[packages/kernel.git] / kernel-vserver-fixes.patch

Missing header for routes patch, caused vs2.3 route.h mixing
--- a/net/ipv4/netfilter/nf_nat_core.c~	2008-01-24 23:58:37.000000000 +0100
+++ a/net/ipv4/netfilter/nf_nat_core.c	2008-03-30 21:00:19.349593833 +0200
@@ -15,6 +15,7 @@
 #include <net/checksum.h>
 #include <net/icmp.h>
 #include <net/ip.h>
+#include <net/route.h>
 #include <net/tcp.h>  /* For tcp_prot in getorigdst */
 #include <linux/icmp.h>
 #include <linux/udp.h>
diff -upr linux-2.6.25/security/selinux/include/av_perm_to_string.h linux-2.6.25/security/selinux/include/av_perm_to_string.h
--- linux-2.6.25/security/selinux/include/av_perm_to_string.h	2008-04-17 02:49:44.000000000 +0000
+++ linux-2.6.25/security/selinux/include/av_perm_to_string.h	2008-05-21 08:48:33.061933886 +0000
@@ -135,6 +135,7 @@
    S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
    S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
    S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
+   S_(SECCLASS_CAPABILITY2, CAPABILITY2__CONTEXT, "context")
    S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
    S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
    S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
diff -upr linux-2.6.25/security/selinux/include/av_permissions.h linux-2.6.25/security/selinux/include/av_permissions.h
--- linux-2.6.25/security/selinux/include/av_permissions.h	2008-04-17 02:49:44.000000000 +0000
+++ linux-2.6.25/security/selinux/include/av_permissions.h	2008-05-21 08:49:07.059597304 +0000
@@ -536,6 +536,7 @@
 #define CAPABILITY__SETFCAP                       0x80000000UL
 #define CAPABILITY2__MAC_OVERRIDE                 0x00000001UL
 #define CAPABILITY2__MAC_ADMIN                    0x00000002UL
+#define CAPABILITY2__CONTEXT                      0x00000004UL
 #define NETLINK_ROUTE_SOCKET__IOCTL               0x00000001UL
 #define NETLINK_ROUTE_SOCKET__READ                0x00000002UL
 #define NETLINK_ROUTE_SOCKET__WRITE               0x00000004UL
--- linux-2.6.27/arch/powerpc/include/asm/unistd.h.org	2008-11-02 22:23:47.000000000 +0000
+++ linux-2.6.27/arch/powerpc/include/asm/unistd.h	2008-11-02 22:24:37.000000000 +0000
@@ -275,7 +275,7 @@
 #endif
 #define __NR_rtas		255
 #define __NR_sys_debug_setcontext 256
-/* Number 257 is reserved for vserver */
+#define __NR_vserver		257
 #define __NR_migrate_pages	258
 #define __NR_mbind		259
 #define __NR_get_mempolicy	260
diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c
--- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c	2008-11-17 23:55:48.000000000 +0100
+++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c	2008-11-17 23:47:48.000000000 +0100
@@ -1183,6 +1183,8 @@ int ipv6_dev_get_saddr(struct net *net, 
 					       dev->name);
 				continue;
 			}
+			if (!v6_addr_in_nx_info(nxi, &score->ifa->addr, -1))
+				continue;
 
 			score->rule = -1;
 			bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c
--- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c	2008-10-10 00:13:53.000000000 +0200
+++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c	2008-11-17 23:34:18.000000000 +0100
@@ -29,6 +29,7 @@
 #include <linux/icmpv6.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv6.h>
+#include <linux/vs_inet6.h>
 #include <linux/skbuff.h>
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
@@ -281,6 +282,13 @@ static int rawv6_bind(struct sock *sk, s
 			}
 		}
 
+		if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) {
+			err = -EADDRNOTAVAIL;
+			if (dev)
+				dev_put(dev);
+			goto out;
+		}
+
 		/* ipv4 addr of the socket is invalid.  Only the
 		 * unspecified and mapped address have a v4 equivalent.
 		 */
Commit	Line	Data
5ba8d060	1	Missing header for routes patch, caused vs2.3 route.h mixing
	2	--- a/net/ipv4/netfilter/nf_nat_core.c~ 2008-01-24 23:58:37.000000000 +0100
	3	+++ a/net/ipv4/netfilter/nf_nat_core.c 2008-03-30 21:00:19.349593833 +0200
	4	@@ -15,6 +15,7 @@
	5	#include <net/checksum.h>
	6	#include <net/icmp.h>
	7	#include <net/ip.h>
	8	+#include <net/route.h>
	9	#include <net/tcp.h> /* For tcp_prot in getorigdst */
	10	#include <linux/icmp.h>
	11	#include <linux/udp.h>
32ceaa83	12	diff -upr linux-2.6.25/security/selinux/include/av_perm_to_string.h linux-2.6.25/security/selinux/include/av_perm_to_string.h
	13	--- linux-2.6.25/security/selinux/include/av_perm_to_string.h 2008-04-17 02:49:44.000000000 +0000
	14	+++ linux-2.6.25/security/selinux/include/av_perm_to_string.h 2008-05-21 08:48:33.061933886 +0000
	15	@@ -135,6 +135,7 @@
	16	S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
	17	S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
	18	S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
	19	+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__CONTEXT, "context")
	20	S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
	21	S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
	22	S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
	23	diff -upr linux-2.6.25/security/selinux/include/av_permissions.h linux-2.6.25/security/selinux/include/av_permissions.h
	24	--- linux-2.6.25/security/selinux/include/av_permissions.h 2008-04-17 02:49:44.000000000 +0000
	25	+++ linux-2.6.25/security/selinux/include/av_permissions.h 2008-05-21 08:49:07.059597304 +0000
	26	@@ -536,6 +536,7 @@
	27	#define CAPABILITY__SETFCAP 0x80000000UL
	28	#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
	29	#define CAPABILITY2__MAC_ADMIN 0x00000002UL
	30	+#define CAPABILITY2__CONTEXT 0x00000004UL
	31	#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
	32	#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
	33	#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
832a2367 AM	34	--- linux-2.6.27/arch/powerpc/include/asm/unistd.h.org 2008-11-02 22:23:47.000000000 +0000
	35	+++ linux-2.6.27/arch/powerpc/include/asm/unistd.h 2008-11-02 22:24:37.000000000 +0000
	36	@@ -275,7 +275,7 @@
	37	#endif
	38	#define __NR_rtas 255
	39	#define __NR_sys_debug_setcontext 256
	40	-/* Number 257 is reserved for vserver */
	41	+#define __NR_vserver 257
	42	#define __NR_migrate_pages 258
	43	#define __NR_mbind 259
	44	#define __NR_get_mempolicy 260
95690e21 AM	45	diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c
	46	--- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c 2008-11-17 23:55:48.000000000 +0100
	47	+++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c 2008-11-17 23:47:48.000000000 +0100
	48	@@ -1183,6 +1183,8 @@ int ipv6_dev_get_saddr(struct net *net,
	49	dev->name);
	50	continue;
	51	}
	52	+ if (!v6_addr_in_nx_info(nxi, &score->ifa->addr, -1))
	53	+ continue;
	54
	55	score->rule = -1;
	56	bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
	57	diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c
	58	--- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c 2008-10-10 00:13:53.000000000 +0200
	59	+++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c 2008-11-17 23:34:18.000000000 +0100
	60	@@ -29,6 +29,7 @@
	61	#include <linux/icmpv6.h>
	62	#include <linux/netfilter.h>
	63	#include <linux/netfilter_ipv6.h>
	64	+#include <linux/vs_inet6.h>
	65	#include <linux/skbuff.h>
	66	#include <asm/uaccess.h>
	67	#include <asm/ioctls.h>
	68	@@ -281,6 +282,13 @@ static int rawv6_bind(struct sock *sk, s
	69	}
	70	}
	71
	72	+ if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) {
	73	+ err = -EADDRNOTAVAIL;
	74	+ if (dev)
	75	+ dev_put(dev);
	76	+ goto out;
	77	+ }
	78	+
	79	/* ipv4 addr of the socket is invalid. Only the
	80	* unspecified and mapped address have a v4 equivalent.
	81	*/