SOURCES (LINUX_2_6): grsecurity-2.1.9-2.6.17.7.patch - updating fo...
hawk
hawk at pld-linux.org
Mon Aug 7 22:02:43 CEST 2006
Author: hawk Date: Mon Aug 7 20:02:43 2006 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updating for vserver patched kernel, NFY, will finish tomorrow, please
do not touch unless you're grsec guru and want to review my changes :)
---- Files affected:
SOURCES:
grsecurity-2.1.9-2.6.17.7.patch (1.1.2.1 -> 1.1.2.2)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-2.1.9-2.6.17.7.patch
diff -u SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.1 SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.2
--- SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.1 Mon Aug 7 13:45:24 2006
+++ SOURCES/grsecurity-2.1.9-2.6.17.7.patch Mon Aug 7 22:02:38 2006
@@ -51,9 +51,9 @@
--- linux-2.6.17.7/arch/alpha/kernel/ptrace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/arch/alpha/kernel/ptrace.c 2006-08-01 20:29:45.000000000 -0400
@@ -15,6 +15,7 @@
- #include <linux/slab.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -4873,9 +4873,9 @@
--- linux-2.6.17.7/arch/ia64/kernel/ptrace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/arch/ia64/kernel/ptrace.c 2006-08-01 20:29:45.000000000 -0400
@@ -18,6 +18,7 @@
- #include <linux/security.h>
#include <linux/audit.h>
#include <linux/signal.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -4923,9 +4923,9 @@
--- linux-2.6.17.7/arch/ia64/mm/fault.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/arch/ia64/mm/fault.c 2006-08-01 20:29:45.000000000 -0400
@@ -10,6 +10,7 @@
- #include <linux/smp_lock.h>
#include <linux/interrupt.h>
#include <linux/kprobes.h>
+ #include <linux/vs_memory.h>
+#include <linux/binfmts.h>
#include <asm/pgtable.h>
@@ -6096,9 +6096,9 @@
--- linux-2.6.17.7/arch/sparc/kernel/ptrace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/arch/sparc/kernel/ptrace.c 2006-08-01 20:29:46.000000000 -0400
@@ -19,6 +19,7 @@
- #include <linux/smp_lock.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -6467,9 +6467,9 @@
--- linux-2.6.17.7/arch/sparc64/kernel/ptrace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/arch/sparc64/kernel/ptrace.c 2006-08-01 20:29:46.000000000 -0400
@@ -22,6 +22,7 @@
- #include <linux/seccomp.h>
#include <linux/audit.h>
#include <linux/signal.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/asi.h>
@@ -7627,9 +7627,9 @@
--- linux-2.6.17.7/fs/binfmt_aout.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/binfmt_aout.c 2006-08-01 20:29:46.000000000 -0400
@@ -24,6 +24,7 @@
- #include <linux/binfmts.h>
#include <linux/personality.h>
#include <linux/init.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
#include <asm/system.h>
@@ -7711,9 +7711,9 @@
--- linux-2.6.17.7/fs/binfmt_elf.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/binfmt_elf.c 2006-08-01 20:29:46.000000000 -0400
@@ -38,11 +38,16 @@
- #include <linux/security.h>
- #include <linux/syscalls.h>
#include <linux/random.h>
+ #include <linux/vs_memory.h>
+ #include <linux/vs_cvirt.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -8471,9 +8471,9 @@
--- linux-2.6.17.7/fs/exec.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/exec.c 2006-08-01 20:29:46.000000000 -0400
@@ -49,6 +49,8 @@
- #include <linux/rmap.h>
- #include <linux/acct.h>
#include <linux/cn_proc.h>
+ #include <linux/vs_cvirt.h>
+ #include <linux/vs_memory.h>
+#include <linux/random.h>
+#include <linux/grsecurity.h>
@@ -8850,9 +8850,9 @@
--- linux-2.6.17.7/fs/fcntl.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/fcntl.c 2006-08-01 20:29:46.000000000 -0400
@@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
#include <linux/signal.h>
#include <linux/rcupdate.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/poll.h>
@@ -8896,9 +8896,9 @@
--- linux-2.6.17.7/fs/namei.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/namei.c 2006-08-01 20:29:46.000000000 -0400
@@ -32,6 +32,7 @@
- #include <linux/file.h>
- #include <linux/fcntl.h>
- #include <linux/namei.h>
+ #include <linux/vserver/inode.h>
+ #include <linux/vs_tag.h>
+ #include <linux/vserver/debug.h>
+#include <linux/grsecurity.h>
#include <asm/namei.h>
#include <asm/uaccess.h>
@@ -9195,9 +9195,9 @@
--- linux-2.6.17.7/fs/namespace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/namespace.c 2006-08-01 20:29:46.000000000 -0400
@@ -23,6 +23,8 @@
- #include <linux/namei.h>
- #include <linux/security.h>
#include <linux/mount.h>
+ #include <linux/vserver/namespace.h>
+ #include <linux/vserver/tag.h>
+#include <linux/sched.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -9258,9 +9258,9 @@
--- linux-2.6.17.7/fs/open.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/open.c 2006-08-01 20:29:46.000000000 -0400
@@ -28,6 +28,7 @@
- #include <linux/syscalls.h>
- #include <linux/rcupdate.h>
- #include <linux/audit.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_dlimit.h>
+ #include <linux/vserver/tag.h>
+#include <linux/grsecurity.h>
#include <asm/unistd.h>
@@ -9397,15 +9397,6 @@
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
error = notify_change(nd.dentry, &newattrs);
-@@ -695,7 +757,7 @@ asmlinkage long sys_chmod(const char __u
- return sys_fchmodat(AT_FDCWD, filename, mode);
- }
-
--static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
-+static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
- {
- struct inode * inode;
- int error;
@@ -712,6 +774,12 @@ static int chown_common(struct dentry *
error = -EPERM;
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
@@ -9419,42 +9410,6 @@
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -737,7 +805,7 @@ asmlinkage long sys_chown(const char __u
-
- error = user_path_walk(filename, &nd);
- if (!error) {
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- }
- return error;
-@@ -756,7 +824,7 @@ asmlinkage long sys_fchownat(int dfd, co
- follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
- error = __user_walk_fd(dfd, filename, follow, &nd);
- if (!error) {
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- }
- out:
-@@ -770,7 +838,7 @@ asmlinkage long sys_lchown(const char __
-
- error = user_path_walk_link(filename, &nd);
- if (!error) {
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- }
- return error;
-@@ -787,7 +855,7 @@ asmlinkage long sys_fchown(unsigned int
- struct dentry * dentry;
- dentry = file->f_dentry;
- audit_inode(NULL, dentry->d_inode, 0);
-- error = chown_common(dentry, user, group);
-+ error = chown_common(dentry, user, group, file->f_vfsmnt);
- fput(file);
- }
- return error;
@@ -995,6 +1063,7 @@ repeat:
* N.B. For clone tasks sharing a files structure, this test
* will limit the total number of files that can be opened.
@@ -9576,9 +9531,9 @@
--- linux-2.6.17.7/fs/proc/base.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/proc/base.c 2006-08-01 20:29:46.000000000 -0400
@@ -72,6 +72,7 @@
- #include <linux/cpuset.h>
- #include <linux/audit.h>
#include <linux/poll.h>
+ #include <linux/vs_network.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include "internal.h"
@@ -9641,9 +9596,9 @@
static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)
@@ -1372,6 +1395,9 @@ static struct inode *proc_pid_make_inode
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
}
+ /* procfs is xid tagged */
+ inode->i_tag = (tag_t)vx_task_xid(task);
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
+#endif
@@ -9673,9 +9628,9 @@
case PROC_TID_STAT:
inode->i_fop = &proc_info_file_operations;
ei->op.proc_read = proc_tid_stat;
-@@ -2038,6 +2072,22 @@ struct dentry *proc_pid_lookup(struct in
- if (!task)
- goto out;
+@@ -2140,11 +2173,34 @@ struct dentry *proc_pid_lookup(struct in
+ if (!proc_pid_visible(task, tgid))
+ goto out_drop_task;
+ if (gr_check_hidden_task(task)) {
+ put_task_struct(task);
@@ -9694,13 +9649,9 @@
+#endif
+
inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
+ if (!inode)
+ goto out_drop_task;
-
-@@ -2045,7 +2095,15 @@ struct dentry *proc_pid_lookup(struct in
- put_task_struct(task);
- goto out;
- }
-+
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
@@ -9867,9 +9818,9 @@
+#else
proc_bus = proc_mkdir("bus", NULL);
+#endif
+ proc_vx_init();
}
- static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
diff -urNp linux-2.6.17.7/fs/proc/task_mmu.c linux-2.6.17.7/fs/proc/task_mmu.c
--- linux-2.6.17.7/fs/proc/task_mmu.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/fs/proc/task_mmu.c 2006-08-01 20:29:46.000000000 -0400
@@ -19202,15 +19153,10 @@
diff -urNp linux-2.6.17.7/include/asm-i386/elf.h linux-2.6.17.7/include/asm-i386/elf.h
--- linux-2.6.17.7/include/asm-i386/elf.h 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/include/asm-i386/elf.h 2006-08-01 20:29:47.000000000 -0400
-@@ -71,7 +71,22 @@ typedef struct user_fxsr_struct elf_fpxr
- the loader. We need to make sure that it is out of the way of the program
+@@ -71,6 +71,17 @@ typedef struct user_fxsr_struct elf_fpxr
that it will "exec", and that there is sufficient room for the brk. */
-+#ifdef CONFIG_PAX_SEGMEXEC
-+#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
-+#else
- #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
-+#endif
+ #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2)
+
+#ifdef CONFIG_PAX_ASLR
+#define PAX_ELF_ET_DYN_BASE(tsk) 0x10000000UL
@@ -22195,9 +22141,9 @@
--- linux-2.6.17.7/ipc/sem.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/ipc/sem.c 2006-08-01 20:29:48.000000000 -0400
@@ -79,6 +79,7 @@
- #include <linux/capability.h>
#include <linux/seq_file.h>
#include <linux/mutex.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -22225,9 +22171,9 @@
--- linux-2.6.17.7/ipc/shm.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/ipc/shm.c 2006-08-01 20:29:48.000000000 -0400
@@ -33,6 +33,7 @@
- #include <linux/ptrace.h>
- #include <linux/seq_file.h>
#include <linux/mutex.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -22350,9 +22296,9 @@
--- linux-2.6.17.7/kernel/capability.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/capability.c 2006-08-01 20:29:48.000000000 -0400
@@ -12,6 +12,7 @@
- #include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -22384,11 +22330,12 @@
EXPORT_SYMBOL(__capable);
int capable(int cap)
-@@ -249,3 +261,4 @@ int capable(int cap)
+@@ -249,4 +261,5 @@ int capable(int cap)
return __capable(current, cap);
}
EXPORT_SYMBOL(capable);
+EXPORT_SYMBOL(capable_nolog);
+
diff -urNp linux-2.6.17.7/kernel/configs.c linux-2.6.17.7/kernel/configs.c
--- linux-2.6.17.7/kernel/configs.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/configs.c 2006-08-01 20:29:48.000000000 -0400
@@ -22412,10 +22359,9 @@
diff -urNp linux-2.6.17.7/kernel/exit.c linux-2.6.17.7/kernel/exit.c
--- linux-2.6.17.7/kernel/exit.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/exit.c 2006-08-01 20:29:48.000000000 -0400
-@@ -36,6 +36,11 @@
- #include <linux/compat.h>
- #include <linux/pipe_fs_i.h>
- #include <linux/audit.h> /* for audit_free() */
+@@ -41,5 +41,10 @@
+ #include <linux/vs_network.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
+
+#ifdef CONFIG_GRKERNSEC
@@ -22494,9 +22440,9 @@
--- linux-2.6.17.7/kernel/fork.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/fork.c 2006-08-01 20:29:48.000000000 -0400
@@ -44,6 +44,7 @@
- #include <linux/rmap.h>
- #include <linux/acct.h>
- #include <linux/cn_proc.h>
+ #include <linux/vs_network.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -22521,11 +22467,10 @@
mm->cached_hole_size = ~0UL;
if (likely(!mm_alloc_pgd(mm))) {
-@@ -956,6 +957,9 @@ static task_t *copy_process(unsigned lon
- goto fork_out;
+@@ -956,6 +957,8 @@ static task_t *copy_process(unsigned lon
+ if (!vx_nproc_avail(1))
+ goto bad_fork_cleanup_vm;
- retval = -EAGAIN;
-+
+ gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0);
+
if (atomic_read(&p->user->processes) >=
@@ -23105,9 +23050,9 @@
--- linux-2.6.17.7/kernel/posix-cpu-timers.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/posix-cpu-timers.c 2006-08-01 20:29:48.000000000 -0400
@@ -6,6 +6,7 @@
- #include <linux/posix-timers.h>
#include <asm/uaccess.h>
#include <linux/errno.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
static int check_clock(const clockid_t which_clock)
@@ -23123,10 +23068,11 @@
diff -urNp linux-2.6.17.7/kernel/printk.c linux-2.6.17.7/kernel/printk.c
--- linux-2.6.17.7/kernel/printk.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/printk.c 2006-08-01 20:29:48.000000000 -0400
-@@ -31,6 +31,7 @@
- #include <linux/security.h>
+@@ -31,7 +31,8 @@
#include <linux/bootmem.h>
#include <linux/syscalls.h>
+ #include <linux/vs_context.h>
+ #include <linux/vserver/cvirt.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -23147,9 +23093,9 @@
--- linux-2.6.17.7/kernel/ptrace.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/ptrace.c 2006-08-01 20:29:48.000000000 -0400
@@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -23228,26 +23174,26 @@
- if (increment < 0 && !can_nice(current, nice))
+ if (increment < 0 && (!can_nice(current, nice) ||
+ gr_handle_chroot_nice()))
- return -EPERM;
+ return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
retval = security_task_setnice(current, nice);
diff -urNp linux-2.6.17.7/kernel/signal.c linux-2.6.17.7/kernel/signal.c
--- linux-2.6.17.7/kernel/signal.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/signal.c 2006-08-01 20:29:48.000000000 -0400
@@ -25,6 +25,7 @@
- #include <linux/signal.h>
#include <linux/audit.h>
#include <linux/capability.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
-@@ -577,16 +578,18 @@ static int check_kill_permission(int sig
- return error;
+@@ -583,11 +583,11 @@ static int check_kill_permission(int sig
+ (!is_si_special(info) && SI_FROMUSER(info)));
+
error = -EPERM;
- if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
-- && ((sig != SIGCONT) ||
-+ && ((((sig != SIGCONT) ||
+- if (user && ((sig != SIGCONT) ||
++ if (user && ((((sig != SIGCONT) ||
(current->signal->session != t->signal->session))
&& (current->euid ^ t->suid) && (current->euid ^ t->uid)
&& (current->uid ^ t->suid) && (current->uid ^ t->uid)
@@ -23255,6 +23201,10 @@
+ && !capable(CAP_KILL)) || gr_handle_signal(t, sig)))
return error;
+ error = -ESRCH;
+@@ -595,8 +595,10 @@ static int check_kill_permission(int sig
+ return error;
+
error = security_task_kill(t, info, sig);
- if (!error)
+ if (!error) {
@@ -23288,9 +23238,9 @@
--- linux-2.6.17.7/kernel/sys.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/kernel/sys.c 2006-08-01 20:29:48.000000000 -0400
@@ -30,6 +30,7 @@
- #include <linux/tty.h>
- #include <linux/signal.h>
#include <linux/cn_proc.h>
+ #include <linux/vs_cvirt.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#include <linux/compat.h>
@@ -23462,7 +23412,7 @@
@@ -93,6 +94,9 @@ asmlinkage long sys_stime(time_t __user
return err;
- do_settimeofday(&tv);
+ vx_settimeofday(&tv);
+
+ gr_log_timechange();
+
@@ -25512,9 +25462,9 @@
--- linux-2.6.17.7/net/unix/af_unix.c 2006-07-24 23:36:01.000000000 -0400
+++ linux-2.6.17.7/net/unix/af_unix.c 2006-08-01 20:29:48.000000000 -0400
@@ -117,6 +117,7 @@
- #include <linux/mount.h>
- #include <net/checksum.h>
- #include <linux/security.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_network.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
int sysctl_unix_max_dgram_qlen = 10;
@@ -25555,7 +25505,7 @@
+ goto out_mknod_dput;
+ }
+
- err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
+ err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0, NULL);
if (err)
goto out_mknod_dput;
+
@@ -26047,8 +25997,8 @@
int cap_capable (struct task_struct *tsk, int cap)
{
/* Derived from include/linux/sched.h:capable. */
-- if (cap_raised(tsk->cap_effective, cap))
-+ if (cap_raised (tsk->cap_effective, cap) && gr_task_is_capable(tsk, cap))
+- if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap))
++ if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap) && gr_task_is_capable(tsk, cap))
+ return 0;
+ return -EPERM;
+}
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.9-2.6.17.7.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
More information about the pld-cvs-commit
mailing list