packages: kernel/kernel-apparmor.patch, kernel/kernel-multiarch.config - ap...

arekm arekm at pld-linux.org
Tue Jul 21 19:14:20 CEST 2009 

Author: arekm                        Date: Tue Jul 21 17:14:19 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- apparmor updated

---- Files affected:
packages/kernel:
   kernel-apparmor.patch (1.3 -> 1.4) , kernel-multiarch.config (1.11 -> 1.12) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.3 packages/kernel/kernel-apparmor.patch:1.4
--- packages/kernel/kernel-apparmor.patch:1.3	Mon Jul 20 14:57:26 2009
+++ packages/kernel/kernel-apparmor.patch	Tue Jul 21 19:14:14 2009
@@ -1,3 +1,15 @@
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index fd5cac0..88e2115 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -90,6 +90,7 @@ parameter is applicable:
+ 			A lot of drivers has their options described inside of
+ 			Documentation/scsi/.
+ 	SECURITY Different security models are enabled.
++	SECURITY_DEFAULT set a default security module
+ 	SELINUX SELinux support is enabled.
+ 	SERIAL	Serial support is enabled.
+ 	SH	SuperH architecture is enabled.
 diff --git a/include/linux/audit.h b/include/linux/audit.h
 index 4fa2810..9f87073 100644
 --- a/include/linux/audit.h
@@ -27,10 +39,26 @@
  #define AUDIT_LAST_KERN_ANOM_MSG    1799
  #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 diff --git a/security/Kconfig b/security/Kconfig
-index bb24477..f3db74c 100644
+index bb24477..739fbb0 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -136,6 +136,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
+@@ -60,6 +60,15 @@ config SECURITYFS
+ 
+ 	  If you are unsure how to answer this question, answer N.
+ 
++config SECURITY_DEFAULT
++	string "Default security module"
++	depends on SECURITY
++	default ""
++	help
++          This determines the security module used if the security=
++          boot parmater is not provided.  If a security module is not
++          specified the first module to register will be used.
++
+ config SECURITY_NETWORK
+ 	bool "Socket and Networking Security Hooks"
+ 	depends on SECURITY
+@@ -136,6 +145,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
  source security/selinux/Kconfig
  source security/smack/Kconfig
  source security/tomoyo/Kconfig
@@ -7367,3 +7395,29 @@
 +	return ERR_PTR(-EINVAL);
 +}
 +
+diff --git a/security/security.c b/security/security.c
+index 2840513..99aaebc 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -18,7 +18,7 @@
+ #include <linux/security.h>
+ 
+ /* Boot-time LSM user choice */
+-static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
++static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_SECURITY_DEFAULT;
+ 
+ /* things that live in capability.c */
+ extern struct security_operations default_security_ops;
+@@ -82,8 +82,10 @@ __setup("security=", choose_lsm);
+  *
+  * Return true if:
+  *	-The passed LSM is the one chosen by user at boot time,
+- *	-or user didn't specify a specific LSM and we're the first to ask
+- *	 for registration permission,
++ *	-The passed LSM is configured as the default and the user did not
++ *	 choose an alternate LSM at boot time.
++ *	-or there is no default LSM set and the user didn't specify a
++ *	 specific LSM and we're the first to ask for registration permission,
+  *	-or the passed LSM is currently loaded.
+  * Otherwise, return false.
+  */

================================================================
Index: packages/kernel/kernel-multiarch.config
diff -u packages/kernel/kernel-multiarch.config:1.11 packages/kernel/kernel-multiarch.config:1.12
--- packages/kernel/kernel-multiarch.config:1.11	Tue Jul 21 15:15:29 2009
+++ packages/kernel/kernel-multiarch.config	Tue Jul 21 19:14:14 2009
@@ -5543,6 +5543,7 @@
 KEYS all=y
 KEYS_DEBUG_PROC_KEYS all=n
 SECURITY all=y
+SECURITY_DEFAULT all=""
 SECURITY_NETWORK all=y
 SECURITY_NETWORK_XFRM all=y
 SECURITY_PATH all=y
@@ -5550,6 +5551,7 @@
 #- file security/selinux/Kconfig goes here
 #- file security/smack/Kconfig goes here
 #- file security/tomoyo/Kconfig goes here
+#- file security/apparmor/Kconfig goes here
 #- file security/integrity/ima/Kconfig goes here
 
 #-
@@ -5915,38 +5917,3 @@
 INITRAMFS_COMPRESSION_GZIP all=n
 INITRAMFS_COMPRESSION_BZIP2 all=n
 INITRAMFS_COMPRESSION_LZMA all=n
-
-#-
-#- *** PROBABLY REMOVED OPTIONS ***
-#-
-DVB_AV7110_FIRMWARE all=n
-DYNAMIC_PRINTK_DEBUG all=n
-FB_CYBLA i386=m
-FB_TRIDENT_ACCEL all=y sparc64=n
-HID_COMPAT all=n
-IDE_ARM all=n
-IGB_LRO all=y
-IWL3945_DEBUG all=n
-IWL3945_LEDS all=y
-IWL3945_RFKILL all=y
-IWLAGN_LEDS all=y
-IWLAGN_SPECTRUM_MEASUREMENT all=y
-IWLCORE all=m
-MD_RAID5_RESHAPE all=y
-MT9M001_PCA9536_SWITCH all=y
-MT9V022_PCA9536_SWITCH all=y
-NL80211 all=y
-PLIST all=y
-RTC_DRV_PPC all=n ppc=y ppc64=y
-SECURITY_DEFAULT all=""
-SND_CS4232 alpha=m i386=m
-SND_WAVEFRONT_FIRMWARE_IN_KERNEL alpha=y i386=y
-SUNRPC_REGISTER_V4 all=n
-USB_PHIDGET all=m
-USB_PHIDGETKIT all=m
-USB_PHIDGETMOTORCONTROL all=m
-USB_PHIDGETSERVO all=m
-USB_SERIAL_CP2101 all=m
-VIDEO_SAA7111 all=m
-VIDEO_SAA7114 all=m
-WDT_501 alpha=y i386=y
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.3&r2=1.4&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-multiarch.config?r1=1.11&r2=1.12&f=u

More information about the pld-cvs-commit mailing list