3 diff -upr a/grsecurity/gracl_cap.c c/grsecurity/gracl_cap.c
4 --- a/grsecurity/gracl_cap.c 2007-12-01 00:54:57.312774500 +0000
5 +++ c/grsecurity/gracl_cap.c 2007-12-01 01:09:34.923621750 +0000
6 @@ -110,3 +110,19 @@ gr_is_capable_nolog(const int cap)
11 +gr_log_cap_pid(const int cap, const pid_t pid)
13 + struct task_struct *p;
15 + if (gr_acl_is_enabled()) {
16 + read_lock(&tasklist_lock);
17 + p = find_task_by_vpid(pid);
20 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, p, captab_log[cap]);
22 + read_unlock(&tasklist_lock);
26 --- linux-2.6.35/include/linux/grsecurity.h~ 2010-10-20 21:01:00.758532744 +0200
27 +++ linux-2.6.35/include/linux/grsecurity.h 2010-10-20 21:03:27.556754795 +0200
29 void gr_log_textrel(struct vm_area_struct *vma);
30 void gr_log_rwxmmap(struct file *file);
31 void gr_log_rwxmprotect(struct file *file);
32 +void gr_log_cap_pid(const int cap, pid_t pid);
34 int gr_handle_follow_link(const struct inode *parent,
35 const struct inode *inode,
36 diff -upr a/security/commoncap.c c/security/commoncap.c
37 --- a/security/commoncap.c 2007-12-01 00:54:57.300773750 +0000
38 +++ c/security/commoncap.c 2007-12-01 01:09:34.923621750 +0000
41 int cap_netlink_recv(struct sk_buff *skb, int cap)
43 - if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap))
44 + if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap)) {
45 +#ifdef CONFIG_GRKERNSEC
46 + gr_log_cap_pid(cap, NETLINK_CREDS(skb)->pid);
53 --- linux-2.6.30/kernel/vserver/context.c~ 2009-07-31 12:07:52.365267958 +0200
54 +++ linux-2.6.30/kernel/vserver/context.c 2009-07-31 12:43:04.991723596 +0200
56 // preconfig fs entries
57 for (index = 0; index < VX_SPACES; index++) {
58 spin_lock(&init_fs.lock);
60 + atomic_inc(&init_fs.users);
61 spin_unlock(&init_fs.lock);
62 new->vx_fs[index] = &init_fs;
66 fs = xchg(&vxi->vx_fs[index], NULL);
68 - kill = !--fs->users;
69 + kill = !atomic_dec_return(&fs->users);
70 spin_unlock(&fs->lock);
73 --- linux-2.6.30/kernel/vserver/space.c~ 2009-07-31 12:07:52.398601243 +0200
74 +++ linux-2.6.30/kernel/vserver/space.c 2009-07-31 12:47:48.638394441 +0200
76 if (mask & CLONE_FS) {
77 write_lock(&fs_cur->lock);
79 - kill = !--fs_cur->users;
80 + kill = !atomic_dec_return(&fs_cur->users);
81 spin_unlock(&fs_cur->lock);
85 if (mask & CLONE_FS) {
86 spin_lock(&fs_vxi->lock);
88 - kill = !--fs_vxi->users;
89 + kill = !atomic_dec_return(&fs_vxi->users);
90 spin_unlock(&fs_vxi->lock);
93 --- linux-2.6.28/fs/proc/Kconfig~ 2008-11-20 23:26:34.000000000 +0100
94 +++ linux-2.6.28/fs/proc/Kconfig 2008-12-01 20:37:12.000000000 +0100
98 config PROC_PAGE_MONITOR
100 - depends on PROC_FS && MMU && !GRKERNSEC
102 + depends on PROC_FS && MMU
103 bool "Enable /proc page monitoring" if EXPERT
105 Various /proc files exist to monitor process memory utilization:
106 --- linux-2.6.34/net/socket.c~ 2010-07-06 15:35:03.398523320 +0200
107 +++ linux-2.6.34/net/socket.c 2010-07-06 15:35:26.021020905 +0200
108 @@ -1573,12 +1573,6 @@
109 newsock->type = sock->type;
110 newsock->ops = sock->ops;
112 - if (gr_handle_sock_server_other(sock->sk)) {
114 - sock_release(newsock);
118 err = gr_search_accept(sock);
120 sock_release(newsock);
123 --- linux-3.0/include/linux/vermagic.h~ 2011-10-14 19:55:36.000000000 +0200
124 +++ linux-3.0/include/linux/vermagic.h 2011-10-16 15:45:11.251098590 +0200
128 #ifdef CONSTIFY_PLUGIN
129 -#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
130 +#define MODULE_CONSTIFY_PLUGIN ""
132 #define MODULE_CONSTIFY_PLUGIN ""
134 --- linux-3.1/kernel/fork.c.org 2011-11-17 20:43:03.561319929 +0100
135 +++ linux-3.1/kernel/fork.c 2011-11-17 20:44:09.022832196 +0100
136 @@ -1704,7 +1704,7 @@
139 /* don't need lock here; in the worst case we'll do useless copy */
140 - if (fs->users == 1)
141 + if (atomic_read(&fs->users) == 1)
144 *new_fsp = copy_fs_struct(fs);
145 @@ -1793,7 +1793,7 @@
147 spin_lock(&fs->lock);
148 current->fs = new_fs;
150 + if (atomic_dec_return(&fs->users))