packages: kernel/kernel-aufs2-no-const-grsec.patch, kernel/kernel-grsec-cap...
arekm
arekm at pld-linux.org
Fri Mar 25 13:45:39 CET 2011
Author: arekm Date: Fri Mar 25 12:45:39 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- update grsec related patches
---- Files affected:
packages/kernel:
kernel-aufs2-no-const-grsec.patch (1.2 -> 1.3) , kernel-grsec-caps.patch (1.2 -> 1.3) , kernel-grsec.config (1.38 -> 1.39) , kernel-grsec_fixes.patch (1.20 -> 1.21)
---- Diffs:
================================================================
Index: packages/kernel/kernel-aufs2-no-const-grsec.patch
diff -u packages/kernel/kernel-aufs2-no-const-grsec.patch:1.2 packages/kernel/kernel-aufs2-no-const-grsec.patch:1.3
--- packages/kernel/kernel-aufs2-no-const-grsec.patch:1.2 Mon Jan 17 12:14:23 2011
+++ packages/kernel/kernel-aufs2-no-const-grsec.patch Fri Mar 25 13:45:34 2011
@@ -61,7 +61,7 @@
};
/*
-@@ -1098,18 +1098,18 @@
+@@ -1098,17 +1098,17 @@
typedef struct files_struct *fl_owner_t;
struct file_lock_operations {
@@ -77,14 +77,12 @@
- int (* const fl_grant)(struct file_lock *, struct file_lock *, int);
- void (* const fl_release_private)(struct file_lock *);
- void (* const fl_break)(struct file_lock *);
-- int (* const fl_mylease)(struct file_lock *, struct file_lock *);
- int (* const fl_change)(struct file_lock **, int);
+ int (* fl_compare_owner)(struct file_lock *, struct file_lock *);
+ void (* fl_notify)(struct file_lock *); /* unblock callback */
+ int (* fl_grant)(struct file_lock *, struct file_lock *, int);
+ void (* fl_release_private)(struct file_lock *);
+ void (* fl_break)(struct file_lock *);
-+ int (* fl_mylease)(struct file_lock *, struct file_lock *);
+ int (* fl_change)(struct file_lock **, int);
};
================================================================
Index: packages/kernel/kernel-grsec-caps.patch
diff -u packages/kernel/kernel-grsec-caps.patch:1.2 packages/kernel/kernel-grsec-caps.patch:1.3
--- packages/kernel/kernel-grsec-caps.patch:1.2 Tue Mar 31 14:04:37 2009
+++ packages/kernel/kernel-grsec-caps.patch Fri Mar 25 13:45:34 2011
@@ -1,11 +1,11 @@
--- e/grsecurity/gracl_cap.c~ 2008-05-18 23:53:55.000000000 +0200
+++ e/grsecurity/gracl_cap.c 2008-05-18 23:55:05.591733291 +0200
@@ -39,7 +39,8 @@ static const char *captab_log[] = {
- "CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
-- "CAP_MAC_ADMIN"
-+ "CAP_MAC_ADMIN",
+ "CAP_MAC_ADMIN",
+- "CAP_SYSLOG"
++ "CAP_SYSLOG",
+ "CAP_CONTEXT"
};
================================================================
Index: packages/kernel/kernel-grsec.config
diff -u packages/kernel/kernel-grsec.config:1.38 packages/kernel/kernel-grsec.config:1.39
--- packages/kernel/kernel-grsec.config:1.38 Fri Oct 15 23:50:31 2010
+++ packages/kernel/kernel-grsec.config Fri Mar 25 13:45:34 2011
@@ -113,3 +113,4 @@
# Networking
CONFIG_NETFILTER_XT_MATCH_GRADM=m
+CONFIG_GRKERNSEC_SYSFS_RESTRICT=n
================================================================
Index: packages/kernel/kernel-grsec_fixes.patch
diff -u packages/kernel/kernel-grsec_fixes.patch:1.20 packages/kernel/kernel-grsec_fixes.patch:1.21
--- packages/kernel/kernel-grsec_fixes.patch:1.20 Wed Jan 19 19:00:46 2011
+++ packages/kernel/kernel-grsec_fixes.patch Fri Mar 25 13:45:34 2011
@@ -146,7 +146,7 @@
- depends on PROC_FS && MMU && !GRKERNSEC
+ default y
+ depends on PROC_FS && MMU
- bool "Enable /proc page monitoring" if EMBEDDED
+ bool "Enable /proc page monitoring" if EXPERT
help
Various /proc files exist to monitor process memory utilization:
--- linux-2.6.34/net/socket.c~ 2010-07-06 15:35:03.398523320 +0200
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-aufs2-no-const-grsec.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec-caps.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec.config?r1=1.38&r2=1.39&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_fixes.patch?r1=1.20&r2=1.21&f=u
More information about the pld-cvs-commit
mailing list