Author: hawk Date: Mon Mar 26 15:53:44 2007 GMT
Module: SOURCES Tag: hawk-LINUX_2_6
---- Log message:
- updated from grsecurity-2.1.10-2.6.20.3-200703231034.patch
---- Files affected:
SOURCES:
linux-2.6-grsec-minimal.patch (1.1.2.20.4.3 -> 1.1.2.20.4.4)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec-minimal.patch
diff -u SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20.4.3
SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20.4.4
--- SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20.4.3 Wed Feb 14 10:15:51 2007
+++ SOURCES/linux-2.6-grsec-minimal.patch Mon Mar 26 17:53:38 2007
@@ -1,7 +1,7 @@
-diff -urNP linux-2.6.19.2/arch/sparc/Makefile
linux-2.6.19.2/arch/sparc/Makefile
---- linux-2.6.19.2/arch/sparc/Makefile 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/arch/sparc/Makefile 2007-01-20 17:29:54.000000000 -0500
-@@ -36,7 +36,7 @@
+diff -urNp linux-2.6.20.3/arch/sparc/Makefile
linux-2.6.20.3/arch/sparc/Makefile
+--- linux-2.6.20.3/arch/sparc/Makefile 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/arch/sparc/Makefile 2007-03-23 08:11:18.000000000 -0400
+@@ -36,7 +36,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc
# Renaming is done to avoid confusing pattern matching rules in 2.5.45
(multy-)
INIT_Y := $(patsubst %/, %/built-in.o, $(init-y))
CORE_Y := $(core-y)
@@ -10,10 +10,10 @@
CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y))
DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y))
NET_Y := $(patsubst %/, %/built-in.o, $(net-y))
-diff -urNP linux-2.6.19.2/Makefile linux-2.6.19.2/Makefile
---- linux-2.6.19.2/Makefile 2007-01-12 11:32:03.000000000 -0500
-+++ linux-2.6.19.2/Makefile 2007-01-20 17:29:55.000000000 -0500
-@@ -559,7 +559,7 @@
+diff -urNp linux-2.6.20.3/Makefile linux-2.6.20.3/Makefile
+--- linux-2.6.20.3/Makefile 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/Makefile 2007-03-23 08:11:31.000000000 -0400
+@@ -553,7 +553,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -22,10 +22,10 @@
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-diff -urNP linux-2.6.19.2/drivers/char/keyboard.c
linux-2.6.19.2/drivers/char/keyboard.c
---- linux-2.6.19.2/drivers/char/keyboard.c 2006-11-29 16:57:37.000000000
-0500
-+++ linux-2.6.19.2/drivers/char/keyboard.c 2007-01-20 17:29:55.000000000
-0500
-@@ -628,6 +628,16 @@
+diff -urNp linux-2.6.20.3/drivers/char/keyboard.c
linux-2.6.20.3/drivers/char/keyboard.c
+--- linux-2.6.20.3/drivers/char/keyboard.c 2007-03-13 14:27:08.000000000
-0400
++++ linux-2.6.20.3/drivers/char/keyboard.c 2007-03-23 08:11:31.000000000
-0400
+@@ -628,6 +628,16 @@ static void k_spec(struct vc_data *vc, u
kbd->kbdmode == VC_MEDIUMRAW) &&
value != KVAL(K_SAK))
return; /* SAK is allowed even in raw mode */
@@ -42,10 +42,10 @@
fn_handler[value](vc);
}
-diff -urNP linux-2.6.19.2/drivers/pci/proc.c linux-2.6.19.2/drivers/pci/proc.c
---- linux-2.6.19.2/drivers/pci/proc.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/drivers/pci/proc.c 2007-01-20 17:29:55.000000000 -0500
-@@ -467,7 +467,15 @@
+diff -urNp linux-2.6.20.3/drivers/pci/proc.c linux-2.6.20.3/drivers/pci/proc.c
+--- linux-2.6.20.3/drivers/pci/proc.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/drivers/pci/proc.c 2007-03-23 08:11:31.000000000 -0400
+@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
{
struct proc_dir_entry *entry;
struct pci_dev *dev = NULL;
@@ -61,10 +61,10 @@
entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
if (entry)
entry->proc_fops = &proc_bus_pci_dev_operations;
-diff -urNP linux-2.6.19.2/fs/Kconfig linux-2.6.19.2/fs/Kconfig
---- linux-2.6.19.2/fs/Kconfig 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/Kconfig 2007-01-20 17:29:55.000000000 -0500
-@@ -929,7 +929,7 @@
+diff -urNp linux-2.6.20.3/fs/Kconfig linux-2.6.20.3/fs/Kconfig
+--- linux-2.6.20.3/fs/Kconfig 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/Kconfig 2007-03-23 08:11:31.000000000 -0400
+@@ -923,7 +923,7 @@ config PROC_FS
config PROC_KCORE
bool "/proc/kcore support" if !ARM
@@ -73,9 +73,9 @@
config PROC_VMCORE
bool "/proc/vmcore support (EXPERIMENTAL)"
-diff -urNP linux-2.6.19.2/fs/namei.c linux-2.6.19.2/fs/namei.c
---- linux-2.6.19.2/fs/namei.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/namei.c 2007-01-20 17:29:55.000000000 -0500
+diff -urNp linux-2.6.20.3/fs/namei.c linux-2.6.20.3/fs/namei.c
+--- linux-2.6.20.3/fs/namei.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/namei.c 2007-03-23 08:11:31.000000000 -0400
@@ -32,6 +32,7 @@
#include <linux/file.h>
#include <linux/fcntl.h>
@@ -84,7 +84,7 @@
#include <asm/namei.h>
#include <asm/uaccess.h>
-@@ -640,6 +641,13 @@
+@@ -637,6 +638,13 @@ static inline int do_follow_link(struct
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
@@ -98,7 +98,7 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
-@@ -1703,6 +1737,13 @@
+@@ -1700,6 +1734,13 @@ do_last:
/*
* It already exists.
*/
@@ -112,7 +112,7 @@
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode_update(path.dentry->d_inode);
-@@ -1758,6 +1809,13 @@
+@@ -1755,6 +1806,13 @@ do_link:
error = security_inode_follow_link(path.dentry, nd);
if (error)
goto exit_dput;
@@ -126,7 +126,7 @@
error = __do_follow_link(&path, nd);
if (error) {
/* Does someone understand code flow here? Or it is only
-@@ -2326,7 +2454,16 @@
+@@ -2322,7 +2450,16 @@ asmlinkage long sys_linkat(int olddfd, c
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out_unlock;
@@ -143,10 +143,10 @@
dput(new_dentry);
out_unlock:
mutex_unlock(&nd.dentry->d_inode->i_mutex);
-diff -urNP linux-2.6.19.2/fs/proc/array.c linux-2.6.19.2/fs/proc/array.c
---- linux-2.6.19.2/fs/proc/array.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/proc/array.c 2007-01-20 17:29:55.000000000 -0500
-@@ -494,3 +539,14 @@
+diff -urNp linux-2.6.20.3/fs/proc/array.c linux-2.6.20.3/fs/proc/array.c
+--- linux-2.6.20.3/fs/proc/array.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/proc/array.c 2007-03-23 08:11:31.000000000 -0400
+@@ -486,3 +531,14 @@ int proc_pid_statm(struct task_struct *t
return sprintf(buffer,"%d %d %d %d %d %d %d\n",
size, resident, shared, text, lib, data, 0);
}
@@ -161,10 +161,10 @@
+}
+#endif
+
-diff -urNP linux-2.6.19.2/fs/proc/inode.c linux-2.6.19.2/fs/proc/inode.c
---- linux-2.6.19.2/fs/proc/inode.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/proc/inode.c 2007-01-20 17:29:55.000000000 -0500
-@@ -166,7 +166,11 @@
+diff -urNp linux-2.6.20.3/fs/proc/inode.c linux-2.6.20.3/fs/proc/inode.c
+--- linux-2.6.20.3/fs/proc/inode.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/proc/inode.c 2007-03-23 08:11:31.000000000 -0400
+@@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -176,10 +176,10 @@
}
if (de->size)
inode->i_size = de->size;
-diff -urNP linux-2.6.19.2/fs/proc/internal.h linux-2.6.19.2/fs/proc/internal.h
---- linux-2.6.19.2/fs/proc/internal.h 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/proc/internal.h 2007-01-20 17:29:55.000000000 -0500
-@@ -37,6 +37,9 @@
+diff -urNp linux-2.6.20.3/fs/proc/internal.h linux-2.6.20.3/fs/proc/internal.h
+--- linux-2.6.20.3/fs/proc/internal.h 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/proc/internal.h 2007-03-23 08:11:31.000000000 -0400
+@@ -37,6 +37,9 @@ extern int proc_tid_stat(struct task_str
extern int proc_tgid_stat(struct task_struct *, char *);
extern int proc_pid_status(struct task_struct *, char *);
extern int proc_pid_statm(struct task_struct *, char *);
@@ -189,22 +189,19 @@
extern struct file_operations proc_maps_operations;
extern struct file_operations proc_numa_maps_operations;
-diff -urNP linux-2.6.19.2/fs/proc/proc_misc.c
linux-2.6.19.2/fs/proc/proc_misc.c
---- linux-2.6.19.2/fs/proc/proc_misc.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/proc/proc_misc.c 2007-01-20 17:29:55.000000000 -0500
-@@ -670,6 +670,11 @@
+diff -urNp linux-2.6.20.3/fs/proc/proc_misc.c
linux-2.6.20.3/fs/proc/proc_misc.c
+--- linux-2.6.20.3/fs/proc/proc_misc.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/proc/proc_misc.c 2007-03-23 08:11:31.000000000 -0400
+@@ -673,6 +673,8 @@ void create_seq_entry(char *name, mode_t
void __init proc_misc_init(void)
{
struct proc_dir_entry *entry;
-+
-+#ifdef CONFIG_GRKERNSEC_PROC
+ int gr_mode = 0;
-+#endif
+
static struct {
char *name;
int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -685,7 +687,9 @@
+@@ -688,7 +690,9 @@ void __init proc_misc_init(void)
{"stram", stram_read_proc},
#endif
{"filesystems", filesystems_read_proc},
@@ -214,7 +211,7 @@
{"locks", locks_read_proc},
{"execdomains", execdomains_read_proc},
{NULL,}
-@@ -696,6 +703,15 @@
+@@ -696,6 +700,15 @@ void __init proc_misc_init(void)
for (p = simple_ones; p->name; p++)
create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
@@ -230,7 +227,7 @@
proc_symlink("mounts", NULL, "self/mounts");
/* And now for trickier ones */
-@@ -704,7 +720,11 @@
+@@ -704,7 +717,11 @@ void __init proc_misc_init(void)
if (entry)
entry->proc_fops = &proc_kmsg_operations;
#endif
@@ -242,7 +239,7 @@
create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
#ifdef CONFIG_BLOCK
create_seq_entry("partitions", 0, &proc_partitions_operations);
-@@ -707,7 +724,11 @@
+@@ -712,7 +729,11 @@ void __init proc_misc_init(void)
create_seq_entry("stat", 0, &proc_stat_operations);
create_seq_entry("interrupts", 0, &proc_interrupts_operations);
#ifdef CONFIG_SLAB
@@ -254,7 +251,7 @@
#ifdef CONFIG_DEBUG_SLAB_LEAK
create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
#endif
-@@ -724,7 +745,7 @@
+@@ -729,7 +750,7 @@ void __init proc_misc_init(void)
#ifdef CONFIG_SCHEDSTATS
create_seq_entry("schedstat", 0, &proc_schedstat_operations);
#endif
@@ -263,10 +260,10 @@
proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
if (proc_root_kcore) {
proc_root_kcore->proc_fops = &proc_kcore_operations;
-diff -urNP linux-2.6.19.2/fs/proc/root.c linux-2.6.19.2/fs/proc/root.c
---- linux-2.6.19.2/fs/proc/root.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/fs/proc/root.c 2007-01-20 17:29:55.000000000 -0500
-@@ -64,7 +64,13 @@
+diff -urNp linux-2.6.20.3/fs/proc/root.c linux-2.6.20.3/fs/proc/root.c
+--- linux-2.6.20.3/fs/proc/root.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/fs/proc/root.c 2007-03-23 08:11:31.000000000 -0400
+@@ -65,7 +65,13 @@ void __init proc_root_init(void)
return;
}
proc_misc_init();
@@ -280,7 +277,7 @@
proc_net_stat = proc_mkdir("net/stat", NULL);
#ifdef CONFIG_SYSVIPC
-@@ -88,7 +94,15 @@
+@@ -89,7 +95,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
@@ -296,10 +293,10 @@
}
static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat
-diff -urNP linux-2.6.19.2/grsecurity/Kconfig linux-2.6.19.2/grsecurity/Kconfig
---- linux-2.6.19.2/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.19.2/grsecurity/Kconfig 2007-01-20 17:29:55.000000000 -0500
-@@ -0,0 +1,135 @@
+diff -urNp linux-2.6.20.3/grsecurity/Kconfig linux-2.6.20.3/grsecurity/Kconfig
+--- linux-2.6.20.3/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.3/grsecurity/Kconfig 2007-03-23 08:11:31.000000000 -0400
+@@ -0,0 +1,132 @@
+#
+# grecurity configuration
+#
@@ -384,7 +381,6 @@
+endmenu
+
+config GRKERNSEC_PROC_IPADDR
-+ depends on GRKERNSEC
+ bool "/proc/<pid>/ipaddr support"
+ help
+ If you say Y here, a new entry will be added to each /proc/<pid>
@@ -396,7 +392,6 @@
+ the RBAC system), and thus does not create privacy concerns.
+
+config GRKERNSEC_SHM
-+ depends on GRKERNSEC
+ bool "Destroy unused shared memory"
+ depends on SYSVIPC
+ help
@@ -408,7 +403,6 @@
+ "destroy_unused_shm" is created.
+
+config GRKERNSEC_SYSCTL
-+ depends on GRKERNSEC && SYSCTL
+ bool "Sysctl support"
+ help
+ If you say Y here, you will be able to change the options that
@@ -435,9 +429,9 @@
+ the sysctl entries.
+
+endmenu
-diff -urNP linux-2.6.19.2/grsecurity/Makefile
linux-2.6.19.2/grsecurity/Makefile
---- linux-2.6.19.2/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.19.2/grsecurity/Makefile 2007-01-20 17:29:55.000000000 -0500
+diff -urNp linux-2.6.20.3/grsecurity/Makefile
linux-2.6.20.3/grsecurity/Makefile
+--- linux-2.6.20.3/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.3/grsecurity/Makefile 2007-03-23 08:11:31.000000000 -0400
@@ -0,0 +1,11 @@
+# All code in this directory and various hooks inserted throughout the kernel
+# are copyright Brad Spengler, and released under the GPL v2 or higher
@@ -450,18 +444,18 @@
+obj-y += grsec_disabled.o
+endif
+
-diff -urNP linux-2.6.19.2/grsecurity/grsec_disabled.c
linux-2.6.19.2/grsecurity/grsec_disabled.c
---- linux-2.6.19.2/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_disabled.c 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/grsecurity/grsec_disabled.c
linux-2.6.20.3/grsecurity/grsec_disabled.c
+--- linux-2.6.20.3/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_disabled.c 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,5 @@
+void
+grsecurity_init(void)
+{
+ return;
+}
-diff -urNP linux-2.6.19.2/grsecurity/grsec_fifo.c
linux-2.6.19.2/grsecurity/grsec_fifo.c
---- linux-2.6.19.2/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_fifo.c 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/grsecurity/grsec_fifo.c
linux-2.6.20.3/grsecurity/grsec_fifo.c
+--- linux-2.6.20.3/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_fifo.c 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,20 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -483,10 +477,10 @@
+#endif
+ return 0;
+}
-diff -urNP linux-2.6.19.2/grsecurity/grsec_init.c
linux-2.6.19.2/grsecurity/grsec_init.c
---- linux-2.6.19.2/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_init.c 2007-01-20 17:29:55.000000000
-0500
-@@ -0,0 +1,34 @@
+diff -urNp linux-2.6.20.3/grsecurity/grsec_init.c
linux-2.6.20.3/grsecurity/grsec_init.c
+--- linux-2.6.20.3/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_init.c 2007-03-23 08:11:31.000000000
-0400
+@@ -0,0 +1,33 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -503,7 +497,6 @@
+void
+grsecurity_init(void)
+{
-+
+#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
+#ifndef CONFIG_GRKERNSEC_SYSCTL
+ grsec_lock = 1;
@@ -521,9 +514,9 @@
+
+ return;
+}
-diff -urNP linux-2.6.19.2/grsecurity/grsec_link.c
linux-2.6.19.2/grsecurity/grsec_link.c
---- linux-2.6.19.2/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_link.c 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/grsecurity/grsec_link.c
linux-2.6.20.3/grsecurity/grsec_link.c
+--- linux-2.6.20.3/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_link.c 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,37 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -562,9 +555,9 @@
+#endif
+ return 0;
+}
-diff -urNP linux-2.6.19.2/grsecurity/grsec_sock.c
linux-2.6.19.2/grsecurity/grsec_sock.c
---- linux-2.6.19.2/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_sock.c 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/grsecurity/grsec_sock.c
linux-2.6.20.3/grsecurity/grsec_sock.c
+--- linux-2.6.20.3/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_sock.c 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,164 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
@@ -730,9 +723,9 @@
+#endif
+ return;
+}
-diff -urNP linux-2.6.19.2/grsecurity/grsec_sysctl.c
linux-2.6.19.2/grsecurity/grsec_sysctl.c
---- linux-2.6.19.2/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/grsecurity/grsec_sysctl.c 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/grsecurity/grsec_sysctl.c
linux-2.6.20.3/grsecurity/grsec_sysctl.c
+--- linux-2.6.20.3/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/grsecurity/grsec_sysctl.c 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,65 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
@@ -799,9 +792,9 @@
+ { .ctl_name = 0 }
+};
+#endif
-diff -urNP linux-2.6.19.2/include/linux/grinternal.h
linux-2.6.19.2/include/linux/grinternal.h
---- linux-2.6.19.2/include/linux/grinternal.h 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/include/linux/grinternal.h 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/include/linux/grinternal.h
linux-2.6.20.3/include/linux/grinternal.h
+--- linux-2.6.20.3/include/linux/grinternal.h 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/include/linux/grinternal.h 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,15 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
@@ -818,32 +811,32 @@
+#endif
+
+#endif
-diff -urNP linux-2.6.19.2/include/linux/grsecurity.h
linux-2.6.19.2/include/linux/grsecurity.h
---- linux-2.6.19.2/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000
-0500
-+++ linux-2.6.19.2/include/linux/grsecurity.h 2007-01-20 17:29:55.000000000
-0500
+diff -urNp linux-2.6.20.3/include/linux/grsecurity.h
linux-2.6.20.3/include/linux/grsecurity.h
+--- linux-2.6.20.3/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000
-0500
++++ linux-2.6.20.3/include/linux/grsecurity.h 2007-03-23 08:11:31.000000000
-0400
@@ -0,0 +1,34 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
+#include <linux/binfmts.h>
+
-+extern void gr_del_task_from_ip_table(struct task_struct *p);
++void gr_del_task_from_ip_table(struct task_struct *p);
+
-+extern int gr_handle_follow_link(const struct inode *parent,
++int gr_handle_follow_link(const struct inode *parent,
+ const struct inode *inode,
+ const struct dentry *dentry,
+ const struct vfsmount *mnt);
-+extern int gr_handle_fifo(const struct dentry *dentry,
++int gr_handle_fifo(const struct dentry *dentry,
+ const struct vfsmount *mnt,
+ const struct dentry *dir, const int flag,
+ const int acc_mode);
-+extern int gr_handle_hardlink(const struct dentry *dentry,
++int gr_handle_hardlink(const struct dentry *dentry,
+ const struct vfsmount *mnt,
+ struct inode *inode,
+ const int mode, const char *to);
+
+#ifdef CONFIG_SYSVIPC
-+extern void gr_shm_exit(struct task_struct *task);
++void gr_shm_exit(struct task_struct *task);
+#else
+static inline void gr_shm_exit(struct task_struct *task)
+{
@@ -856,10 +849,10 @@
+#endif
+
+#endif
-diff -urNP linux-2.6.19.2/include/linux/sched.h
linux-2.6.19.2/include/linux/sched.h
---- linux-2.6.19.2/include/linux/sched.h 2006-11-29 16:57:37.000000000
-0500
-+++ linux-2.6.19.2/include/linux/sched.h 2007-01-20 17:29:55.000000000
-0500
-@@ -468,6 +495,14 @@
+diff -urNp linux-2.6.20.3/include/linux/sched.h
linux-2.6.20.3/include/linux/sched.h
+--- linux-2.6.20.3/include/linux/sched.h 2007-03-13 14:27:08.000000000
-0400
++++ linux-2.6.20.3/include/linux/sched.h 2007-03-23 08:11:31.000000000
-0400
+@@ -491,6 +518,14 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
@@ -874,10 +867,10 @@
};
/* Context switch must be unlocked if interrupts are to be enabled */
-diff -urNP linux-2.6.19.2/include/linux/shm.h
linux-2.6.19.2/include/linux/shm.h
---- linux-2.6.19.2/include/linux/shm.h 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/include/linux/shm.h 2007-01-20 17:29:55.000000000 -0500
-@@ -86,6 +86,10 @@
+diff -urNp linux-2.6.20.3/include/linux/shm.h
linux-2.6.20.3/include/linux/shm.h
+--- linux-2.6.20.3/include/linux/shm.h 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/include/linux/shm.h 2007-03-23 08:11:31.000000000 -0400
+@@ -86,6 +86,10 @@ struct shmid_kernel /* private to the ke
pid_t shm_cprid;
pid_t shm_lprid;
struct user_struct *mlock_user;
@@ -888,10 +881,10 @@
};
/* shm_mode upper byte flags */
-diff -urN linux-2.6.16.2/include/linux/sysctl.h
linux-2.6.16.2-grsec/include/linux/sysctl.h
---- linux-2.6.16.2/include/linux/sysctl.h 2006-04-07 18:56:47.000000000
+0200
-+++ linux-2.6.16.2-grsec/include/linux/sysctl.h 2006-04-11
18:09:09.244033250 +0200
-@@ -167,6 +167,9 @@
+diff -urNp linux-2.6.20.3/include/linux/sysctl.h
linux-2.6.20.3/include/linux/sysctl.h
+--- linux-2.6.20.3/include/linux/sysctl.h 2007-03-13 14:27:08.000000000
-0400
++++ linux-2.6.20.3/include/linux/sysctl.h 2007-03-23 08:29:10.000000000
-0400
+@@ -167,6 +167,9 @@ enum
/* CTL_VM names: */
enum
{
@@ -901,9 +894,9 @@
VM_UNUSED1=1, /* was: struct: Set vm swapping control */
VM_UNUSED2=2, /* was; int: Linear or sqrt() swapout for hogs
*/
VM_UNUSED3=3, /* was: struct: Set free page thresholds */
-diff -urNP linux-2.6.19.2/ipc/shm.c linux-2.6.19.2/ipc/shm.c
---- linux-2.6.19.2/ipc/shm.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/ipc/shm.c 2007-01-20 17:29:55.000000000 -0500
+diff -urNp linux-2.6.20.3/ipc/shm.c linux-2.6.20.3/ipc/shm.c
+--- linux-2.6.20.3/ipc/shm.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/ipc/shm.c 2007-03-23 08:11:31.000000000 -0400
@@ -37,6 +37,7 @@
#include <linux/seq_file.h>
#include <linux/mutex.h>
@@ -912,7 +905,7 @@
#include <asm/uaccess.h>
-@@ -216,6 +227,17 @@
+@@ -216,6 +227,17 @@ static void shm_close (struct vm_area_st
shp->shm_lprid = current->tgid;
shp->shm_dtim = get_seconds();
shp->shm_nattch--;
@@ -930,7 +923,7 @@
if(shp->shm_nattch == 0 &&
shp->shm_perm.mode & SHM_DEST)
shm_destroy(ns, shp);
-@@ -326,6 +348,9 @@
+@@ -326,6 +348,9 @@ static int newseg (struct ipc_namespace
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
@@ -940,9 +933,9 @@
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->id = shm_buildid(ns, id, shp->shm_perm.seq);
-@@ -845,6 +872,11 @@
+@@ -842,6 +869,11 @@ long do_shmat(int shmid, char __user *sh
file = shp->shm_file;
- size = i_size_read(file->f_dentry->d_inode);
+ size = i_size_read(file->f_path.dentry->d_inode);
shp->shm_nattch++;
+
+#ifdef CONFIG_GRKERNSEC
@@ -952,7 +945,7 @@
shm_unlock(shp);
down_write(¤t->mm->mmap_sem);
-@@ -1014,3 +1059,27 @@
+@@ -1014,3 +1055,27 @@ static int sysvipc_shm_proc_show(struct
shp->shm_ctim);
}
#endif
@@ -980,10 +973,11 @@
+#endif
+ return;
+}
-diff -urNP linux-2.6.19.2/kernel/configs.c linux-2.6.19.2/kernel/configs.c
---- linux-2.6.19.2/kernel/configs.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/kernel/configs.c 2007-01-20 17:29:55.000000000 -0500
-@@ -88,8 +88,16 @@
+diff -urNp linux-2.6.20.3/kernel/acct.c linux-2.6.20.3/kernel/acct.c
+diff -urNp linux-2.6.20.3/kernel/configs.c linux-2.6.20.3/kernel/configs.c
+--- linux-2.6.20.3/kernel/configs.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/kernel/configs.c 2007-03-23 08:11:31.000000000 -0400
+@@ -88,8 +88,16 @@ static int __init ikconfig_init(void)
struct proc_dir_entry *entry;
/* create the current config file */
@@ -1000,10 +994,10 @@
if (!entry)
return -ENOMEM;
-diff -urNP linux-2.6.19.2/kernel/exit.c linux-2.6.19.2/kernel/exit.c
---- linux-2.6.19.2/kernel/exit.c 2006-11-29 16:57:37.000000000 -0500
-+++ linux-2.6.19.2/kernel/exit.c 2007-01-20 17:29:55.000000000 -0500
-@@ -41,6 +41,7 @@
+diff -urNp linux-2.6.20.3/kernel/exit.c linux-2.6.20.3/kernel/exit.c
+--- linux-2.6.20.3/kernel/exit.c 2007-03-13 14:27:08.000000000 -0400
++++ linux-2.6.20.3/kernel/exit.c 2007-03-23 08:11:31.000000000 -0400
+@@ -42,6 +42,7 @@
#include <linux/audit.h> /* for audit_free() */
#include <linux/resource.h>
#include <linux/blkdev.h>
@@ -1011,7 +1005,7 @@
#include <asm/uaccess.h>
#include <asm/unistd.h>
-@@ -118,6 +123,7 @@
+@@ -118,6 +123,7 @@ static void __exit_signal(struct task_st
__unhash_process(tsk);
@@ -1019,7 +1013,7 @@
tsk->signal = NULL;
tsk->sighand = NULL;
spin_unlock(&sighand->siglock);
-@@ -919,6 +947,7 @@
+@@ -918,6 +946,7 @@ fastcall NORET_TYPE void do_exit(long co
if (group_dead)
acct_process();
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-grsec-minimal.patch?r1=1.1.2.20.4.3&r2=1.1.2.20.4.4&f=u
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
