packages: kernel/kernel-apparmor.patch, kernel/kernel-multiarch.config - ap...
arekm
arekm at pld-linux.org
Tue Jul 21 19:14:20 CEST 2009
Author: arekm Date: Tue Jul 21 17:14:19 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- apparmor updated
---- Files affected:
packages/kernel:
kernel-apparmor.patch (1.3 -> 1.4) , kernel-multiarch.config (1.11 -> 1.12)
---- Diffs:
================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.3 packages/kernel/kernel-apparmor.patch:1.4
--- packages/kernel/kernel-apparmor.patch:1.3 Mon Jul 20 14:57:26 2009
+++ packages/kernel/kernel-apparmor.patch Tue Jul 21 19:14:14 2009
@@ -1,3 +1,15 @@
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index fd5cac0..88e2115 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -90,6 +90,7 @@ parameter is applicable:
+ A lot of drivers has their options described inside of
+ Documentation/scsi/.
+ SECURITY Different security models are enabled.
++ SECURITY_DEFAULT set a default security module
+ SELINUX SELinux support is enabled.
+ SERIAL Serial support is enabled.
+ SH SuperH architecture is enabled.
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 4fa2810..9f87073 100644
--- a/include/linux/audit.h
@@ -27,10 +39,26 @@
#define AUDIT_LAST_KERN_ANOM_MSG 1799
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
diff --git a/security/Kconfig b/security/Kconfig
-index bb24477..f3db74c 100644
+index bb24477..739fbb0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -136,6 +136,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
+@@ -60,6 +60,15 @@ config SECURITYFS
+
+ If you are unsure how to answer this question, answer N.
+
++config SECURITY_DEFAULT
++ string "Default security module"
++ depends on SECURITY
++ default ""
++ help
++ This determines the security module used if the security=
++ boot parmater is not provided. If a security module is not
++ specified the first module to register will be used.
++
+ config SECURITY_NETWORK
+ bool "Socket and Networking Security Hooks"
+ depends on SECURITY
+@@ -136,6 +145,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
source security/selinux/Kconfig
source security/smack/Kconfig
source security/tomoyo/Kconfig
@@ -7367,3 +7395,29 @@
+ return ERR_PTR(-EINVAL);
+}
+
+diff --git a/security/security.c b/security/security.c
+index 2840513..99aaebc 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -18,7 +18,7 @@
+ #include <linux/security.h>
+
+ /* Boot-time LSM user choice */
+-static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
++static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_SECURITY_DEFAULT;
+
+ /* things that live in capability.c */
+ extern struct security_operations default_security_ops;
+@@ -82,8 +82,10 @@ __setup("security=", choose_lsm);
+ *
+ * Return true if:
+ * -The passed LSM is the one chosen by user at boot time,
+- * -or user didn't specify a specific LSM and we're the first to ask
+- * for registration permission,
++ * -The passed LSM is configured as the default and the user did not
++ * choose an alternate LSM at boot time.
++ * -or there is no default LSM set and the user didn't specify a
++ * specific LSM and we're the first to ask for registration permission,
+ * -or the passed LSM is currently loaded.
+ * Otherwise, return false.
+ */
================================================================
Index: packages/kernel/kernel-multiarch.config
diff -u packages/kernel/kernel-multiarch.config:1.11 packages/kernel/kernel-multiarch.config:1.12
--- packages/kernel/kernel-multiarch.config:1.11 Tue Jul 21 15:15:29 2009
+++ packages/kernel/kernel-multiarch.config Tue Jul 21 19:14:14 2009
@@ -5543,6 +5543,7 @@
KEYS all=y
KEYS_DEBUG_PROC_KEYS all=n
SECURITY all=y
+SECURITY_DEFAULT all=""
SECURITY_NETWORK all=y
SECURITY_NETWORK_XFRM all=y
SECURITY_PATH all=y
@@ -5550,6 +5551,7 @@
#- file security/selinux/Kconfig goes here
#- file security/smack/Kconfig goes here
#- file security/tomoyo/Kconfig goes here
+#- file security/apparmor/Kconfig goes here
#- file security/integrity/ima/Kconfig goes here
#-
@@ -5915,38 +5917,3 @@
INITRAMFS_COMPRESSION_GZIP all=n
INITRAMFS_COMPRESSION_BZIP2 all=n
INITRAMFS_COMPRESSION_LZMA all=n
-
-#-
-#- *** PROBABLY REMOVED OPTIONS ***
-#-
-DVB_AV7110_FIRMWARE all=n
-DYNAMIC_PRINTK_DEBUG all=n
-FB_CYBLA i386=m
-FB_TRIDENT_ACCEL all=y sparc64=n
-HID_COMPAT all=n
-IDE_ARM all=n
-IGB_LRO all=y
-IWL3945_DEBUG all=n
-IWL3945_LEDS all=y
-IWL3945_RFKILL all=y
-IWLAGN_LEDS all=y
-IWLAGN_SPECTRUM_MEASUREMENT all=y
-IWLCORE all=m
-MD_RAID5_RESHAPE all=y
-MT9M001_PCA9536_SWITCH all=y
-MT9V022_PCA9536_SWITCH all=y
-NL80211 all=y
-PLIST all=y
-RTC_DRV_PPC all=n ppc=y ppc64=y
-SECURITY_DEFAULT all=""
-SND_CS4232 alpha=m i386=m
-SND_WAVEFRONT_FIRMWARE_IN_KERNEL alpha=y i386=y
-SUNRPC_REGISTER_V4 all=n
-USB_PHIDGET all=m
-USB_PHIDGETKIT all=m
-USB_PHIDGETMOTORCONTROL all=m
-USB_PHIDGETSERVO all=m
-USB_SERIAL_CP2101 all=m
-VIDEO_SAA7111 all=m
-VIDEO_SAA7114 all=m
-WDT_501 alpha=y i386=y
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-multiarch.config?r1=1.11&r2=1.12&f=u
More information about the pld-cvs-commit
mailing list