SOURCES: kernel-desktop-grsec-minimal.patch - sync with linux-2.6-...
sparky
sparky at pld-linux.org
Mon Nov 6 22:17:04 CET 2006
Author: sparky Date: Mon Nov 6 21:17:03 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- sync with linux-2.6-grsec-minimal.patch @ LINUX_2_6
---- Files affected:
SOURCES:
kernel-desktop-grsec-minimal.patch (1.5 -> 1.6)
---- Diffs:
================================================================
Index: SOURCES/kernel-desktop-grsec-minimal.patch
diff -u SOURCES/kernel-desktop-grsec-minimal.patch:1.5 SOURCES/kernel-desktop-grsec-minimal.patch:1.6
--- SOURCES/kernel-desktop-grsec-minimal.patch:1.5 Fri Jun 23 21:16:39 2006
+++ SOURCES/kernel-desktop-grsec-minimal.patch Mon Nov 6 22:16:58 2006
@@ -1,19 +1,7 @@
-diff -Nur linux-2.6.17-rc6/Makefile linux-2.6.17-rc6.grsec_minimal/Makefile
---- linux-2.6.17-rc6/Makefile 2006-06-13 22:16:34.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/Makefile 2006-06-13 22:18:32.000000000 +0000
-@@ -522,7 +522,7 @@
-
-
- ifeq ($(KBUILD_EXTMOD),)
--core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
-
- vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
- $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-diff -Nur linux-2.6.17-rc6/arch/sparc/Makefile linux-2.6.17-rc6.grsec_minimal/arch/sparc/Makefile
---- linux-2.6.17-rc6/arch/sparc/Makefile 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/arch/sparc/Makefile 2006-06-13 22:18:32.000000000 +0000
-@@ -34,7 +34,7 @@
+diff -urNp linux-2.6.16.2/arch/sparc/Makefile linux-2.6.16.2/arch/sparc/Makefile
+--- linux-2.6.16.2/arch/sparc/Makefile 2006-04-07 12:56:47.000000000 -0400
++++ linux-2.6.16.2/arch/sparc/Makefile 2006-04-09 21:23:54.000000000 -0400
+@@ -34,7 +34,7 @@ libs-y += arch/sparc/prom/ arch/sparc/li
# Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
CORE_Y := $(core-y)
@@ -22,10 +10,22 @@
CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
-diff -Nur linux-2.6.17-rc6/drivers/char/keyboard.c linux-2.6.17-rc6.grsec_minimal/drivers/char/keyboard.c
---- linux-2.6.17-rc6/drivers/char/keyboard.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/drivers/char/keyboard.c 2006-06-13 22:18:32.000000000 +0000
-@@ -618,6 +618,16 @@
+diff -urN linux-2.6.16.2/Makefile linux-2.6.16.2-grsec/Makefile
+--- linux-2.6.16.2/Makefile 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/Makefile 2006-04-11 17:44:40.069707000 +0200
+@@ -556,7 +556,7 @@
+
+
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+
+ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+diff -urN linux-2.6.16.2/drivers/char/keyboard.c linux-2.6.16.2-grsec/drivers/char/keyboard.c
+--- linux-2.6.16.2/drivers/char/keyboard.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/drivers/char/keyboard.c 2006-04-11 17:44:40.073707250 +0200
+@@ -607,6 +607,16 @@
kbd->kbdmode == VC_MEDIUMRAW) &&
value != KVAL(K_SAK))
return; /* SAK is allowed even in raw mode */
@@ -42,34 +42,17 @@
fn_handler[value](vc, regs);
}
-diff -Nur linux-2.6.17-rc6/drivers/pci/proc.c linux-2.6.17-rc6.grsec_minimal/drivers/pci/proc.c
---- linux-2.6.17-rc6/drivers/pci/proc.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/drivers/pci/proc.c 2006-06-13 22:30:59.000000000 +0000
-@@ -407,7 +407,16 @@
- }
-
- sprintf(name, "%02x.%x", PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn));
-+#ifdef CONFIG_GRKERNSEC_PROC_ADD
-+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ e = create_proc_entry(name, S_IFREG | S_IRUGO | S_IWUSR | S_IRUSR, bus->procdir);
-+#elif CONFIG_GRKERNSEC_PROC_USERGROUP
-+ e = create_proc_entry(name, S_IFREG | S_IRUGO | S_IWUSR | S_IRUSR | S_IRGRP, bus->procdir);
-+#endif
-+#else
- e = create_proc_entry(name, S_IFREG | S_IRUGO | S_IWUSR, bus->procdir);
-+#endif
-+
- if (!e)
- return -ENOMEM;
- e->proc_fops = &proc_bus_pci_operations;
-@@ -473,7 +482,15 @@
+diff -urNp linux-2.6.16.2/drivers/pci/proc.c linux-2.6.16.2-grsec/drivers/pci/proc.c
+--- linux-2.6.16.2/drivers/pci/proc.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/drivers/pci/proc.c 2006-04-11 17:44:40.073707250 +0200
+@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
{
struct proc_dir_entry *entry;
struct pci_dev *dev = NULL;
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus);
-+#elif CONFIG_GRKERNSEC_PROC_USERGROUP
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, proc_bus);
+#endif
+#else
@@ -78,10 +61,10 @@
entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
if (entry)
entry->proc_fops = &proc_bus_pci_dev_operations;
-diff -Nur linux-2.6.17-rc6/fs/Kconfig linux-2.6.17-rc6.grsec_minimal/fs/Kconfig
---- linux-2.6.17-rc6/fs/Kconfig 2006-06-13 22:16:34.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/Kconfig 2006-06-13 22:18:32.000000000 +0000
-@@ -796,7 +796,7 @@
+diff -urNp linux-2.6.16.2/fs/Kconfig linux-2.6.16.2-grsec/fs/Kconfig
+--- linux-2.6.16.2/fs/Kconfig 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/Kconfig 2006-04-11 17:44:40.073707250 +0200
+@@ -817,7 +817,7 @@ config PROC_FS
config PROC_KCORE
bool "/proc/kcore support" if !ARM
@@ -90,18 +73,18 @@
config PROC_VMCORE
bool "/proc/vmcore support (EXPERIMENTAL)"
-diff -Nur linux-2.6.17-rc6/fs/namei.c linux-2.6.17-rc6.grsec_minimal/fs/namei.c
---- linux-2.6.17-rc6/fs/namei.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/namei.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/fs/namei.c linux-2.6.16.2-grsec/fs/namei.c
+--- linux-2.6.16.2/fs/namei.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/namei.c 2006-04-11 18:10:35.961452750 +0200
@@ -32,6 +32,7 @@
- #include <linux/file.h>
- #include <linux/fcntl.h>
- #include <linux/namei.h>
+ #include <linux/vs_tag.h>
+ #include <linux/vserver/debug.h>
+ #include <linux/vs_cowbl.h>
+#include <linux/grsecurity.h>
#include <asm/namei.h>
#include <asm/uaccess.h>
-@@ -611,6 +612,13 @@
+@@ -608,6 +609,13 @@
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
@@ -115,7 +98,7 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1658,6 +1666,13 @@
+@@ -1647,6 +1655,13 @@
/*
* It already exists.
*/
@@ -127,9 +110,9 @@
+ }
+
mutex_unlock(&dir->d_inode->i_mutex);
+ audit_inode_update(path.dentry->d_inode);
- error = -EEXIST;
-@@ -1711,6 +1726,13 @@
+@@ -1700,6 +1715,13 @@
error = security_inode_follow_link(path.dentry, nd);
if (error)
goto exit_dput;
@@ -141,27 +124,29 @@
+ }
+
error = __do_follow_link(&path, nd);
- if (error)
- return error;
-@@ -2262,7 +2284,13 @@
+ if (error) {
+ /* Does someone understand code flow here? Or it is only
+@@ -2251,8 +2273,14 @@
new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
-- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+- error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
+- new_dentry, &nd);
+ error = 0;
+ if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
+ old_nd.dentry->d_inode,
+ old_nd.dentry->d_inode->i_mode, to))
+ error = -EPERM;
+ if (!error)
-+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
++ error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
++ new_dentry, &nd);
dput(new_dentry);
}
mutex_unlock(&nd.dentry->d_inode->i_mutex);
-diff -Nur linux-2.6.17-rc6/fs/proc/array.c linux-2.6.17-rc6.grsec_minimal/fs/proc/array.c
---- linux-2.6.17-rc6/fs/proc/array.c 2006-06-13 22:16:33.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/array.c 2006-06-13 22:18:32.000000000 +0000
-@@ -501,3 +501,14 @@
+diff -urN linux-2.6.16.2/fs/proc/array.c linux-2.6.16.2-grsec/fs/proc/array.c
+--- linux-2.6.16.2/fs/proc/array.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/array.c 2006-04-11 17:44:40.077707500 +0200
+@@ -488,3 +488,14 @@
return sprintf(buffer,"%d %d %d %d %d %d %d\n",
size, resident, shared, text, lib, data, 0);
}
@@ -176,125 +161,10 @@
+}
+#endif
+
-diff -Nur linux-2.6.17-rc6/fs/proc/base.c linux-2.6.17-rc6.grsec_minimal/fs/proc/base.c
---- linux-2.6.17-rc6/fs/proc/base.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/base.c 2006-06-13 22:34:44.000000000 +0000
-@@ -125,6 +125,9 @@
- #ifdef CONFIG_AUDITSYSCALL
- PROC_TGID_LOGINUID,
- #endif
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ PROC_TGID_IPADDR,
-+#endif
- PROC_TGID_OOM_SCORE,
- PROC_TGID_OOM_ADJUST,
- PROC_TID_INO,
-@@ -204,6 +207,9 @@
- E(PROC_TGID_EXE, "exe", S_IFLNK|S_IRWXUGO),
- E(PROC_TGID_MOUNTS, "mounts", S_IFREG|S_IRUGO),
- E(PROC_TGID_MOUNTSTATS, "mountstats", S_IFREG|S_IRUSR),
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ E(PROC_TGID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
-+#endif
- #ifdef CONFIG_MMU
- E(PROC_TGID_SMAPS, "smaps", S_IFREG|S_IRUGO),
- #endif
-@@ -1372,6 +1378,9 @@
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
- }
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+#endif
- security_task_to_inode(task, inode);
-
- out:
-@@ -1400,7 +1409,9 @@
- if (pid_alive(task)) {
- if (proc_type(inode) == PROC_TGID_INO || proc_type(inode) == PROC_TID_INO || task_dumpable(task)) {
- inode->i_uid = task->euid;
-+#ifndef CONFIG_GRKERNSEC_PROC_USERGROUP
- inode->i_gid = task->egid;
-+#endif
- } else {
- inode->i_uid = 0;
- inode->i_gid = 0;
-@@ -1728,6 +1739,12 @@
- inode->i_fop = &proc_info_file_operations;
- ei->op.proc_read = proc_pid_status;
- break;
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ case PROC_TGID_IPADDR:
-+ inode->i_fop = &proc_info_file_operations;
-+ ei->op.proc_read = proc_pid_ipaddr;
-+ break;
-+#endif
- case PROC_TID_STAT:
- inode->i_fop = &proc_info_file_operations;
- ei->op.proc_read = proc_tid_stat;
-@@ -2036,6 +2053,17 @@
- if (!task)
- goto out;
-
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (current->uid && (task->uid != current->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ ) {
-+ put_task_struct(task);
-+ goto out;
-+ }
-+#endif
-+
- inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
-
-
-@@ -2043,7 +2071,15 @@
- put_task_struct(task);
- goto out;
- }
-+
-+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
-+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
-+#else
- inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
-+#endif
- inode->i_op = &proc_tgid_base_inode_operations;
- inode->i_fop = &proc_tgid_base_operations;
- inode->i_flags|=S_IMMUTABLE;
-@@ -2135,6 +2171,9 @@
- static int get_tgid_list(int index, unsigned long version, unsigned int *tgids)
- {
- struct task_struct *p;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ struct task_struct *tmp = current;
-+#endif
- int nr_tgids = 0;
-
- index--;
-@@ -2155,6 +2194,14 @@
- int tgid = p->pid;
- if (!pid_alive(p))
- continue;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (tmp->uid && (p->uid != tmp->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ )
-+ continue;
-+#endif
- if (--index >= 0)
- continue;
- tgids[nr_tgids] = tgid;
-diff -Nur linux-2.6.17-rc6/fs/proc/inode.c linux-2.6.17-rc6.grsec_minimal/fs/proc/inode.c
---- linux-2.6.17-rc6/fs/proc/inode.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/inode.c 2006-06-13 22:18:32.000000000 +0000
-@@ -169,7 +169,11 @@
+diff -urNp linux-2.6.16.2/fs/proc/inode.c linux-2.6.16.2-grsec/fs/proc/inode.c
+--- linux-2.6.16.2/fs/proc/inode.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/inode.c 2006-04-11 17:44:40.077707500 +0200
+@@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -304,12 +174,12 @@
inode->i_gid = de->gid;
+#endif
}
- if (de->size)
- inode->i_size = de->size;
-diff -Nur linux-2.6.17-rc6/fs/proc/internal.h linux-2.6.17-rc6.grsec_minimal/fs/proc/internal.h
---- linux-2.6.17-rc6/fs/proc/internal.h 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/internal.h 2006-06-13 22:18:32.000000000 +0000
-@@ -36,6 +36,9 @@
+ if (de->vx_flags)
+ PROC_I(inode)->vx_flags = de->vx_flags;
+diff -urNp linux-2.6.16.2/fs/proc/internal.h linux-2.6.16.2-grsec/fs/proc/internal.h
+--- linux-2.6.16.2/fs/proc/internal.h 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/internal.h 2006-04-11 17:44:40.077707500 +0200
+@@ -36,6 +36,9 @@ extern int proc_tid_stat(struct task_str
extern int proc_tgid_stat(struct task_struct *, char *);
extern int proc_pid_status(struct task_struct *, char *);
extern int proc_pid_statm(struct task_struct *, char *);
@@ -317,21 +187,23 @@
+extern int proc_pid_ipaddr(struct task_struct*,char*);
+#endif
- void free_proc_entry(struct proc_dir_entry *de);
-
-diff -Nur linux-2.6.17-rc6/fs/proc/proc_misc.c linux-2.6.17-rc6.grsec_minimal/fs/proc/proc_misc.c
---- linux-2.6.17-rc6/fs/proc/proc_misc.c 2006-06-13 22:16:33.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/proc_misc.c 2006-06-13 22:41:45.000000000 +0000
-@@ -773,6 +773,8 @@
+ extern struct file_operations proc_maps_operations;
+ extern struct file_operations proc_numa_maps_operations;
+diff -urN linux-2.6.16.2/fs/proc/proc_misc.c linux-2.6.16.2-grsec/fs/proc/proc_misc.c
+--- linux-2.6.16.2/fs/proc/proc_misc.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/proc_misc.c 2006-04-11 17:44:40.109709500 +0200
+@@ -708,6 +708,10 @@
void __init proc_misc_init(void)
{
struct proc_dir_entry *entry;
++#ifdef CONFIG_GRKERNSEC_PROC
+ int gr_mode = 0;
++#endif
+
static struct {
char *name;
int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -791,7 +793,9 @@
+@@ -723,7 +725,9 @@
{"stram", stram_read_proc},
#endif
{"filesystems", filesystems_read_proc},
@@ -340,8 +212,8 @@
+#endif
{"locks", locks_read_proc},
{"execdomains", execdomains_read_proc},
- #ifdef CONFIG_RCU_STATS
-@@ -805,19 +809,36 @@
+ {NULL,}
+@@ -708,19 +712,37 @@
for (p = simple_ones; p->name; p++)
create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
@@ -349,17 +221,18 @@
+ gr_mode = S_IRUSR;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ gr_mode = S_IRUSR | S_IRGRP;
-+#endif
++#endif
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
+ create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL);
-+#endif
-+
++#endif
++
proc_symlink("mounts", NULL, "self/mounts");
/* And now for trickier ones */
entry = create_proc_entry("kmsg", S_IRUSR, &proc_root);
if (entry)
entry->proc_fops = &proc_kmsg_operations;
++
+#ifdef CONFIG_GRKERNSEC_PROC_ADD
+ create_seq_entry("devices", gr_mode, &proc_devinfo_operations);
+#else
@@ -378,27 +251,18 @@
#ifdef CONFIG_DEBUG_SLAB_LEAK
create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
#endif
-@@ -827,7 +848,7 @@
- create_seq_entry("zoneinfo",S_IRUGO, &proc_zoneinfo_file_operations);
- create_seq_entry("diskstats", 0, &proc_diskstats_operations);
- #ifdef CONFIG_MODULES
-- create_seq_entry("modules", 0, &proc_modules_operations);
-+ create_seq_entry("modules", gr_mode, &proc_modules_operations);
- #endif
+@@ -705,7 +726,7 @@ void __init proc_misc_init(void)
#ifdef CONFIG_SCHEDSTATS
create_seq_entry("schedstat", 0, &proc_schedstat_operations);
-@@ -835,7 +856,7 @@
- #ifdef CONFIG_LATENCY_TRACE
- create_seq_entry("latency_trace", 0, &proc_latency_trace_operations);
#endif
-#ifdef CONFIG_PROC_KCORE
+#if defined(CONFIG_PROC_KCORE) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
if (proc_root_kcore) {
proc_root_kcore->proc_fops = &proc_kcore_operations;
-diff -Nur linux-2.6.17-rc6/fs/proc/root.c linux-2.6.17-rc6.grsec_minimal/fs/proc/root.c
---- linux-2.6.17-rc6/fs/proc/root.c 2006-06-06 00:57:02.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/fs/proc/root.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/fs/proc/root.c linux-2.6.16.2-grsec/fs/proc/root.c
+--- linux-2.6.16.2/fs/proc/root.c 2006-04-07 18:56:47.000000000 +0200
++++ linux-2.6.16.2-grsec/fs/proc/root.c 2006-04-11 17:44:40.113709750 +0200
@@ -53,7 +53,13 @@
return;
}
@@ -426,12 +290,12 @@
+#else
proc_bus = proc_mkdir("bus", NULL);
+#endif
+ proc_vx_init();
}
- static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
-diff -Nur linux-2.6.17-rc6/grsecurity/Kconfig linux-2.6.17-rc6.grsec_minimal/grsecurity/Kconfig
---- linux-2.6.17-rc6/grsecurity/Kconfig 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/Kconfig 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
+--- linux-2.6.16.2/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/Kconfig 2006-04-11 19:03:04.020561250 +0200
@@ -0,0 +1,135 @@
+#
+# grecurity configuration
@@ -568,9 +432,9 @@
+ the sysctl entries.
+
+endmenu
-diff -Nur linux-2.6.17-rc6/grsecurity/Makefile linux-2.6.17-rc6.grsec_minimal/grsecurity/Makefile
---- linux-2.6.17-rc6/grsecurity/Makefile 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/Makefile 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/Makefile linux-2.6.16.2-grsec/grsecurity/Makefile
+--- linux-2.6.16.2/grsecurity/Makefile 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/Makefile 2006-04-11 19:03:17.509404250 +0200
@@ -0,0 +1,11 @@
+# All code in this directory and various hooks inserted throughout the kernel
+# are copyright Brad Spengler, and released under the GPL v2 or higher
@@ -583,76 +447,18 @@
+obj-y += grsec_disabled.o
+endif
+
-diff -Nur linux-2.6.17-rc6/grsecurity/grsec_disabled.c linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_disabled.c
---- linux-2.6.17-rc6/grsecurity/grsec_disabled.c 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_disabled.c 2006-06-13 22:18:32.000000000 +0000
-@@ -0,0 +1,63 @@
-+#include <linux/kernel.h>
-+#include <linux/module.h>
-+#include <linux/config.h>
-+#include <linux/sched.h>
-+#include <linux/file.h>
-+#include <linux/fs.h>
-+#include <linux/kdev_t.h>
-+#include <linux/net.h>
-+#include <linux/in.h>
-+#include <linux/ip.h>
-+#include <linux/skbuff.h>
-+#include <linux/sysctl.h>
-+
-+#ifdef CONFIG_SYSCTL
-+__u32
-+gr_handle_sysctl(const struct ctl_table * table, __u32 mode)
-+{
-+ return mode;
-+}
-+#endif
-+
+diff -urN linux-2.6.16.2/grsecurity/grsec_disabled.c linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c
+--- linux-2.6.16.2/grsecurity/grsec_disabled.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c 2006-04-11 17:44:40.113709750 +0200
+@@ -0,0 +1,5 @@
+void
+grsecurity_init(void)
+{
+ return;
+}
-+
-+__u32
-+gr_acl_handle_symlink(const struct dentry * new_dentry,
-+ const struct dentry * parent_dentry,
-+ const struct vfsmount * parent_mnt, const char *from)
-+{
-+ return 1;
-+}
-+
-+__u32
-+gr_acl_handle_link(const struct dentry * new_dentry,
-+ const struct dentry * parent_dentry,
-+ const struct vfsmount * parent_mnt,
-+ const struct dentry * old_dentry,
-+ const struct vfsmount * old_mnt, const char *to)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
-+ const time_t shm_createtime, const uid_t cuid, const int shmid)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
-+{
-+ return 1;
-+}
-+
-+int
-+gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
-+{
-+ return 1;
-+}
-diff -Nur linux-2.6.17-rc6/grsecurity/grsec_fifo.c linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_fifo.c
---- linux-2.6.17-rc6/grsecurity/grsec_fifo.c 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_fifo.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/grsec_fifo.c linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c
+--- linux-2.6.16.2/grsecurity/grsec_fifo.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c 2006-04-11 19:04:02.872239250 +0200
@@ -0,0 +1,20 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -674,9 +480,9 @@
+#endif
+ return 0;
+}
-diff -Nur linux-2.6.17-rc6/grsecurity/grsec_init.c linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_init.c
---- linux-2.6.17-rc6/grsecurity/grsec_init.c 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_init.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/grsec_init.c linux-2.6.16.2-grsec/grsecurity/grsec_init.c
+--- linux-2.6.16.2/grsecurity/grsec_init.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_init.c 2006-04-11 19:04:24.693603000 +0200
@@ -0,0 +1,33 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -711,9 +517,9 @@
+
+ return;
+}
-diff -Nur linux-2.6.17-rc6/grsecurity/grsec_link.c linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_link.c
---- linux-2.6.17-rc6/grsecurity/grsec_link.c 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_link.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/grsec_link.c linux-2.6.16.2-grsec/grsecurity/grsec_link.c
+--- linux-2.6.16.2/grsecurity/grsec_link.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_link.c 2006-04-11 19:04:40.258575750 +0200
@@ -0,0 +1,37 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -752,9 +558,9 @@
+#endif
+ return 0;
+}
-diff -Nur linux-2.6.17-rc6/grsecurity/grsec_sock.c linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_sock.c
---- linux-2.6.17-rc6/grsecurity/grsec_sock.c 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.17-rc6.grsec_minimal/grsecurity/grsec_sock.c 2006-06-13 22:18:32.000000000 +0000
+diff -urN linux-2.6.16.2/grsecurity/grsec_sock.c linux-2.6.16.2-grsec/grsecurity/grsec_sock.c
+--- linux-2.6.16.2/grsecurity/grsec_sock.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16.2-grsec/grsecurity/grsec_sock.c 2006-04-11 19:20:18.301199750 +0200
@@ -0,0 +1,164 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -920,9 +726,9 @@
+#endif
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/kernel-desktop-grsec-minimal.patch?r1=1.5&r2=1.6&f=u
More information about the pld-cvs-commit
mailing list