[arch-commits] Commit in linux-grsec/trunk (4 files)
Daniel Micay
thestinger at archlinux.org
Mon Aug 11 09:27:22 UTC 2014
Date: Monday, August 11, 2014 @ 11:27:22
Author: thestinger
Revision: 117133
upgpkg: linux-grsec 3.15.9.201408110025-1
* rely on grsecurity to disable unprivileged user namespaces
Modified:
linux-grsec/trunk/PKGBUILD
linux-grsec/trunk/config
linux-grsec/trunk/config.x86_64
Deleted:
linux-grsec/trunk/Revert-userns-Allow-unprivileged-users-to-create-use.patch
------------------------------------------------------------+
PKGBUILD | 21 ++---
Revert-userns-Allow-unprivileged-users-to-create-use.patch | 41 -----------
config | 4 -
config.x86_64 | 4 -
4 files changed, 14 insertions(+), 56 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-08-11 09:10:22 UTC (rev 117132)
+++ PKGBUILD 2014-08-11 09:27:22 UTC (rev 117133)
@@ -7,12 +7,12 @@
pkgbase=linux-grsec
_srcname=linux-3.15
-_pkgver=3.15.8
+_pkgver=3.15.9
_grsecver=3.0
-_timestamp=201408040708
+_timestamp=201408110025
_grsec_patch="grsecurity-$_grsecver-$_pkgver-$_timestamp.patch"
pkgver=$_pkgver.$_timestamp
-pkgrel=2
+pkgrel=1
arch=('i686' 'x86_64')
url=https://grsecurity.net/
license=('GPL2')
@@ -27,17 +27,15 @@
# standard config files for mkinitcpio ramdisk
'linux.preset'
'change-default-console-loglevel.patch'
- Revert-userns-Allow-unprivileged-users-to-create-use.patch
)
sha256sums=('c3927e87be4040fa8aca1b58663dc0776aaf00485604ff88a623be2f3fb07794'
- 'e25557b19dfebc91e42939aa9a62f7a4d4e36ea2cc659368cded51fb2c703456'
- 'f85023b7d061365a08139743e68082e3f61b178173528a0d9e39c07ddeef0ad6'
+ '31c0bde90d23355540062438aa485418d19b15a7563a1297ff49247954f62417'
+ 'ebe1eeefe65dfe12e64941e0727c3cc9c37d2547d3eb8c01031d449be00c1e5f'
'SKIP'
- 'e7464de4d248176dc6e2dede11acdfa4cb77bed1fbacaf2b8c66ab94164fe383'
- 'aaeea9587701bd8e1a23dfa9e5c32dcda454ce26497175a9ad9f2bd3c260f6ea'
+ '26b9e9cca6aa6984e5375da589588a3a5d00d7e99718c8cf6bf2b9f92920bd5f'
+ 'd5e63ad33d42abc9ba054b196fdcfed74389eb30aaa01bcf01917496cc9387fc'
'ca7e718375b3790888756cc0a64a7500cd57dddb9bf7e10a0df22c860d91f74d'
- 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
- '1b3651558fcd497c72af3d483febb21fff98cbb9fbcb456da19b24304c40c754')
+ 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182')
_kernelname=${pkgbase#linux}
@@ -55,9 +53,6 @@
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
- # Forbid unprivileged user namespaces
- patch -p1 -i "$srcdir/Revert-userns-Allow-unprivileged-users-to-create-use.patch"
-
# Add grsecurity patches
patch -Np1 -i "$srcdir/$_grsec_patch"
rm localversion-grsec
Deleted: Revert-userns-Allow-unprivileged-users-to-create-use.patch
===================================================================
--- Revert-userns-Allow-unprivileged-users-to-create-use.patch 2014-08-11 09:10:22 UTC (rev 117132)
+++ Revert-userns-Allow-unprivileged-users-to-create-use.patch 2014-08-11 09:27:22 UTC (rev 117133)
@@ -1,41 +0,0 @@
-From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer at fedoraproject.org>
-Date: Wed, 13 Nov 2013 10:21:18 -0500
-Subject: [PATCH] Revert "userns: Allow unprivileged users to create user
- namespaces."
-
-This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946.
-
-Conflicts:
- kernel/fork.c
----
- kernel/fork.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/kernel/fork.c b/kernel/fork.c
-index f6d11fc..e04c9a7 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags,
- long nr;
-
- /*
-+ * Do some preliminary argument and permissions checking before we
-+ * actually start allocating stuff
-+ */
-+ if (clone_flags & CLONE_NEWUSER) {
-+ /* hopefully this check will go away when userns support is
-+ * complete
-+ */
-+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
-+ !capable(CAP_SETGID))
-+ return -EPERM;
-+ }
-+
-+ /*
- * Determine whether and which event to report to ptracer. When
- * called from kernel_thread or CLONE_UNTRACED is explicitly
- * requested, no event is reported; otherwise, report if the event
---
-1.8.3.1
-
Modified: config
===================================================================
--- config 2014-08-11 09:10:22 UTC (rev 117132)
+++ config 2014-08-11 09:27:22 UTC (rev 117133)
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -414,6 +414,8 @@
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
CONFIG_VM86=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX32=y
CONFIG_TOSHIBA=m
CONFIG_I8K=m
CONFIG_X86_REBOOTFIXUPS=y
Modified: config.x86_64
===================================================================
--- config.x86_64 2014-08-11 09:10:22 UTC (rev 117132)
+++ config.x86_64 2014-08-11 09:27:22 UTC (rev 117133)
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.15.8.201408010648-1 Kernel Configuration
+# Linux/x86 3.15.9.201408110025-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -405,6 +405,8 @@
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
CONFIG_I8K=m
CONFIG_MICROCODE=m
CONFIG_MICROCODE_INTEL=y
More information about the arch-commits
mailing list