[packages/kernel/LINUX_3_10] fixes from linux-vserver mailing list

baggins baggins at pld-linux.org
Wed Nov 6 12:10:20 CET 2013 

commit 9292826ded8a22d2959724841afb5ca2e3165fa8
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Wed Nov 6 12:09:35 2013 +0100

    fixes from linux-vserver mailing list
    
    http://list.linux-vserver.org/archive?mss:6352:201311:ahjebcjaipglgokekhnj

 kernel-vserver-2.3.patch | 49 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 14 deletions(-)
---
diff --git a/kernel-vserver-2.3.patch b/kernel-vserver-2.3.patch
index 08840f2..abacb14 100644
--- a/kernel-vserver-2.3.patch
+++ b/kernel-vserver-2.3.patch
@@ -1362,7 +1362,7 @@ diff -NurpP --minimal linux-3.10.15/drivers/net/tun.c linux-3.10.15-vs2.3.6.6/dr
  			     MAX_TAP_QUEUES : 1;
  
 -		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
-+		if (!vx_ns_capable(net->user_ns, CAP_NET_ADMIN, NXC_TUN_CREATE))
++		if (!nx_ns_capable(net->user_ns, CAP_NET_ADMIN, NXC_TUN_CREATE))
  			return -EPERM;
  		err = security_tun_dev_create();
  		if (err < 0)
@@ -4851,6 +4851,16 @@ diff -NurpP --minimal linux-3.10.15/fs/namespace.c linux-3.10.15-vs2.3.6.6/fs/na
  	br_write_lock(&vfsmount_lock);
  	list_add_tail(&mnt->mnt_instance, &sb->s_mounts);
  	br_write_unlock(&vfsmount_lock);
+@@ -1301,7 +1301,8 @@ static int do_umount(struct mount *mnt,
+  */
+ static inline bool may_mount(void)
+ {
+-	return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
++	return vx_ns_capable(current->nsproxy->mnt_ns->user_ns,
++		CAP_SYS_ADMIN, VXC_SECURE_MOUNT);
+ }
+ 
+ /*
 @@ -1685,6 +1695,7 @@ static int do_change_type(struct path *p
  		if (err)
  			goto out_unlock;
@@ -6408,6 +6418,16 @@ diff -NurpP --minimal linux-3.10.15/fs/proc/root.c linux-3.10.15-vs2.3.6.6/fs/pr
  static int proc_test_super(struct super_block *sb, void *data)
  {
  	return sb->s_fs_info == data;
+@@ -116,7 +116,8 @@ static struct dentry *proc_mount(struct
+ 		options = data;
+ 
+ 		if (!current_user_ns()->may_mount_proc ||
+-		    !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
++		    !vx_ns_capable(ns->user_ns,
++			CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
+ 			return ERR_PTR(-EPERM);
+ 	}
+ 
 @@ -185,6 +190,7 @@ void __init proc_root_init(void)
  #endif
  	proc_mkdir("bus", NULL);
@@ -10099,7 +10119,7 @@ diff -NurpP --minimal linux-3.10.15/include/linux/vs_time.h linux-3.10.15-vs2.3.
 diff -NurpP --minimal linux-3.10.15/include/linux/vserver/base.h linux-3.10.15-vs2.3.6.6/include/linux/vserver/base.h
 --- linux-3.10.15/include/linux/vserver/base.h	1970-01-01 00:00:00.000000000 +0000
 +++ linux-3.10.15-vs2.3.6.6/include/linux/vserver/base.h	2013-08-22 20:30:00.000000000 +0000
-@@ -0,0 +1,181 @@
+@@ -0,0 +1,184 @@
 +#ifndef _VSERVER_BASE_H
 +#define _VSERVER_BASE_H
 +
@@ -10245,6 +10265,9 @@ diff -NurpP --minimal linux-3.10.15/include/linux/vserver/base.h linux-3.10.15-v
 +#define nx_capable(b, c) (capable(b) || \
 +	(cap_raised(current_cap(), b) && nx_ncaps(c)))
 +
++#define nx_ns_capable(n, b, c) (ns_capable(n, b) || \
++	(cap_raised(current_cap(), b) && nx_ncaps(c)))
++
 +#define vx_task_initpid(t, n) \
 +	((t)->vx_info && \
 +	((t)->vx_info->vx_initpid == (n)))
@@ -12685,8 +12708,8 @@ diff -NurpP --minimal linux-3.10.15/include/uapi/vserver/context.h linux-3.10.15
 +#define VXC_OOM_ADJUST		0x00002000
 +#define VXC_AUDIT_CONTROL	0x00004000
 +
-+/* #define VXC_SECURE_MOUNT	0x00010000
-+#define VXC_SECURE_REMOUNT	0x00020000 */
++#define VXC_SECURE_MOUNT	0x00010000
++/* #define VXC_SECURE_REMOUNT	0x00020000 */
 +#define VXC_BINARY_MOUNT	0x00040000
 +#define VXC_DEV_MOUNT		0x00080000
 +
@@ -15076,7 +15099,7 @@ diff -NurpP --minimal linux-3.10.15/kernel/utsname.c linux-3.10.15-vs2.3.6.6/ker
 diff -NurpP --minimal linux-3.10.15/kernel/vserver/Kconfig linux-3.10.15-vs2.3.6.6/kernel/vserver/Kconfig
 --- linux-3.10.15/kernel/vserver/Kconfig	1970-01-01 00:00:00.000000000 +0000
 +++ linux-3.10.15-vs2.3.6.6/kernel/vserver/Kconfig	2013-08-22 20:30:00.000000000 +0000
-@@ -0,0 +1,233 @@
+@@ -0,0 +1,230 @@
 +#
 +# Linux VServer configuration
 +#
@@ -15092,9 +15115,8 @@ diff -NurpP --minimal linux-3.10.15/kernel/vserver/Kconfig linux-3.10.15-vs2.3.6
 +	  startup.
 +
 +config	VSERVER_AUTO_SINGLE
-+	bool	"Automatic Single IP Special Casing"
-+	depends on EXPERIMENTAL
-+	default y
++	bool	"Automatic Single IP Special Casing (EXPERIMENTAL)"
++	default n
 +	help
 +	  This allows network contexts with a single IP to
 +	  automatically remap 0.0.0.0 bindings to that IP,
@@ -15114,8 +15136,7 @@ diff -NurpP --minimal linux-3.10.15/kernel/vserver/Kconfig linux-3.10.15-vs2.3.6
 +	  link and create a copy of the unified file)
 +
 +config	VSERVER_VTIME
-+	bool	"Enable Virtualized Guest Time"
-+	depends on EXPERIMENTAL
++	bool	"Enable Virtualized Guest Time (EXPERIMENTAL)"
 +	default n
 +	help
 +	  This enables per guest time offsets to allow for
@@ -15124,8 +15145,7 @@ diff -NurpP --minimal linux-3.10.15/kernel/vserver/Kconfig linux-3.10.15-vs2.3.6
 +	  therefore should not be enabled without good reason.
 +
 +config	VSERVER_DEVICE
-+	bool	"Enable Guest Device Mapping"
-+	depends on EXPERIMENTAL
++	bool	"Enable Guest Device Mapping (EXPERIMENTAL)"
 +	default n
 +	help
 +	  This enables generic device remapping.
@@ -24194,10 +24214,11 @@ diff -NurpP --minimal linux-3.10.15/net/core/sock.c linux-3.10.15-vs2.3.6.6/net/
  		/*
  		 * Increment the counter in the same struct proto as the master
  		 * sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that
-@@ -2271,6 +2290,12 @@ void sock_init_data(struct socket *sock,
- 
+@@ -2291,6 +2291,13 @@ void sock_init_data(struct socket *sock,
  	sk->sk_stamp = ktime_set(-1L, 0);
  
+ 	sk->sk_pacing_rate = ~0U;
++
 +	set_vx_info(&sk->sk_vx_info, current_vx_info());
 +	sk->sk_xid = vx_current_xid();
 +	vx_sock_inc(sk);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/44a263a6955ed5bb17c792a1b6103c44d9c3f534

More information about the pld-cvs-commit mailing list