SOURCES (LINUX_2_6): linux-2.6-grsec-minimal.patch - updated for 2.6.25
zbyniu
zbyniu at pld-linux.org
Thu May 8 01:45:31 CEST 2008
Author: zbyniu Date: Wed May 7 23:45:31 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated for 2.6.25
---- Files affected:
SOURCES:
linux-2.6-grsec-minimal.patch (1.1.2.28 -> 1.1.2.29)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec-minimal.patch
diff -u SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.28 SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.29
--- SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.28 Tue May 6 11:15:26 2008
+++ SOURCES/linux-2.6-grsec-minimal.patch Thu May 8 01:45:25 2008
@@ -1,6 +1,6 @@
-diff -urNp linux-2.6.24.5/arch/sparc/Makefile linux-2.6.24.5/arch/sparc/Makefile
---- linux-2.6.24.5/arch/sparc/Makefile 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/arch/sparc/Makefile 2008-03-26 20:21:07.000000000 -0400
+diff -urNp linux-2.6.25.orig/arch/sparc/Makefile linux-2.6.25/arch/sparc/Makefile
+--- linux-2.6.25.orig/arch/sparc/Makefile 2008-04-25 15:09:15.000000000 +0200
++++ linux-2.6.25/arch/sparc/Makefile 2008-04-25 15:10:25.000000000 +0200
@@ -36,7 +36,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
# Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
@@ -10,10 +10,10 @@
CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
-diff -urNp linux-2.6.24.5/Makefile linux-2.6.24.5/Makefile
---- linux-2.6.24.5/Makefile 2008-04-17 20:05:17.000000000 -0400
-+++ linux-2.6.24.5/Makefile 2008-04-17 20:05:00.000000000 -0400
-@@ -597,7 +597,7 @@ export mod_strip_cmd
+diff -urNp linux-2.6.25.orig/Makefile linux-2.6.25/Makefile
+--- linux-2.6.25.orig/Makefile 2008-04-25 15:09:13.000000000 +0200
++++ linux-2.6.25/Makefile 2008-04-25 15:10:25.000000000 +0200
+@@ -603,7 +603,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -22,10 +22,10 @@
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-diff -urNp linux-2.6.24.5/drivers/char/keyboard.c linux-2.6.24.5/drivers/char/keyboard.c
---- linux-2.6.24.5/drivers/char/keyboard.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/drivers/char/keyboard.c 2008-03-26 20:21:08.000000000 -0400
-@@ -631,6 +631,16 @@ static void k_spec(struct vc_data *vc, u
+diff -urNp linux-2.6.25.orig/drivers/char/keyboard.c linux-2.6.25/drivers/char/keyboard.c
+--- linux-2.6.25.orig/drivers/char/keyboard.c 2008-04-25 15:09:06.000000000 +0200
++++ linux-2.6.25/drivers/char/keyboard.c 2008-04-25 15:10:25.000000000 +0200
+@@ -630,6 +630,16 @@ static void k_spec(struct vc_data *vc, u
kbd->kbdmode == VC_MEDIUMRAW) &&
value != KVAL(K_SAK))
return; /* SAK is allowed even in raw mode */
@@ -42,10 +42,10 @@
fn_handler[value](vc);
}
-diff -urNp linux-2.6.24.5/drivers/pci/proc.c linux-2.6.24.5/drivers/pci/proc.c
---- linux-2.6.24.5/drivers/pci/proc.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/drivers/pci/proc.c 2008-03-26 20:21:08.000000000 -0400
-@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
+diff -urNp linux-2.6.25.orig/drivers/pci/proc.c linux-2.6.25/drivers/pci/proc.c
+--- linux-2.6.25.orig/drivers/pci/proc.c 2008-04-25 15:09:08.000000000 +0200
++++ linux-2.6.25/drivers/pci/proc.c 2008-04-25 15:10:25.000000000 +0200
+@@ -472,7 +472,15 @@ static int __init pci_proc_init(void)
{
struct proc_dir_entry *entry;
struct pci_dev *dev = NULL;
@@ -61,10 +61,10 @@
entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
if (entry)
entry->proc_fops = &proc_bus_pci_dev_operations;
-diff -urNp linux-2.6.24.5/fs/Kconfig linux-2.6.24.5/fs/Kconfig
---- linux-2.6.24.5/fs/Kconfig 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/Kconfig 2008-03-26 20:21:08.000000000 -0400
-@@ -937,7 +937,7 @@ config PROC_FS
+diff -urNp linux-2.6.25.orig/fs/Kconfig linux-2.6.25/fs/Kconfig
+--- linux-2.6.25.orig/fs/Kconfig 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/Kconfig 2008-04-25 15:10:25.000000000 +0200
+@@ -899,7 +899,7 @@ config PROC_FS
config PROC_KCORE
bool "/proc/kcore support" if !ARM
@@ -73,9 +73,9 @@
config PROC_VMCORE
bool "/proc/vmcore support (EXPERIMENTAL)"
-diff -urNp linux-2.6.24.5/fs/namei.c linux-2.6.24.5/fs/namei.c
---- linux-2.6.24.5/fs/namei.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/namei.c 2008-03-26 20:21:08.000000000 -0400
+diff -urNp linux-2.6.25.orig/fs/namei.c linux-2.6.25/fs/namei.c
+--- linux-2.6.25.orig/fs/namei.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/namei.c 2008-04-25 15:10:25.000000000 +0200
@@ -37,6 +37,7 @@
#include <linux/vs_cowbl.h>
#include <linux/vs_device.h>
@@ -84,13 +84,13 @@
#include <asm/namei.h>
#include <asm/uaccess.h>
-@@ -689,6 +690,13 @@ static inline int do_follow_link(struct
+@@ -729,6 +730,13 @@ static inline int do_follow_link(struct
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
+
+ if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
-+ path->dentry->d_inode, path->dentry, nd->mnt)) {
++ path->dentry->d_inode, path->dentry)) {
+ err = -EACCES;
+ goto loop;
+ }
@@ -98,12 +98,12 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1856,6 +1864,13 @@ do_last:
+@@ -1859,6 +1867,13 @@ do_last:
/*
* It already exists.
*/
+
-+ if (gr_handle_fifo(path.dentry, nd->mnt, dir, flag, acc_mode)) {
++ if (gr_handle_fifo(path.dentry, dir, flag, acc_mode)) {
+ mutex_unlock(&dir->d_inode->i_mutex);
+ error = -EACCES;
+ goto exit_dput;
@@ -112,13 +112,13 @@
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path.dentry);
-@@ -1927,6 +1942,13 @@ do_link:
+@@ -1930,6 +1945,13 @@ do_link:
error = security_inode_follow_link(path.dentry, nd);
if (error)
goto exit_dput;
+
+ if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
-+ path.dentry, nd->mnt)) {
++ path.dentry)) {
+ error = -EACCES;
+ goto exit_dput;
+ }
@@ -126,73 +126,75 @@
error = __do_follow_link(&path, nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2509,7 +2531,16 @@ asmlinkage long sys_linkat(int olddfd, c
+@@ -2514,8 +2536,16 @@ asmlinkage long sys_linkat(int olddfd, c
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
+
-+ if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
-+ old_nd.dentry->d_inode,
-+ old_nd.dentry->d_inode->i_mode, to)) {
++ if (gr_handle_hardlink(old_nd.path.dentry, old_nd.path.dentry->d_inode,
++ old_nd.path.dentry->d_inode->i_mode, to)) {
+ error = -EACCES;
+ goto out_unlock_dput;
+ }
+
- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry, &nd);
+ error = vfs_link(old_nd.path.dentry, nd.path.dentry->d_inode,
+ new_dentry, &nd);
+out_unlock_dput:
dput(new_dentry);
out_unlock:
- mutex_unlock(&nd.dentry->d_inode->i_mutex);
-diff -urNp linux-2.6.24.5/fs/proc/array.c linux-2.6.24.5/fs/proc/array.c
---- linux-2.6.24.5/fs/proc/array.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/proc/array.c 2008-03-26 20:21:08.000000000 -0400
-@@ -629,3 +629,14 @@ int proc_pid_statm(struct task_struct *t
- return sprintf(buffer, "%d %d %d %d %d %d %d\n",
- size, resident, shared, text, lib, data, 0);
+ mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
+diff -urNp linux-2.6.25.orig/fs/proc/array.c linux-2.6.25/fs/proc/array.c
+--- linux-2.6.25.orig/fs/proc/array.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/proc/array.c 2008-04-25 15:10:25.000000000 +0200
+@@ -637,3 +637,15 @@ int proc_pid_statm(struct seq_file *m, s
+
+ return 0;
}
+
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+int proc_pid_ipaddr(struct task_struct *task, char * buffer)
++int proc_pid_ipaddr(struct seq_file *m, struct pid_namespace *ns,
++ struct pid *pid, struct task_struct *task)
+{
+ int len;
+
-+ len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
++ len = seq_printf(m, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
+ return len;
+}
+#endif
+
-diff -urNp linux-2.6.24.5/fs/proc/inode.c linux-2.6.24.5/fs/proc/inode.c
---- linux-2.6.24.5/fs/proc/inode.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/proc/inode.c 2008-03-26 20:21:08.000000000 -0400
-@@ -411,7 +411,11 @@ struct inode *proc_get_inode(struct supe
- if (de->mode) {
- inode->i_mode = de->mode;
- inode->i_uid = de->uid;
+diff -urNp linux-2.6.25.orig/fs/proc/inode.c linux-2.6.25/fs/proc/inode.c
+--- linux-2.6.25.orig/fs/proc/inode.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/proc/inode.c 2008-04-25 15:10:25.000000000 +0200
+@@ -406,7 +406,11 @@ struct inode *proc_get_inode(struct supe
+ if (de->mode) {
+ inode->i_mode = de->mode;
+ inode->i_uid = de->uid;
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++ inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
+#else
- inode->i_gid = de->gid;
+ inode->i_gid = de->gid;
+#endif
- }
+ }
if (de->vx_flags)
PROC_I(inode)->vx_flags = de->vx_flags;
-diff -urNp linux-2.6.24.5/fs/proc/internal.h linux-2.6.24.5/fs/proc/internal.h
---- linux-2.6.24.5/fs/proc/internal.h 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/proc/internal.h 2008-03-26 20:21:08.000000000 -0400
-@@ -54,6 +54,9 @@ extern int proc_tgid_stat(struct task_st
- extern int proc_pid_status(struct task_struct *, char *);
- extern int proc_pid_statm(struct task_struct *, char *);
- extern int proc_pid_nsproxy(struct task_struct *, char *);
+diff -urNp linux-2.6.25.orig/fs/proc/internal.h linux-2.6.25/fs/proc/internal.h
+--- linux-2.6.25.orig/fs/proc/internal.h 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/proc/internal.h 2008-04-25 15:10:25.000000000 +0200
+@@ -60,6 +60,10 @@ extern int proc_pid_statm(struct seq_fil
+ struct pid *pid, struct task_struct *task);
+ extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
+ struct pid *pid, struct task_struct *task);
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+extern int proc_pid_ipaddr(struct task_struct*,char*);
++extern int proc_pid_ipaddr(struct seq_file *m, struct pid_namespace *ns,
++ struct pid *pid, struct task_struct *task);
+#endif
- extern const struct file_operations proc_maps_operations;
- extern const struct file_operations proc_numa_maps_operations;
-diff -urNp linux-2.6.24.5/fs/proc/proc_misc.c linux-2.6.24.5/fs/proc/proc_misc.c
---- linux-2.6.24.5/fs/proc/proc_misc.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/proc/proc_misc.c 2008-03-26 20:21:08.000000000 -0400
-@@ -707,6 +707,8 @@ void create_seq_entry(char *name, mode_t
+ extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
+
+diff -urNp linux-2.6.25.orig/fs/proc/proc_misc.c linux-2.6.25/fs/proc/proc_misc.c
+--- linux-2.6.25.orig/fs/proc/proc_misc.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/proc/proc_misc.c 2008-04-25 15:10:25.000000000 +0200
+@@ -843,6 +843,8 @@ void create_seq_entry(char *name, mode_t
void __init proc_misc_init(void)
{
@@ -201,7 +203,7 @@
static struct {
char *name;
int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -722,13 +724,24 @@ void __init proc_misc_init(void)
+@@ -858,13 +860,24 @@ void __init proc_misc_init(void)
{"stram", stram_read_proc},
#endif
{"filesystems", filesystems_read_proc},
@@ -226,7 +228,7 @@
proc_symlink("mounts", NULL, "self/mounts");
/* And now for trickier ones */
-@@ -741,7 +754,11 @@ void __init proc_misc_init(void)
+@@ -877,7 +890,11 @@ void __init proc_misc_init(void)
}
#endif
create_seq_entry("locks", 0, &proc_locks_operations);
@@ -238,7 +240,7 @@
create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
#ifdef CONFIG_BLOCK
create_seq_entry("partitions", 0, &proc_partitions_operations);
-@@ -749,7 +766,11 @@ void __init proc_misc_init(void)
+@@ -885,7 +902,11 @@ void __init proc_misc_init(void)
create_seq_entry("stat", 0, &proc_stat_operations);
create_seq_entry("interrupts", 0, &proc_interrupts_operations);
#ifdef CONFIG_SLABINFO
@@ -250,7 +252,7 @@
#ifdef CONFIG_DEBUG_SLAB_LEAK
create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
#endif
-@@ -767,7 +788,7 @@ void __init proc_misc_init(void)
+@@ -903,7 +924,7 @@ void __init proc_misc_init(void)
#ifdef CONFIG_SCHEDSTATS
create_seq_entry("schedstat", 0, &proc_schedstat_operations);
#endif
@@ -259,9 +261,9 @@
proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
if (proc_root_kcore) {
proc_root_kcore->proc_fops = &proc_kcore_operations;
-diff -urNp linux-2.6.24.5/fs/proc/root.c linux-2.6.24.5/fs/proc/root.c
---- linux-2.6.24.5/fs/proc/root.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/fs/proc/root.c 2008-03-26 20:21:08.000000000 -0400
+diff -urNp linux-2.6.25.orig/fs/proc/root.c linux-2.6.25/fs/proc/root.c
+--- linux-2.6.25.orig/fs/proc/root.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/fs/proc/root.c 2008-04-25 15:10:25.000000000 +0200
@@ -140,7 +140,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
@@ -278,9 +280,9 @@
proc_vx_init();
proc_sys_init();
}
-diff -urNp linux-2.6.24.5/grsecurity/Kconfig linux-2.6.24.5/grsecurity/Kconfig
---- linux-2.6.24.5/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/Kconfig 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/Kconfig linux-2.6.25/grsecurity/Kconfig
+--- linux-2.6.25.orig/grsecurity/Kconfig 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/Kconfig 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,123 @@
+#
+# grecurity configuration
@@ -405,9 +407,9 @@
+ the sysctl entries.
+
+endmenu
-diff -urNp linux-2.6.24.5/grsecurity/Makefile linux-2.6.24.5/grsecurity/Makefile
---- linux-2.6.24.5/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/Makefile 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/Makefile linux-2.6.25/grsecurity/Makefile
+--- linux-2.6.25.orig/grsecurity/Makefile 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/Makefile 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,11 @@
+# All code in this directory and various hooks inserted throughout the kernel
+# are copyright Brad Spengler, and released under the GPL v2 or higher
@@ -420,9 +422,9 @@
+obj-y += grsec_disabled.o
+endif
+
-diff -urNp linux-2.6.24.5/grsecurity/grsec_disabled.c linux-2.6.24.5/grsecurity/grsec_disabled.c
---- linux-2.6.24.5/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_disabled.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_disabled.c linux-2.6.25/grsecurity/grsec_disabled.c
+--- linux-2.6.25.orig/grsecurity/grsec_disabled.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_disabled.c 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,6 @@
+void
+grsecurity_init(void)
@@ -430,9 +432,9 @@
+ return;
+}
+
-diff -urNp linux-2.6.24.5/grsecurity/grsec_fifo.c linux-2.6.24.5/grsecurity/grsec_fifo.c
---- linux-2.6.24.5/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_fifo.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_fifo.c linux-2.6.25/grsecurity/grsec_fifo.c
+--- linux-2.6.25.orig/grsecurity/grsec_fifo.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_fifo.c 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,21 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -441,8 +443,8 @@
+#include <linux/grinternal.h>
+
+int
-+gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
-+ const struct dentry *dir, const int flag, const int acc_mode)
++gr_handle_fifo(const struct dentry *dentry, const struct dentry *dir,
++ const int flag, const int acc_mode)
+{
+#ifdef CONFIG_GRKERNSEC_FIFO
+ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
@@ -455,9 +457,9 @@
+#endif
+ return 0;
+}
-diff -urNp linux-2.6.24.5/grsecurity/grsec_init.c linux-2.6.24.5/grsecurity/grsec_init.c
---- linux-2.6.24.5/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_init.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_init.c linux-2.6.25/grsecurity/grsec_init.c
+--- linux-2.6.25.orig/grsecurity/grsec_init.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_init.c 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,29 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -488,10 +490,10 @@
+
+ return;
+}
-diff -urNp linux-2.6.24.5/grsecurity/grsec_link.c linux-2.6.24.5/grsecurity/grsec_link.c
---- linux-2.6.24.5/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_link.c 2008-03-26 20:21:09.000000000 -0400
-@@ -0,0 +1,37 @@
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_link.c linux-2.6.25/grsecurity/grsec_link.c
+--- linux-2.6.25.orig/grsecurity/grsec_link.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_link.c 2008-04-25 15:10:25.000000000 +0200
+@@ -0,0 +1,36 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/fs.h>
@@ -501,7 +503,7 @@
+int
+gr_handle_follow_link(const struct inode *parent,
+ const struct inode *inode,
-+ const struct dentry *dentry, const struct vfsmount *mnt)
++ const struct dentry *dentry)
+{
+#ifdef CONFIG_GRKERNSEC_LINK
+ if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
@@ -514,9 +516,8 @@
+}
+
+int
-+gr_handle_hardlink(const struct dentry *dentry,
-+ const struct vfsmount *mnt,
-+ struct inode *inode, const int mode, const char *to)
++gr_handle_hardlink(const struct dentry *dentry, struct inode *inode,
++ const int mode, const char *to)
+{
+#ifdef CONFIG_GRKERNSEC_LINK
+ if (grsec_enable_link && current->fsuid != inode->i_uid &&
@@ -529,9 +530,9 @@
+#endif
+ return 0;
+}
-diff -urNp linux-2.6.24.5/grsecurity/grsec_sock.c linux-2.6.24.5/grsecurity/grsec_sock.c
---- linux-2.6.24.5/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_sock.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_sock.c linux-2.6.25/grsecurity/grsec_sock.c
+--- linux-2.6.25.orig/grsecurity/grsec_sock.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_sock.c 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,167 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -700,9 +701,9 @@
+ return;
+}
+
-diff -urNp linux-2.6.24.5/grsecurity/grsec_sysctl.c linux-2.6.24.5/grsecurity/grsec_sysctl.c
---- linux-2.6.24.5/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/grsecurity/grsec_sysctl.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/grsecurity/grsec_sysctl.c linux-2.6.25/grsecurity/grsec_sysctl.c
+--- linux-2.6.25.orig/grsecurity/grsec_sysctl.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/grsecurity/grsec_sysctl.c 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,52 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -756,9 +757,9 @@
+ { .ctl_name = 0 }
+};
+#endif
-diff -urNp linux-2.6.24.5/include/linux/grinternal.h linux-2.6.24.5/include/linux/grinternal.h
---- linux-2.6.24.5/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/include/linux/grinternal.h 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/include/linux/grinternal.h linux-2.6.25/include/linux/grinternal.h
+--- linux-2.6.25.orig/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/include/linux/grinternal.h 2008-04-25 15:10:25.000000000 +0200
@@ -0,0 +1,14 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -774,10 +775,10 @@
+#endif
+
+#endif
-diff -urNp linux-2.6.24.5/include/linux/grsecurity.h linux-2.6.24.5/include/linux/grsecurity.h
---- linux-2.6.24.5/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.24.5/include/linux/grsecurity.h 2008-03-26 20:21:09.000000000 -0400
-@@ -0,0 +1,21 @@
+diff -urNp linux-2.6.25.orig/include/linux/grsecurity.h linux-2.6.25/include/linux/grsecurity.h
+--- linux-2.6.25.orig/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.25/include/linux/grsecurity.h 2008-04-25 15:10:25.000000000 +0200
+@@ -0,0 +1,18 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -787,22 +788,19 @@
+
+int gr_handle_follow_link(const struct inode *parent,
+ const struct inode *inode,
-+ const struct dentry *dentry,
-+ const struct vfsmount *mnt);
++ const struct dentry *dentry);
+int gr_handle_fifo(const struct dentry *dentry,
-+ const struct vfsmount *mnt,
+ const struct dentry *dir, const int flag,
+ const int acc_mode);
+int gr_handle_hardlink(const struct dentry *dentry,
-+ const struct vfsmount *mnt,
+ struct inode *inode,
+ const int mode, const char *to);
+
+#endif
-diff -urNp linux-2.6.24.5/include/linux/sched.h linux-2.6.24.5/include/linux/sched.h
---- linux-2.6.24.5/include/linux/sched.h 2008-04-17 20:05:17.000000000 -0400
-+++ linux-2.6.24.5/include/linux/sched.h 2008-04-17 20:05:01.000000000 -0400
-@@ -510,6 +510,15 @@ struct signal_struct {
+diff -urNp linux-2.6.25.orig/include/linux/sched.h linux-2.6.25/include/linux/sched.h
+--- linux-2.6.25.orig/include/linux/sched.h 2008-04-25 15:09:05.000000000 +0200
++++ linux-2.6.25/include/linux/sched.h 2008-04-25 15:10:25.000000000 +0200
+@@ -544,6 +544,15 @@ struct signal_struct {
unsigned audit_tty;
struct tty_audit_buf *tty_audit_buf;
#endif
@@ -818,10 +816,10 @@
};
/* Context switch must be unlocked if interrupts are to be enabled */
-diff -urNp linux-2.6.24.5/include/linux/sysctl.h linux-2.6.24.5/include/linux/sysctl.h
---- linux-2.6.24.5/include/linux/sysctl.h 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/include/linux/sysctl.h 2008-03-26 20:21:09.000000000 -0400
-@@ -166,8 +166,11 @@ enum
+diff -urNp linux-2.6.25.orig/include/linux/sysctl.h linux-2.6.25/include/linux/sysctl.h
+--- linux-2.6.25.orig/include/linux/sysctl.h 2008-04-25 15:09:05.000000000 +0200
++++ linux-2.6.25/include/linux/sysctl.h 2008-04-25 15:10:25.000000000 +0200
+@@ -165,8 +165,11 @@ enum
KERN_MAX_LOCK_DEPTH=74,
KERN_NMI_WATCHDOG=75, /* int: enable/disable nmi watchdog */
KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
@@ -834,9 +832,9 @@
/* CTL_VM names: */
-diff -urNp linux-2.6.24.5/kernel/configs.c linux-2.6.24.5/kernel/configs.c
---- linux-2.6.24.5/kernel/configs.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/kernel/configs.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/kernel/configs.c linux-2.6.25/kernel/configs.c
+--- linux-2.6.25.orig/kernel/configs.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/kernel/configs.c 2008-04-25 15:10:25.000000000 +0200
@@ -79,8 +79,16 @@ static int __init ikconfig_init(void)
struct proc_dir_entry *entry;
@@ -854,9 +852,9 @@
if (!entry)
return -ENOMEM;
-diff -urNp linux-2.6.24.5/kernel/exit.c linux-2.6.24.5/kernel/exit.c
---- linux-2.6.24.5/kernel/exit.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/kernel/exit.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/kernel/exit.c linux-2.6.25/kernel/exit.c
+--- linux-2.6.25.orig/kernel/exit.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/kernel/exit.c 2008-04-25 15:10:25.000000000 +0200
@@ -49,6 +49,7 @@
#include <linux/vs_network.h>
#include <linux/vs_pid.h>
@@ -865,7 +863,7 @@
#include <asm/uaccess.h>
#include <asm/unistd.h>
-@@ -127,6 +128,7 @@ static void __exit_signal(struct task_st
+@@ -125,6 +126,7 @@ static void __exit_signal(struct task_st
__unhash_process(tsk);
@@ -873,10 +871,10 @@
tsk->signal = NULL;
tsk->sighand = NULL;
spin_unlock(&sighand->siglock);
-diff -urNp linux-2.6.24.5/kernel/kallsyms.c linux-2.6.24.5/kernel/kallsyms.c
---- linux-2.6.24.5/kernel/kallsyms.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/kernel/kallsyms.c 2008-03-26 20:21:09.000000000 -0400
-@@ -486,7 +486,15 @@ static int __init kallsyms_init(void)
+diff -urNp linux-2.6.25.orig/kernel/kallsyms.c linux-2.6.25/kernel/kallsyms.c
+--- linux-2.6.25.orig/kernel/kallsyms.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/kernel/kallsyms.c 2008-04-25 15:10:25.000000000 +0200
+@@ -474,7 +474,15 @@ static int __init kallsyms_init(void)
{
struct proc_dir_entry *entry;
@@ -892,9 +890,9 @@
if (entry)
entry->proc_fops = &kallsyms_operations;
return 0;
-diff -urNp linux-2.6.24.5/kernel/resource.c linux-2.6.24.5/kernel/resource.c
---- linux-2.6.24.5/kernel/resource.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/kernel/resource.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/kernel/resource.c linux-2.6.25/kernel/resource.c
+--- linux-2.6.25.orig/kernel/resource.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/kernel/resource.c 2008-04-25 15:10:25.000000000 +0200
@@ -133,10 +133,27 @@ static int __init ioresources_init(void)
{
struct proc_dir_entry *entry;
@@ -923,9 +921,9 @@
if (entry)
entry->proc_fops = &proc_iomem_operations;
return 0;
-diff -urNp linux-2.6.24.5/kernel/sysctl.c linux-2.6.24.5/kernel/sysctl.c
---- linux-2.6.24.5/kernel/sysctl.c 2008-03-24 14:49:18.000000000 -0400
-+++ linux-2.6.24.5/kernel/sysctl.c 2008-03-26 20:21:09.000000000 -0400
+diff -urNp linux-2.6.25.orig/kernel/sysctl.c linux-2.6.25/kernel/sysctl.c
+--- linux-2.6.25.orig/kernel/sysctl.c 2008-04-25 15:09:12.000000000 +0200
++++ linux-2.6.25/kernel/sysctl.c 2008-04-25 15:10:25.000000000 +0200
@@ -58,6 +58,11 @@
static int deprecated_sysctl_warning(struct __sysctl_args *args);
@@ -938,20 +936,15 @@
/* External variables not in a header file. */
extern int C_A_D;
-@@ -155,10 +160,11 @@ static int proc_do_cad_pid(struct ctl_ta
+@@ -157,6 +162,7 @@ static int proc_do_cad_pid(struct ctl_ta
static int proc_dointvec_taint(struct ctl_table *table, int write, struct file *filp,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
+extern ctl_table grsecurity_table[];
static struct ctl_table root_table[];
- static struct ctl_table_header root_table_header =
-- { root_table, LIST_HEAD_INIT(root_table_header.ctl_entry) };
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec-minimal.patch?r1=1.1.2.28&r2=1.1.2.29&f=u
More information about the pld-cvs-commit
mailing list