SPECS (LINUX_2_6_20): kernel.spec - added (not yet ready) pax_seli...

mguevara mguevara at pld-linux.org
Tue Mar 6 10:51:27 CET 2007 

Author: mguevara                     Date: Tue Mar  6 09:51:27 2007 GMT
Module: SPECS                         Tag: LINUX_2_6_20
---- Log message:
- added (not yet ready) pax_selinux_hooks-2.6.20.patch
- some commented stuff for PAX_KERNEXEC testing 

---- Files affected:
SPECS:
   kernel.spec (1.441.2.1698.2.58 -> 1.441.2.1698.2.59) 

---- Diffs:

================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1698.2.58 SPECS/kernel.spec:1.441.2.1698.2.59
--- SPECS/kernel.spec:1.441.2.1698.2.58	Fri Mar  2 13:32:39 2007
+++ SPECS/kernel.spec	Tue Mar  6 10:51:21 2007
@@ -21,11 +21,13 @@
 # - reiser4 builds
 # - layer7 builds
 # - TARPIT and ROUTE smp locking issues should be resolved
+# - pax & grsec_min builds on x86_64, fails on i686
 #
 # TODO 2.6.20.1
 # - fine-tune the ppc configs and test build on ppc
 # - test build on sparc, sparc64, alpha
 # - grsec_full and pax
+# - pax hooks for selinux (experimental)
 # - new alsa rc2 - 1.0.14rc2 is in 2.6.20-git10 tree
 # - spec cleanup
 # - test external modules
@@ -403,6 +405,8 @@
 #wanpipe
 #Patch3000:	wanpipe-beta7-2.3.4.patch
 
+Patch9997:	pax_selinux_hooks-2.6.20.patch
+
 # TODO: http://www.grsecurity.net/~paxguy1/pax-linux-2.6.20.1-test5.patch
 Patch9998:	pax-linux-2.6.20.patch
 
@@ -1103,7 +1107,6 @@
 %endif
 
 %if %{with pax}
-%patch9998 -p1
 # now we have an separate testing pax-only patch - in the future we 
 # could have single grsecurity patch and will have to prepare separate
 # configs for grsec_minimal, grsec_full and pax to support such 
@@ -1111,6 +1114,8 @@
 # So, in a future there could be no patch9998, but only config 
 # would tell which options should be enabled.
 # The second option is to maintain separate pax-only patch.
+%patch9998 -p1
+#patch9997 -p1 - needs update
 %endif
 
 %endif
@@ -1197,6 +1202,13 @@
 		%ifnarch i386 i486
 			sed -i 's:# CONFIG_PAX_NOVSYSCALL is not set:CONFIG_PAX_NOVSYSCALL=y:' $1
 		%endif
+
+		# Testing KERNEXEC
+
+		# sed -i 's:CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM=y:# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set:' $1
+		# sed -i 's:CONFIG_PCI_BIOS=y:# CONFIG_PCI_BIOS is not set:' $1
+		# sed -i 's:CONFIG_EFI=y:# CONFIG_EFI is not set:' $1
+		
 	%endif
 	%ifarch ppc64
 		sed -i 's:CONFIG_PAX_NOELFRELOCS=y:# CONFIG_PAX_NOELFRELOCS is not set:' $1
@@ -2060,6 +2072,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.1698.2.59  2007/03/06 09:51:21  mguevara
+- added (not yet ready) pax_selinux_hooks-2.6.20.patch
+- some commented stuff for PAX_KERNEXEC testing
+
 Revision 1.441.2.1698.2.58  2007/03/02 12:32:39  baggins
 - apply quota fix
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/kernel.spec?r1=1.441.2.1698.2.58&r2=1.441.2.1698.2.59&f=u

More information about the pld-cvs-commit mailing list