SOURCES: kernel-desktop-grsec-minimal.patch - some fixes for kerne...
sparky
sparky at pld-linux.org
Sat Nov 18 02:04:15 CET 2006
Author: sparky Date: Sat Nov 18 01:04:14 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- some fixes for kernel-desktop
---- Files affected:
SOURCES:
kernel-desktop-grsec-minimal.patch (1.6 -> 1.7)
---- Diffs:
================================================================
Index: SOURCES/kernel-desktop-grsec-minimal.patch
diff -u SOURCES/kernel-desktop-grsec-minimal.patch:1.6 SOURCES/kernel-desktop-grsec-minimal.patch:1.7
--- SOURCES/kernel-desktop-grsec-minimal.patch:1.6 Mon Nov 6 22:16:58 2006
+++ SOURCES/kernel-desktop-grsec-minimal.patch Sat Nov 18 02:04:09 2006
@@ -77,9 +77,9 @@
--- linux-2.6.16.2/fs/namei.c 2006-04-07 18:56:47.000000000 +0200
+++ linux-2.6.16.2-grsec/fs/namei.c 2006-04-11 18:10:35.961452750 +0200
@@ -32,6 +32,7 @@
- #include <linux/vs_tag.h>
- #include <linux/vserver/debug.h>
- #include <linux/vs_cowbl.h>
+ #include <linux/file.h>
+ #include <linux/fcntl.h>
+ #include <linux/namei.h>
+#include <linux/grsecurity.h>
#include <asm/namei.h>
#include <asm/uaccess.h>
@@ -126,12 +126,11 @@
error = __do_follow_link(&path, nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2251,8 +2273,14 @@
+@@ -2251,7 +2273,14 @@
new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
-- error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-- new_dentry, &nd);
+- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+ error = 0;
+ if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
+ old_nd.dentry->d_inode,
@@ -139,7 +138,7 @@
+ error = -EPERM;
+ if (!error)
+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
-+ new_dentry, &nd);
++ new_dentry);
dput(new_dentry);
}
mutex_unlock(&nd.dentry->d_inode->i_mutex);
@@ -290,9 +289,9 @@
+#else
proc_bus = proc_mkdir("bus", NULL);
+#endif
- proc_vx_init();
}
+ static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
--- linux-2.6.16.2/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.16.2-grsec/grsecurity/Kconfig 2006-04-11 19:03:04.020561250 +0200
@@ -900,9 +899,9 @@
--- linux-2.6.16.2/ipc/shm.c 2006-04-07 18:56:47.000000000 +0200
+++ linux-2.6.16.2-grsec/ipc/shm.c 2006-04-11 17:44:40.121710250 +0200
@@ -34,6 +34,7 @@
+ #include <linux/ptrace.h>
+ #include <linux/seq_file.h>
#include <linux/mutex.h>
- #include <linux/vs_context.h>
- #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -1000,9 +999,9 @@
#include <linux/audit.h> /* for audit_free() */
#include <linux/resource.h>
+#include <linux/grsecurity.h>
- #include <linux/vs_limit.h>
- #include <linux/vs_context.h>
- #include <linux/vs_network.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
@@ -97,6 +98,7 @@
}
if (tsk == sig->curr_target)
@@ -1199,7 +1198,7 @@
#ifdef CONFIG_MMU
E(PROC_TGID_SMAPS, "smaps", S_IFREG|S_IRUGO),
#endif
-@@ -1341,7 +1347,11 @@
+@@ -1341,6 +1347,9 @@
if (task_dumpable(task)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
@@ -1207,19 +1206,15 @@
+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
+#endif
}
-+
- /* procfs is xid tagged */
- inode->i_tag = (tag_t)vx_task_xid(task);
security_task_to_inode(task, inode);
-@@ -1375,9 +1385,20 @@
+
+@@ -1375,11 +1385,30 @@
{
struct inode *inode = dentry->d_inode;
struct task_struct *task = get_proc_task(inode);
+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ struct task_struct *tmp = current;
+#endif
- int ret = 0;
-
- if (task) {
+ if (task
+ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
@@ -1230,12 +1225,6 @@
+ )
+ #endif
+ ) {
- int pid = (inode->i_ino >> 16) & 0xFFFF;
-
- if (!proc_pid_visible(task, pid))
-@@ -1385,9 +1406,17 @@
-
- ret = 1;
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+ #ifdef CONFIG_GRKERNSEC_PROC_USER
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
@@ -1306,7 +1295,7 @@
+ #endif
rcu_read_lock();
if (tgid && nr) {
- pos = find_proc_task_by_pid(tgid);
+ pos = find_task_by_pid(tgid);
+ if (pos
+ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ && (tmp->uid && (pos->uid != tmp->uid)
@@ -1367,6 +1356,6 @@
+ }
+#endif
+
- tgid = vx_map_tgid(task->pid);
- if (!proc_pid_visible(task, tgid))
- continue;
+ tgid = task->pid;
+ len = snprintf(buf, sizeof(buf), "%d", tgid);
+ ino = fake_ino(tgid, PROC_TGID_INO);
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/kernel-desktop-grsec-minimal.patch?r1=1.6&r2=1.7&f=u
More information about the pld-cvs-commit
mailing list