SOURCES: kernel-desktop-grsec-minimal.patch - rediff
sparky
sparky at pld-linux.org
Sat Nov 18 02:19:38 CET 2006
Author: sparky Date: Sat Nov 18 01:19:37 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- rediff
---- Files affected:
SOURCES:
kernel-desktop-grsec-minimal.patch (1.7 -> 1.8)
---- Diffs:
================================================================
Index: SOURCES/kernel-desktop-grsec-minimal.patch
diff -u SOURCES/kernel-desktop-grsec-minimal.patch:1.7 SOURCES/kernel-desktop-grsec-minimal.patch:1.8
--- SOURCES/kernel-desktop-grsec-minimal.patch:1.7 Sat Nov 18 02:04:09 2006
+++ SOURCES/kernel-desktop-grsec-minimal.patch Sat Nov 18 02:19:32 2006
@@ -1,19 +1,6 @@
-diff -urNp linux-2.6.16.2/arch/sparc/Makefile linux-2.6.16.2/arch/sparc/Makefile
---- linux-2.6.16.2/arch/sparc/Makefile 2006-04-07 12:56:47.000000000 -0400
-+++ linux-2.6.16.2/arch/sparc/Makefile 2006-04-09 21:23:54.000000000 -0400
-@@ -34,7 +34,7 @@ libs-y += arch/sparc/prom/ arch/sparc/li
- # Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
- INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
- CORE_Y := $(core-y)
--CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
-+CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
- CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
- DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
- NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
-diff -urN linux-2.6.16.2/Makefile linux-2.6.16.2-grsec/Makefile
---- linux-2.6.16.2/Makefile 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/Makefile 2006-04-11 17:44:40.069707000 +0200
-@@ -556,7 +556,7 @@
+--- linux-2.6.18.orig/Makefile 2006-11-18 01:09:45.000000000 +0000
++++ linux-2.6.18.grsec-minimal/Makefile 2006-11-18 01:11:02.000000000 +0000
+@@ -552,7 +552,7 @@
ifeq ($(KBUILD_EXTMOD),)
@@ -22,10 +9,20 @@
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-diff -urN linux-2.6.16.2/drivers/char/keyboard.c linux-2.6.16.2-grsec/drivers/char/keyboard.c
---- linux-2.6.16.2/drivers/char/keyboard.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/drivers/char/keyboard.c 2006-04-11 17:44:40.073707250 +0200
-@@ -607,6 +607,16 @@
+--- linux-2.6.18.orig/arch/sparc/Makefile 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/arch/sparc/Makefile 2006-11-18 01:11:02.000000000 +0000
+@@ -34,7 +34,7 @@
+ # Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
+ INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
+ CORE_Y := $(core-y)
+-CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
+ DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
+ NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
+--- linux-2.6.18.orig/drivers/char/keyboard.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/drivers/char/keyboard.c 2006-11-18 01:11:02.000000000 +0000
+@@ -618,6 +618,16 @@
kbd->kbdmode == VC_MEDIUMRAW) &&
value != KVAL(K_SAK))
return; /* SAK is allowed even in raw mode */
@@ -42,10 +39,9 @@
fn_handler[value](vc, regs);
}
-diff -urNp linux-2.6.16.2/drivers/pci/proc.c linux-2.6.16.2-grsec/drivers/pci/proc.c
---- linux-2.6.16.2/drivers/pci/proc.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/drivers/pci/proc.c 2006-04-11 17:44:40.073707250 +0200
-@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
+--- linux-2.6.18.orig/drivers/pci/proc.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/drivers/pci/proc.c 2006-11-18 01:11:02.000000000 +0000
+@@ -467,7 +467,15 @@
{
struct proc_dir_entry *entry;
struct pci_dev *dev = NULL;
@@ -61,10 +57,9 @@
entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
if (entry)
entry->proc_fops = &proc_bus_pci_dev_operations;
-diff -urNp linux-2.6.16.2/fs/Kconfig linux-2.6.16.2-grsec/fs/Kconfig
---- linux-2.6.16.2/fs/Kconfig 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/Kconfig 2006-04-11 17:44:40.073707250 +0200
-@@ -817,7 +817,7 @@ config PROC_FS
+--- linux-2.6.18.orig/fs/Kconfig 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/Kconfig 2006-11-18 01:11:02.000000000 +0000
+@@ -817,7 +817,7 @@
config PROC_KCORE
bool "/proc/kcore support" if !ARM
@@ -73,9 +68,8 @@
config PROC_VMCORE
bool "/proc/vmcore support (EXPERIMENTAL)"
-diff -urN linux-2.6.16.2/fs/namei.c linux-2.6.16.2-grsec/fs/namei.c
---- linux-2.6.16.2/fs/namei.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/namei.c 2006-04-11 18:10:35.961452750 +0200
+--- linux-2.6.18.orig/fs/namei.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/namei.c 2006-11-18 01:11:02.000000000 +0000
@@ -32,6 +32,7 @@
#include <linux/file.h>
#include <linux/fcntl.h>
@@ -84,7 +78,7 @@
#include <asm/namei.h>
#include <asm/uaccess.h>
-@@ -608,6 +609,13 @@
+@@ -618,6 +619,13 @@
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
@@ -98,7 +92,7 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1647,6 +1655,13 @@
+@@ -1665,6 +1673,13 @@
/*
* It already exists.
*/
@@ -112,7 +106,7 @@
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode_update(path.dentry->d_inode);
-@@ -1700,6 +1715,13 @@
+@@ -1720,6 +1735,13 @@
error = security_inode_follow_link(path.dentry, nd);
if (error)
goto exit_dput;
@@ -126,7 +120,7 @@
error = __do_follow_link(&path, nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2251,7 +2273,14 @@
+@@ -2281,7 +2303,14 @@
new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
@@ -142,10 +136,9 @@
dput(new_dentry);
}
mutex_unlock(&nd.dentry->d_inode->i_mutex);
-diff -urN linux-2.6.16.2/fs/proc/array.c linux-2.6.16.2-grsec/fs/proc/array.c
---- linux-2.6.16.2/fs/proc/array.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/array.c 2006-04-11 17:44:40.077707500 +0200
-@@ -488,3 +488,14 @@
+--- linux-2.6.18.orig/fs/proc/array.c 2006-11-18 01:09:47.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/array.c 2006-11-18 01:11:02.000000000 +0000
+@@ -486,3 +486,14 @@
return sprintf(buffer,"%d %d %d %d %d %d %d\n",
size, resident, shared, text, lib, data, 0);
}
@@ -160,10 +153,192 @@
+}
+#endif
+
-diff -urNp linux-2.6.16.2/fs/proc/inode.c linux-2.6.16.2-grsec/fs/proc/inode.c
---- linux-2.6.16.2/fs/proc/inode.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/inode.c 2006-04-11 17:44:40.077707500 +0200
-@@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe
+--- linux-2.6.18.orig/fs/proc/base.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/base.c 2006-11-18 01:11:02.000000000 +0000
+@@ -136,6 +136,9 @@
+ #ifdef CONFIG_AUDITSYSCALL
+ PROC_TGID_LOGINUID,
+ #endif
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++ PROC_TGID_IPADDR,
++#endif
+ PROC_TGID_OOM_SCORE,
+ PROC_TGID_OOM_ADJUST,
+ PROC_TID_INO,
+@@ -220,6 +223,9 @@
+ E(PROC_TGID_EXE, "exe", S_IFLNK|S_IRWXUGO),
+ E(PROC_TGID_MOUNTS, "mounts", S_IFREG|S_IRUGO),
+ E(PROC_TGID_MOUNTSTATS, "mountstats", S_IFREG|S_IRUSR),
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++ E(PROC_TGID_IPADDR, "ipaddr", S_IFREG|S_IRUSR),
++#endif
+ #ifdef CONFIG_MMU
+ E(PROC_TGID_SMAPS, "smaps", S_IFREG|S_IRUGO),
+ #endif
+@@ -1321,6 +1327,9 @@
+ if (task_dumpable(task)) {
+ inode->i_uid = task->euid;
+ inode->i_gid = task->egid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#endif
+ }
+ security_task_to_inode(task, inode);
+
+@@ -1353,11 +1362,30 @@
+ {
+ struct inode *inode = dentry->d_inode;
+ struct task_struct *task = get_proc_task(inode);
+- if (task) {
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ struct task_struct *tmp = current;
++#endif
++ if (task
++ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ && (!tmp->uid || (tmp->uid == task->uid)
++ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++ #endif
++ )
++ #endif
++ ) {
+ if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
++ #ifdef CONFIG_GRKERNSEC_PROC_USER
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
++ #elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
++ #endif
+ task_dumpable(task)) {
+ inode->i_uid = task->euid;
+ inode->i_gid = task->egid;
++ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++ #endif
+ } else {
+ inode->i_uid = 0;
+ inode->i_gid = 0;
+@@ -1383,9 +1411,17 @@
+ task = pid_task(proc_pid(inode), PIDTYPE_PID);
+ if (task) {
+ if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
++#endif
+ task_dumpable(task)) {
+ stat->uid = task->euid;
+ stat->gid = task->egid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
++#endif
+ }
+ }
+ rcu_read_unlock();
+@@ -1721,6 +1757,12 @@
+ inode->i_fop = &proc_info_file_operations;
+ ei->op.proc_read = proc_pid_status;
+ break;
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++ case PROC_TGID_IPADDR:
++ inode->i_fop = &proc_info_file_operations;
++ ei->op.proc_read = proc_pid_ipaddr;
++ break;
++#endif
+ case PROC_TID_STAT:
+ inode->i_fop = &proc_info_file_operations;
+ ei->op.proc_read = proc_tid_stat;
+@@ -2061,7 +2103,14 @@
+ if (!inode)
+ goto out_put_task;
+
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
++#else
+ inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
++#endif
+ inode->i_op = &proc_tgid_base_inode_operations;
+ inode->i_fop = &proc_tgid_base_operations;
+ inode->i_flags|=S_IMMUTABLE;
+@@ -2155,12 +2204,27 @@
+ static struct task_struct *first_tgid(int tgid, unsigned int nr)
+ {
+ struct task_struct *pos;
++ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ struct task_struct *tmp = current;
++ #endif
+ rcu_read_lock();
+ if (tgid && nr) {
+ pos = find_task_by_pid(tgid);
++ if (pos
++ #if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ && (tmp->uid && (pos->uid != tmp->uid)
++ #ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++ #endif
++ )
++ #endif
++ )
++ goto not_found;
++
+ if (pos && thread_group_leader(pos))
+ goto found;
+ }
++ not_found:
+ /* If nr exceeds the number of processes get out quickly */
+ pos = NULL;
+ if (nr && nr >= nr_processes())
+@@ -2175,6 +2239,16 @@
+ pos = NULL;
+ goto done;
+ }
++ if (pos
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ && (tmp->uid && (pos->uid != tmp->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++ )
++#endif
++ )
++ nr++;
+ }
+ found:
+ get_task_struct(pos);
+@@ -2212,6 +2286,9 @@
+ {
+ char buf[PROC_NUMBUF];
+ unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ struct task_struct *tmp = current;
++#endif
+ struct task_struct *task;
+ int tgid;
+
+@@ -2234,6 +2311,17 @@
+ task = next_tgid(task), filp->f_pos++) {
+ int len;
+ ino_t ino;
++
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ if (tmp->uid && (task->uid != tmp->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++ ) {
++ continue;
++ }
++#endif
++
+ tgid = task->pid;
+ len = snprintf(buf, sizeof(buf), "%d", tgid);
+ ino = fake_ino(tgid, PROC_TGID_INO);
+--- linux-2.6.18.orig/fs/proc/inode.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/inode.c 2006-11-18 01:11:02.000000000 +0000
+@@ -166,7 +166,11 @@
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -173,12 +348,11 @@
inode->i_gid = de->gid;
+#endif
}
- if (de->vx_flags)
- PROC_I(inode)->vx_flags = de->vx_flags;
-diff -urNp linux-2.6.16.2/fs/proc/internal.h linux-2.6.16.2-grsec/fs/proc/internal.h
---- linux-2.6.16.2/fs/proc/internal.h 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/internal.h 2006-04-11 17:44:40.077707500 +0200
-@@ -36,6 +36,9 @@ extern int proc_tid_stat(struct task_str
+ if (de->size)
+ inode->i_size = de->size;
+--- linux-2.6.18.orig/fs/proc/internal.h 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/internal.h 2006-11-18 01:11:02.000000000 +0000
+@@ -36,6 +36,9 @@
extern int proc_tgid_stat(struct task_struct *, char *);
extern int proc_pid_status(struct task_struct *, char *);
extern int proc_pid_statm(struct task_struct *, char *);
@@ -188,10 +362,9 @@
extern struct file_operations proc_maps_operations;
extern struct file_operations proc_numa_maps_operations;
-diff -urN linux-2.6.16.2/fs/proc/proc_misc.c linux-2.6.16.2-grsec/fs/proc/proc_misc.c
---- linux-2.6.16.2/fs/proc/proc_misc.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/proc_misc.c 2006-04-11 17:44:40.109709500 +0200
-@@ -708,6 +708,10 @@
+--- linux-2.6.18.orig/fs/proc/proc_misc.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/proc_misc.c 2006-11-18 01:11:02.000000000 +0000
+@@ -655,6 +655,10 @@
void __init proc_misc_init(void)
{
struct proc_dir_entry *entry;
@@ -202,7 +375,7 @@
static struct {
char *name;
int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -723,7 +725,9 @@
+@@ -670,7 +674,9 @@
{"stram", stram_read_proc},
#endif
{"filesystems", filesystems_read_proc},
@@ -212,7 +385,7 @@
{"locks", locks_read_proc},
{"execdomains", execdomains_read_proc},
{NULL,}
-@@ -708,19 +712,37 @@
+@@ -678,19 +684,37 @@
for (p = simple_ones; p->name; p++)
create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
@@ -250,7 +423,7 @@
#ifdef CONFIG_DEBUG_SLAB_LEAK
create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
#endif
-@@ -705,7 +726,7 @@ void __init proc_misc_init(void)
+@@ -705,7 +729,7 @@
#ifdef CONFIG_SCHEDSTATS
create_seq_entry("schedstat", 0, &proc_schedstat_operations);
#endif
@@ -259,10 +432,9 @@
proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
if (proc_root_kcore) {
proc_root_kcore->proc_fops = &proc_kcore_operations;
-diff -urN linux-2.6.16.2/fs/proc/root.c linux-2.6.16.2-grsec/fs/proc/root.c
---- linux-2.6.16.2/fs/proc/root.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/root.c 2006-04-11 17:44:40.113709750 +0200
-@@ -53,7 +53,13 @@
+--- linux-2.6.18.orig/fs/proc/root.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/fs/proc/root.c 2006-11-18 01:11:02.000000000 +0000
+@@ -52,7 +52,13 @@
return;
}
proc_misc_init();
@@ -276,7 +448,7 @@
proc_net_stat = proc_mkdir("net/stat", NULL);
#ifdef CONFIG_SYSVIPC
-@@ -77,7 +83,15 @@
+@@ -76,7 +82,15 @@
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
@@ -292,9 +464,8 @@
}
static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
-diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
---- linux-2.6.16.2/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/Kconfig 2006-04-11 19:03:04.020561250 +0200
+--- linux-2.6.18.orig/grsecurity/Kconfig 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/Kconfig 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,135 @@
+#
+# grecurity configuration
@@ -431,9 +602,8 @@
+ the sysctl entries.
+
+endmenu
-diff -urN linux-2.6.16.2/grsecurity/Makefile linux-2.6.16.2-grsec/grsecurity/Makefile
---- linux-2.6.16.2/grsecurity/Makefile 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/Makefile 2006-04-11 19:03:17.509404250 +0200
+--- linux-2.6.18.orig/grsecurity/Makefile 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/Makefile 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,11 @@
+# All code in this directory and various hooks inserted throughout the kernel
+# are copyright Brad Spengler, and released under the GPL v2 or higher
@@ -446,18 +616,16 @@
+obj-y += grsec_disabled.o
+endif
+
-diff -urN linux-2.6.16.2/grsecurity/grsec_disabled.c linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c
---- linux-2.6.16.2/grsecurity/grsec_disabled.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c 2006-04-11 17:44:40.113709750 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_disabled.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_disabled.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,5 @@
+void
+grsecurity_init(void)
+{
+ return;
+}
-diff -urN linux-2.6.16.2/grsecurity/grsec_fifo.c linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c
---- linux-2.6.16.2/grsecurity/grsec_fifo.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c 2006-04-11 19:04:02.872239250 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_fifo.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_fifo.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,20 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -479,9 +647,8 @@
+#endif
+ return 0;
+}
-diff -urN linux-2.6.16.2/grsecurity/grsec_init.c linux-2.6.16.2-grsec/grsecurity/grsec_init.c
---- linux-2.6.16.2/grsecurity/grsec_init.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_init.c 2006-04-11 19:04:24.693603000 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_init.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_init.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,33 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -516,9 +683,8 @@
+
+ return;
+}
-diff -urN linux-2.6.16.2/grsecurity/grsec_link.c linux-2.6.16.2-grsec/grsecurity/grsec_link.c
---- linux-2.6.16.2/grsecurity/grsec_link.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_link.c 2006-04-11 19:04:40.258575750 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_link.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_link.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,37 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -557,9 +723,8 @@
+#endif
+ return 0;
+}
-diff -urN linux-2.6.16.2/grsecurity/grsec_sock.c linux-2.6.16.2-grsec/grsecurity/grsec_sock.c
---- linux-2.6.16.2/grsecurity/grsec_sock.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_sock.c 2006-04-11 19:20:18.301199750 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_sock.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_sock.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,164 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -725,9 +890,8 @@
+#endif
+ return;
+}
-diff -urN linux-2.6.16.2/grsecurity/grsec_sysctl.c linux-2.6.16.2-grsec/grsecurity/grsec_sysctl.c
---- linux-2.6.16.2/grsecurity/grsec_sysctl.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_sysctl.c 2006-04-11 19:04:50.363207250 +0200
+--- linux-2.6.18.orig/grsecurity/grsec_sysctl.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/grsecurity/grsec_sysctl.c 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,65 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -794,9 +958,8 @@
+ { .ctl_name = 0 }
+};
+#endif
-diff -urN linux-2.6.16.2/include/linux/grinternal.h linux-2.6.16.2-grsec/include/linux/grinternal.h
---- linux-2.6.16.2/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/include/linux/grinternal.h 2006-04-11 19:03:34.734480750 +0200
+--- linux-2.6.18.orig/include/linux/grinternal.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/include/linux/grinternal.h 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,15 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -813,9 +976,8 @@
+#endif
+
+#endif
-diff -urN linux-2.6.16.2/include/linux/grsecurity.h linux-2.6.16.2-grsec/include/linux/grsecurity.h
---- linux-2.6.16.2/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/include/linux/grsecurity.h 2006-04-11 18:06:03.000000000 +0200
+--- linux-2.6.18.orig/include/linux/grsecurity.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.18.grsec-minimal/include/linux/grsecurity.h 2006-11-18 01:11:02.000000000 +0000
@@ -0,0 +1,34 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
@@ -851,10 +1013,9 @@
+#endif
+
+#endif
-diff -urNp linux-2.6.16.2/include/linux/sched.h linux-2.6.16.2-grsec/include/linux/sched.h
---- linux-2.6.16.2/include/linux/sched.h 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/include/linux/sched.h 2006-04-11 19:14:15.574530750 +0200
-@@ -474,6 +474,13 @@ struct signal_struct {
+--- linux-2.6.18.orig/include/linux/sched.h 2006-11-18 01:09:47.000000000 +0000
++++ linux-2.6.18.grsec-minimal/include/linux/sched.h 2006-11-18 01:11:02.000000000 +0000
+@@ -475,6 +475,13 @@
spinlock_t stats_lock;
struct taskstats *stats;
#endif
@@ -868,9 +1029,8 @@
};
/* Context switch must be unlocked if interrupts are to be enabled */
-diff -urN linux-2.6.16.2/include/linux/shm.h linux-2.6.16.2-grsec/include/linux/shm.h
---- linux-2.6.16.2/include/linux/shm.h 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/include/linux/shm.h 2006-04-11 17:44:40.121710250 +0200
+--- linux-2.6.18.orig/include/linux/shm.h 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/include/linux/shm.h 2006-11-18 01:11:02.000000000 +0000
@@ -86,6 +86,10 @@
pid_t shm_cprid;
pid_t shm_lprid;
@@ -882,10 +1042,9 @@
};
/* shm_mode upper byte flags */
-diff -urN linux-2.6.16.2/include/linux/sysctl.h linux-2.6.16.2-grsec/include/linux/sysctl.h
---- linux-2.6.16.2/include/linux/sysctl.h 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/include/linux/sysctl.h 2006-04-11 18:09:09.244033250 +0200
-@@ -155,6 +155,9 @@
+--- linux-2.6.18.orig/include/linux/sysctl.h 2006-11-18 01:09:47.000000000 +0000
++++ linux-2.6.18.grsec-minimal/include/linux/sysctl.h 2006-11-18 01:11:02.000000000 +0000
+@@ -160,6 +160,9 @@
/* CTL_VM names: */
enum
{
@@ -895,10 +1054,9 @@
VM_UNUSED1=1, /* was: struct: Set vm swapping control */
VM_UNUSED2=2, /* was; int: Linear or sqrt() swapout for hogs */
VM_UNUSED3=3, /* was: struct: Set free page thresholds */
-diff -urNp linux-2.6.16.2/ipc/shm.c linux-2.6.16.2-grsec/ipc/shm.c
---- linux-2.6.16.2/ipc/shm.c 2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/ipc/shm.c 2006-04-11 17:44:40.121710250 +0200
-@@ -34,6 +34,7 @@
+--- linux-2.6.18.orig/ipc/shm.c 2006-09-20 03:42:06.000000000 +0000
++++ linux-2.6.18.grsec-minimal/ipc/shm.c 2006-11-18 01:11:02.000000000 +0000
+@@ -32,6 +32,7 @@
#include <linux/ptrace.h>
#include <linux/seq_file.h>
#include <linux/mutex.h>
@@ -906,7 +1064,7 @@
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/kernel-desktop-grsec-minimal.patch?r1=1.7&r2=1.8&f=u
More information about the pld-cvs-commit
mailing list