.h>
+ #include <linux/vs_socket.h>
  
 +extern void gr_attach_curr_ip(const struct sock *sk);
  static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-grsec-minimal.patch?r1=1.1.2.6&r2=1.1.2.7&f=u

More information about the pld-cvs-commit mailing list