SOURCES (LINUX_2_6): grsecurity-2.1.9-2.6.19.1.patch - work in pro...

mguevara mguevara at pld-linux.org
Sat Dec 16 01:29:09 CET 2006


Author: mguevara                     Date: Sat Dec 16 00:29:09 2006 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- work in progress
- still open:
	2 out of 5 hunks FAILED -- saving rejects to file net/unix/af_unix.c.rej
	2 out of 5 hunks FAILED -- saving rejects to file security/commoncap.c.rej
	1 out of 2 hunks FAILED -- saving rejects to file security/dummy.c.rej

---- Files affected:
SOURCES:
   grsecurity-2.1.9-2.6.19.1.patch (1.1.2.2 -> 1.1.2.3) 

---- Diffs:

================================================================
Index: SOURCES/grsecurity-2.1.9-2.6.19.1.patch
diff -u SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.2 SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.3
--- SOURCES/grsecurity-2.1.9-2.6.19.1.patch:1.1.2.2	Fri Dec 15 17:13:19 2006
+++ SOURCES/grsecurity-2.1.9-2.6.19.1.patch	Sat Dec 16 01:29:04 2006
@@ -24923,6 +24923,7 @@
  #include <linux/seq_file.h>
  #include <linux/mutex.h>
  #include <linux/nsproxy.h>
+ #include <linux/vs_base.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/current.h>
@@ -24948,9 +24949,10 @@
 --- linux-2.6.19.1/ipc/sem.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/ipc/sem.c	2006-12-03 15:16:26.000000000 -0500
 @@ -83,6 +83,7 @@
- #include <linux/seq_file.h>
  #include <linux/mutex.h>
  #include <linux/nsproxy.h>
+ #include <linux/vs_base.h>
+ #include <linux/vs_limit.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
@@ -24977,9 +24979,9 @@
 --- linux-2.6.19.1/ipc/shm.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/ipc/shm.c	2006-12-03 15:16:26.000000000 -0500
 @@ -37,6 +37,7 @@
- #include <linux/seq_file.h>
- #include <linux/mutex.h>
  #include <linux/nsproxy.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
@@ -25117,9 +25119,9 @@
 --- linux-2.6.19.1/kernel/capability.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/capability.c	2006-12-03 15:16:26.000000000 -0500
 @@ -12,6 +12,7 @@
- #include <linux/module.h>
  #include <linux/security.h>
  #include <linux/syscalls.h>
+ #include <linux/vs_context.h>
 +#include <linux/grsecurity.h>
  #include <asm/uaccess.h>
  
@@ -25180,9 +25182,9 @@
 --- linux-2.6.19.1/kernel/exit.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/exit.c	2006-12-03 15:16:26.000000000 -0500
 @@ -41,6 +41,11 @@
- #include <linux/audit.h> /* for audit_free() */
- #include <linux/resource.h>
- #include <linux/blkdev.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_network.h>
 +#include <linux/grsecurity.h>
 +
 +#ifdef CONFIG_GRKERNSEC
@@ -25262,9 +25264,9 @@
 --- linux-2.6.19.1/kernel/fork.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/fork.c	2006-12-03 15:16:26.000000000 -0500
 @@ -48,6 +48,7 @@
- #include <linux/delayacct.h>
- #include <linux/taskstats_kern.h>
- #include <linux/random.h>
+ #include <linux/vs_network.h>                                                                                                                                                      
+ #include <linux/vs_limit.h>
+ #include <linux/vs_memory.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/pgtable.h>
@@ -25299,9 +25301,9 @@
  
  	if (likely(!mm_alloc_pgd(mm))) {
 @@ -990,6 +991,9 @@ static struct task_struct *copy_process(
- 	DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
- #endif
- 	retval = -EAGAIN;
+ 	if (!vx_nproc_avail(1))
+ 		goto bad_fork_cleanup_vm;
+
 +
 +	gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0);
 +
@@ -25844,9 +25846,9 @@
 --- linux-2.6.19.1/kernel/pid.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/pid.c	2006-12-03 15:16:26.000000000 -0500
 @@ -27,6 +27,7 @@
- #include <linux/bootmem.h>
  #include <linux/hash.h>
  #include <linux/pspace.h>
+ #include <linux/vs_pid.h>
 +#include <linux/grsecurity.h>
  
  #define pid_hashfn(nr) hash_long((unsigned long)nr, pidhash_shift)
@@ -25871,13 +25873,17 @@
  	if (pid >= pid_max)
  		pid = RESERVED_PIDS;
  	offset = pid & BITS_PER_PAGE_MASK;
-@@ -299,7 +302,14 @@ struct task_struct * fastcall pid_task(s
+@@ -299,11 +302,18 @@ struct task_struct * fastcall pid_task(s
   */
  struct task_struct *find_task_by_pid_type(int type, int nr)
  {
++       struct task_struct *task;
++
+ 	if (type == PIDTYPE_PID)
+ 		nr = vx_rmap_pid(nr);
+ 	else if (type == PIDTYPE_REALPID)
+ 		type = PIDTYPE_PID;
 -	return pid_task(find_pid(nr), type);
-+	struct task_struct *task;
-+	
 +	task = pid_task(find_pid(nr), type);
 +
 +	if (gr_pid_is_chrooted(task))
@@ -25931,9 +25937,9 @@
 --- linux-2.6.19.1/kernel/printk.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/printk.c	2006-12-03 15:16:26.000000000 -0500
 @@ -32,6 +32,7 @@
- #include <linux/bootmem.h>
  #include <linux/syscalls.h>
  #include <linux/jiffies.h>
+ #include <linux/vs_cvirt.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
@@ -25954,9 +25960,9 @@
 --- linux-2.6.19.1/kernel/ptrace.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/ptrace.c	2006-12-03 15:16:26.000000000 -0500
 @@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
  #include <linux/security.h>
  #include <linux/signal.h>
+ #include <linux/vs_context.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/pgtable.h>
@@ -26037,26 +26043,26 @@
 -	if (increment < 0 && !can_nice(current, nice))
 +	if (increment < 0 && (!can_nice(current, nice) ||
 +			      gr_handle_chroot_nice()))
- 		return -EPERM;
+ 		return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
  
  	retval = security_task_setnice(current, nice);
 diff -urNp linux-2.6.19.1/kernel/signal.c linux-2.6.19.1/kernel/signal.c
 --- linux-2.6.19.1/kernel/signal.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/kernel/signal.c	2006-12-03 15:16:26.000000000 -0500
 @@ -23,6 +23,7 @@
- #include <linux/ptrace.h>
- #include <linux/signal.h>
  #include <linux/capability.h>
+ #include <linux/vs_context.h>
+ #include <linux/freezer.h>
 +#include <linux/grsecurity.h>
  #include <asm/param.h>
  #include <asm/uaccess.h>
  #include <asm/unistd.h>
-@@ -581,16 +582,18 @@ static int check_kill_permission(int sig
- 		return error;
+@@ -581,11 +582,11 @@ static int check_kill_permission(int sig
+ 		goto skip;
+ 
  	error = -EPERM;
- 	if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
--	    && ((sig != SIGCONT) ||
-+	    && ((((sig != SIGCONT) ||
+-	if (((sig != SIGCONT) ||
++	if (((((sig != SIGCONT) ||
  		(current->signal->session != t->signal->session))
  	    && (current->euid ^ t->suid) && (current->euid ^ t->uid)
  	    && (current->uid ^ t->suid) && (current->uid ^ t->uid)
@@ -26064,6 +26070,10 @@
 +	    && !capable(CAP_KILL)) || gr_handle_signal(t, sig)))
  		return error;
  
+ 	error = -ESRCH;
+@@ -604,8 +605,10 @@ static int check_kill_permission(int sig
+	}
+ skip:
  	error = security_task_kill(t, info, sig, 0);
 -	if (!error)
 +	if (!error) {
@@ -26288,7 +26298,7 @@
 @@ -93,6 +94,9 @@ asmlinkage long sys_stime(time_t __user 
  		return err;
  
- 	do_settimeofday(&tv);
+ 	vx_settimeofday(&tv);
 +
 +	gr_log_timechange();
 +
@@ -26719,9 +26729,9 @@
 --- linux-2.6.19.1/mm/mlock.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/mm/mlock.c	2006-12-03 15:16:26.000000000 -0500
 @@ -10,14 +10,85 @@
- #include <linux/mm.h>
  #include <linux/mempolicy.h>
  #include <linux/syscalls.h>
+ #include <linux/vs_memory.h>
 +#include <linux/grsecurity.h>
  
 +static int __mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
@@ -26843,7 +26853,7 @@
 -			ret = make_pages_present(start, end);
 -	}
 -
--	vma->vm_mm->locked_vm -= pages;
+-	vx_vmlocked_sub(vma->vm_mm, pages);
  out:
  	if (ret == -ENOMEM)
  		ret = -EAGAIN;
@@ -26895,9 +26905,9 @@
  
  	ret = -ENOMEM;
 +	gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
- 	if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
+ 	if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
  	    capable(CAP_IPC_LOCK))
- 		ret = do_mlockall(flags);
+		ret = do_mlockall(flags);
 diff -urNp linux-2.6.19.1/mm/mmap.c linux-2.6.19.1/mm/mmap.c
 --- linux-2.6.19.1/mm/mmap.c	2006-11-29 16:57:37.000000000 -0500
 +++ linux-2.6.19.1/mm/mmap.c	2006-12-03 15:16:26.000000000 -0500
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.9-2.6.19.1.patch?r1=1.1.2.2&r2=1.1.2.3&f=u



More information about the pld-cvs-commit mailing list