[packages/kernel.git] / kernel-vserver-fixes.patch

--- linux-3.3/fs/proc/base.c~	2012-03-19 21:44:42.000000000 +0100
+++ linux-3.3/fs/proc/base.c	2012-03-21 12:25:28.051092423 +0100
@@ -568,6 +568,8 @@
 				 struct task_struct *task,
 				 int hide_pid_min)
 {
+	if (vx_check(0, VS_WATCH_P))
+		return true;
 	if (pid->hide_pid < hide_pid_min)
 		return true;
 	if (in_group_p(pid->pid_gid))
diff -NurpP --minimal linux-3.14.17/init/Kconfig linux-3.14.17-vs2.3.6.13/init/Kconfig
--- linux-3.14.17/init/Kconfig	2014-08-14 01:38:34.000000000 +0000
+++ linux-3.14.17-vs2.3.6.13/init/Kconfig	2014-08-30 14:37:19.000000000 +0000
@@ -1117,6 +1118,7 @@ config IPC_NS
 
 config USER_NS
 	bool "User namespace"
+	depends on VSERVER_DISABLED
 	default n
 	help
 	  This allows containers, i.e. vservers, to use user namespaces

upstream addition of masking all capabilities above CAP_LAST_CAP did not account for linux-vserver CAP_CONTEXT

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=76f01555c78e496203105bd29b878db3431a2260

diff -urNpd linux-3.10.56-vs2.3.6.9~/include/linux/capability.h linux-3.10.56-vs2.3.6.9/include/linux/capability.h
--- linux-3.10.56-vs2.3.6.9~/include/linux/capability.h	2014-09-18 12:28:39.000000000 -0500
+++ linux-3.10.56-vs2.3.6.9/include/linux/capability.h	2014-10-05 23:00:59.000000000 -0500
@@ -79,7 +79,8 @@ extern const kernel_cap_t __cap_init_eff
 #else /* HAND-CODED capability initializers */
 
 #define CAP_LAST_U32			((_KERNEL_CAPABILITY_U32S) - 1)
-#define CAP_LAST_U32_VALID_MASK		(CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
+#define CAP_LAST_U32_VALID_MASK		((CAP_TO_MASK(CAP_LAST_CAP + 1) -1) \
+					| CAP_TO_MASK(CAP_CONTEXT))
 
 # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
 # define CAP_FULL_SET     ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
Commit	Line	Data
0232a98e AM	1	--- linux-3.3/fs/proc/base.c~ 2012-03-19 21:44:42.000000000 +0100
	2	+++ linux-3.3/fs/proc/base.c 2012-03-21 12:25:28.051092423 +0100
	3	@@ -568,6 +568,8 @@
	4	struct task_struct *task,
	5	int hide_pid_min)
	6	{
	7	+ if (vx_check(0, VS_WATCH_P))
	8	+ return true;
	9	if (pid->hide_pid < hide_pid_min)
	10	return true;
	11	if (in_group_p(pid->pid_gid))
c1969851 JR	12	diff -NurpP --minimal linux-3.14.17/init/Kconfig linux-3.14.17-vs2.3.6.13/init/Kconfig
	13	--- linux-3.14.17/init/Kconfig 2014-08-14 01:38:34.000000000 +0000
	14	+++ linux-3.14.17-vs2.3.6.13/init/Kconfig 2014-08-30 14:37:19.000000000 +0000
	15	@@ -1117,6 +1118,7 @@ config IPC_NS
	16
	17	config USER_NS
	18	bool "User namespace"
	19	+ depends on VSERVER_DISABLED
	20	default n
	21	help
	22	This allows containers, i.e. vservers, to use user namespaces
02242d31 JR	23
	24	upstream addition of masking all capabilities above CAP_LAST_CAP did not account for linux-vserver CAP_CONTEXT
	25
	26	https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=76f01555c78e496203105bd29b878db3431a2260
	27
	28	diff -urNpd linux-3.10.56-vs2.3.6.9~/include/linux/capability.h linux-3.10.56-vs2.3.6.9/include/linux/capability.h
	29	--- linux-3.10.56-vs2.3.6.9~/include/linux/capability.h 2014-09-18 12:28:39.000000000 -0500
	30	+++ linux-3.10.56-vs2.3.6.9/include/linux/capability.h 2014-10-05 23:00:59.000000000 -0500
	31	@@ -79,7 +79,8 @@ extern const kernel_cap_t __cap_init_eff
	32	#else /* HAND-CODED capability initializers */
	33
	34	#define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1)
	35	-#define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
	36	+#define CAP_LAST_U32_VALID_MASK ((CAP_TO_MASK(CAP_LAST_CAP + 1) -1) \
	37	+ \| CAP_TO_MASK(CAP_CONTEXT))
	38
	39	# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
	40	# define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})