SPECS (LINUX_2_6_20): kernel.spec - pax related config changes

mguevara mguevara at pld-linux.org
Fri Mar 2 11:47:32 CET 2007 

Author: mguevara                     Date: Fri Mar  2 10:47:32 2007 GMT
Module: SPECS                         Tag: LINUX_2_6_20
---- Log message:
- pax related config changes

---- Files affected:
SPECS:
   kernel.spec (1.441.2.1698.2.55 -> 1.441.2.1698.2.56) 

---- Diffs:

================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1698.2.55 SPECS/kernel.spec:1.441.2.1698.2.56
--- SPECS/kernel.spec:1.441.2.1698.2.55	Fri Mar  2 02:26:14 2007
+++ SPECS/kernel.spec	Fri Mar  2 11:47:26 2007
@@ -1202,8 +1202,22 @@
 		sed -i 's:# CONFIG_PAX_EMUTRAMP is not set:CONFIG_PAX_EMUTRAMP=y:' $1
 	%endif
 	%ifarch %{ix8664}
-		sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not set:# CONFIG_PAX_MEMORY_UDEREF=y:' $1
+		sed -i 's:# CONFIG_PAX_MEMORY_UDEREF is not set:CONFIG_PAX_MEMORY_UDEREF=y:' $1
 	%endif
+
+	# Now we have to check MAC system integration. Grsecurity (full) uses PAX_HAVE_ACL_FLAGS
+	# setting (direct acces). grsec_minimal probably have no idea about PaX so we probably 
+	# could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be used
+	# PAX_HOOK_ACL_FLAGS. SELinux should also be able to make PaX settings via hooks 
+
+	%if %{with grsec_full}
+		# no change needed CONFIG=PAX_HAVE_ACL_FLAGS=y is taken from the kernel-pax.config
+	%else
+		# grsec_minimal or selinux ?
+		sed -i 's:CONFIG_PAX_HAVE_ACL_FLAGS=y:# CONFIG_PAX_HAVE_ACL_FLAGS is not set:' $1
+		sed -i 's:# CONFIG_PAX_HOOK_ACL_FLAGS is not set:CONFIG_PAX_HOOK_ACL_FLAGS=y:' $1
+	%endif
+
 	return 0
 }
 
@@ -2043,6 +2057,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.1698.2.56  2007/03/02 10:47:26  mguevara
+- pax related config changes
+
 Revision 1.441.2.1698.2.55  2007/03/02 01:26:14  mguevara
 - changed grsec and pax stuff - testing pax-only build (with grsec_minimal)
 - added kernel-grsec_minimal.config
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/kernel.spec?r1=1.441.2.1698.2.55&r2=1.441.2.1698.2.56&f=u

More information about the pld-cvs-commit mailing list