packages: kernel/kernel-apparmor.patch, kernel/kernel-aufs2-no-const-grsec....

arekm arekm at pld-linux.org
Wed Aug 24 17:59:56 CEST 2011 

Author: arekm                        Date: Wed Aug 24 15:59:56 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 0.3

---- Files affected:
packages/kernel:
   kernel-apparmor.patch (1.13 -> 1.14) , kernel-aufs2-no-const-grsec.patch (1.6 -> 1.7) , kernel.spec (1.959 -> 1.960) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.13 packages/kernel/kernel-apparmor.patch:1.14
--- packages/kernel/kernel-apparmor.patch:1.13	Wed Aug 24 11:09:53 2011
+++ packages/kernel/kernel-apparmor.patch	Wed Aug 24 17:59:49 2011
@@ -162,27 +162,7 @@
  #include "include/path.h"
  #include "include/policy.h"
  #include "include/procattr.h"
-@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = {
- 	.getprocattr =			apparmor_getprocattr,
- 	.setprocattr =			apparmor_setprocattr,
- 
-+	.socket_create =		apparmor_socket_create,
-+	.socket_bind =			apparmor_socket_bind,
-+	.socket_connect =		apparmor_socket_connect,
-+	.socket_listen =		apparmor_socket_listen,
-+	.socket_accept =		apparmor_socket_accept,
-+	.socket_sendmsg =		apparmor_socket_sendmsg,
-+	.socket_recvmsg =		apparmor_socket_recvmsg,
-+	.socket_getsockname =		apparmor_socket_getsockname,
-+	.socket_getpeername =		apparmor_socket_getpeername,
-+	.socket_getsockopt =		apparmor_socket_getsockopt,
-+	.socket_setsockopt =		apparmor_socket_setsockopt,
-+	.socket_shutdown =		apparmor_socket_shutdown,
-+
- 	.cred_alloc_blank =		apparmor_cred_alloc_blank,
- 	.cred_free =			apparmor_cred_free,
- 	.cred_prepare =			apparmor_cred_prepare,
-@@ -949,4 +950,102 @@ static int apparmor_task_setrlimit(struct task_struct *task,
+@@ -610,5 +611,103 @@ static int apparmor_task_setrlimit(struct task_struct *task,
  	return error;
  }
  
@@ -284,8 +264,28 @@
 +	return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
 +}
 +
- security_initcall(apparmor_init);
-
+ static int apparmor_task_setrlimit(struct task_struct *task,
+ 		unsigned int resource, struct rlimit *new_rlim)
+@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = {
+ 	.getprocattr =			apparmor_getprocattr,
+ 	.setprocattr =			apparmor_setprocattr,
+ 
++	.socket_create =		apparmor_socket_create,
++	.socket_bind =			apparmor_socket_bind,
++	.socket_connect =		apparmor_socket_connect,
++	.socket_listen =		apparmor_socket_listen,
++	.socket_accept =		apparmor_socket_accept,
++	.socket_sendmsg =		apparmor_socket_sendmsg,
++	.socket_recvmsg =		apparmor_socket_recvmsg,
++	.socket_getsockname =		apparmor_socket_getsockname,
++	.socket_getpeername =		apparmor_socket_getpeername,
++	.socket_getsockopt =		apparmor_socket_getsockopt,
++	.socket_setsockopt =		apparmor_socket_setsockopt,
++	.socket_shutdown =		apparmor_socket_shutdown,
++
+ 	.cred_alloc_blank =		apparmor_cred_alloc_blank,
+ 	.cred_free =			apparmor_cred_free,
+ 	.cred_prepare =			apparmor_cred_prepare,
 diff --git a/security/apparmor/net.c b/security/apparmor/net.c
 new file mode 100644
 index 0000000..1765901

================================================================
Index: packages/kernel/kernel-aufs2-no-const-grsec.patch
diff -u packages/kernel/kernel-aufs2-no-const-grsec.patch:1.6 packages/kernel/kernel-aufs2-no-const-grsec.patch:1.7
--- packages/kernel/kernel-aufs2-no-const-grsec.patch:1.6	Wed Aug 24 13:52:00 2011
+++ packages/kernel/kernel-aufs2-no-const-grsec.patch	Wed Aug 24 17:59:49 2011
@@ -70,3 +70,25 @@
  #endif
  
  #ifdef CONFIG_SYSFS
+--- linux-3.0/fs/aufs/f_op_sp.c~	2011-08-24 14:41:55.000000000 +0200
++++ linux-3.0/fs/aufs/f_op_sp.c	2011-08-24 14:54:22.072544774 +0200
+@@ -108,7 +108,7 @@
+ static int aufs_open_sp(struct inode *inode, struct file *file);
+ static struct au_sp_fop {
+ 	int			done;
+-	struct file_operations	fop;	/* not 'const' */
++	file_operations_no_const	fop;	/* not 'const' */
+ 	spinlock_t		spin;
+ } au_sp_fop[AuSp_Last] = {
+ 	[AuSp_FIFO] = {
+@@ -161,7 +161,9 @@ static void au_init_fop_sp(struct file *
+ 		h_file = au_hf_top(file);
+ 		spin_lock(&p->spin);
+ 		if (!p->done) {
+-			p->fop = *h_file->f_op;
++			pax_open_kernel();
++			memcpy((void *)&p->fop, h_file->f_op, sizeof(p->fop));
+ 			p->fop.owner = THIS_MODULE;
++			pax_close_kernel();
+ 			if (p->fop.aio_read)
+ 				p->fop.aio_read = aufs_aio_read_sp;

================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.959 packages/kernel/kernel.spec:1.960
--- packages/kernel/kernel.spec:1.959	Wed Aug 24 13:37:36 2011
+++ packages/kernel/kernel.spec	Wed Aug 24 17:59:49 2011
@@ -95,7 +95,7 @@
 
 %define		basever		3.0
 %define		postver		.3
-%define		rel		0.2
+%define		rel		0.3
 
 %define		_enable_debug_packages			0
 
@@ -1519,6 +1519,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.960  2011/08/24 15:59:49  arekm
+- rel 0.3
+
 Revision 1.959  2011/08/24 11:37:36  arekm
 - switch to aufs3
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.13&r2=1.14&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-aufs2-no-const-grsec.patch?r1=1.6&r2=1.7&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.959&r2=1.960&f=u

More information about the pld-cvs-commit mailing list