SOURCES: kernel-desktop-grsec-minimal.patch - some fixes for kerne...

Sat Nov 18 02:04:15 CET 2006

Author: sparky                       Date: Sat Nov 18 01:04:14 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- some fixes for kernel-desktop

---- Files affected:
SOURCES:
   kernel-desktop-grsec-minimal.patch (1.6 -> 1.7) 

---- Diffs:

================================================================
Index: SOURCES/kernel-desktop-grsec-minimal.patch
diff -u SOURCES/kernel-desktop-grsec-minimal.patch:1.6 SOURCES/kernel-desktop-grsec-minimal.patch:1.7

--- SOURCES/kernel-desktop-grsec-minimal.patch:1.6	Mon Nov  6 22:16:58 2006
+++ SOURCES/kernel-desktop-grsec-minimal.patch	Sat Nov 18 02:04:09 2006
@@ -77,9 +77,9 @@
 --- linux-2.6.16.2/fs/namei.c	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/fs/namei.c	2006-04-11 18:10:35.961452750 +0200
 @@ -32,6 +32,7 @@
- #include <linux/vs_tag.h>
- #include <linux/vserver/debug.h>
- #include <linux/vs_cowbl.h>
+ #include <linux/file.h>
+ #include <linux/fcntl.h>
+ #include <linux/namei.h>
 +#include <linux/grsecurity.h>
  #include <asm/namei.h>
  #include <asm/uaccess.h>
@@ -126,12 +126,11 @@
  	error = __do_follow_link(&path, nd);
  	if (error) {
  		/* Does someone understand code flow here? Or it is only
-@@ -2251,8 +2273,14 @@
+@@ -2251,7 +2273,14 @@
  	new_dentry = lookup_create(&nd, 0);
  	error = PTR_ERR(new_dentry);
  	if (!IS_ERR(new_dentry)) {
--		error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
--			new_dentry, &nd);
+-		error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
 +		error = 0;
 +		if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
 +				       old_nd.dentry->d_inode,
@@ -139,7 +138,7 @@
 +			error = -EPERM;
 +		if (!error)
 +			error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-+				new_dentry, &nd);
++				new_dentry);
  		dput(new_dentry);
  	}
  	mutex_unlock(&nd.dentry->d_inode->i_mutex);
@@ -290,9 +289,9 @@
 +#else
  	proc_bus = proc_mkdir("bus", NULL);
 +#endif
- 	proc_vx_init();
  }
  
+ static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
 diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
 --- linux-2.6.16.2/grsecurity/Kconfig	1970-01-01 01:00:00.000000000 +0100
 +++ linux-2.6.16.2-grsec/grsecurity/Kconfig	2006-04-11 19:03:04.020561250 +0200
@@ -900,9 +899,9 @@
 --- linux-2.6.16.2/ipc/shm.c	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/ipc/shm.c	2006-04-11 17:44:40.121710250 +0200
 @@ -34,6 +34,7 @@
+ #include <linux/ptrace.h>
+ #include <linux/seq_file.h>
  #include <linux/mutex.h>
- #include <linux/vs_context.h>
- #include <linux/vs_limit.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
@@ -1000,9 +999,9 @@
  #include <linux/audit.h> /* for audit_free() */
  #include <linux/resource.h>
 +#include <linux/grsecurity.h>
- #include <linux/vs_limit.h>
- #include <linux/vs_context.h>
- #include <linux/vs_network.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
 @@ -97,6 +98,7 @@
  		}
  		if (tsk == sig->curr_target)
@@ -1199,7 +1198,7 @@
  #ifdef CONFIG_MMU
  	E(PROC_TGID_SMAPS,     "smaps",   S_IFREG|S_IRUGO),
  #endif
-@@ -1341,7 +1347,11 @@
+@@ -1341,6 +1347,9 @@
  	if (task_dumpable(task)) {
  		inode->i_uid = task->euid;
  		inode->i_gid = task->egid;
@@ -1207,19 +1206,15 @@
 +		inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
 +#endif
  	}
-+
- 	/* procfs is xid tagged */
- 	inode->i_tag = (tag_t)vx_task_xid(task);
  	security_task_to_inode(task, inode);
-@@ -1375,9 +1385,20 @@
+ 
+@@ -1375,11 +1385,30 @@
  {
  	struct inode *inode = dentry->d_inode;
  	struct task_struct *task = get_proc_task(inode);
 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
 +	struct task_struct *tmp = current;
 +#endif
- 	int ret = 0;
- 
 -	if (task) {
 +	if (task
 +	#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
@@ -1230,12 +1225,6 @@
 +		)
 +	#endif
 +	) {
- 		int pid = (inode->i_ino >> 16) & 0xFFFF;
- 
- 		if (!proc_pid_visible(task, pid))
-@@ -1385,9 +1406,17 @@
- 
- 		ret = 1;
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
 +	#ifdef CONFIG_GRKERNSEC_PROC_USER
 +		(inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
@@ -1306,7 +1295,7 @@
 +	#endif
  	rcu_read_lock();
  	if (tgid && nr) {
- 		pos = find_proc_task_by_pid(tgid);
+ 		pos = find_task_by_pid(tgid);
 +		if (pos
 +	#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
 +			&& (tmp->uid && (pos->uid != tmp->uid)
@@ -1367,6 +1356,6 @@
 +		}
 +#endif
 +
- 		tgid = vx_map_tgid(task->pid);
- 		if (!proc_pid_visible(task, tgid))
- 			continue;
+ 		tgid = task->pid;
+ 		len = snprintf(buf, sizeof(buf), "%d", tgid);
+ 		ino = fake_ino(tgid, PROC_TGID_INO);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/kernel-desktop-grsec-minimal.patch?r1=1.6&r2=1.7&f=u

