kernel-vserver-fixes.patch

   1 --- linux-3.3/fs/proc/base.c~   2012-03-19 21:44:42.000000000 +0100
   2 +++ linux-3.3/fs/proc/base.c    2012-03-21 12:25:28.051092423 +0100
   3 @@ -568,6 +568,8 @@
   4                                  struct task_struct *task,
   5                                  int hide_pid_min)
   6  {
   7 +       if (vx_check(0, VS_WATCH_P))
   8 +               return true;
   9         if (pid->hide_pid < hide_pid_min)
  10                 return true;
  11         if (in_group_p(pid->pid_gid))
  12
  13 upstream addition of masking all capabilities above CAP_LAST_CAP did not account for linux-vserver CAP_CONTEXT
  14
  15 https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=76f01555c78e496203105bd29b878db3431a2260
  16
  17 diff -urNpd linux-3.10.56-vs2.3.6.9~/include/linux/capability.h linux-3.10.56-vs2.3.6.9/include/linux/capability.h
  18 --- linux-3.10.56-vs2.3.6.9~/include/linux/capability.h 2014-09-18 12:28:39.000000000 -0500
  19 +++ linux-3.10.56-vs2.3.6.9/include/linux/capability.h  2014-10-05 23:00:59.000000000 -0500
  20 @@ -79,7 +79,8 @@ extern const kernel_cap_t __cap_init_eff
  21  #else /* HAND-CODED capability initializers */
  22
  23  #define CAP_LAST_U32                   ((_KERNEL_CAPABILITY_U32S) - 1)
  24 -#define CAP_LAST_U32_VALID_MASK                (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
  25 +#define CAP_LAST_U32_VALID_MASK                ((CAP_TO_MASK(CAP_LAST_CAP + 1) -1) \
  26 +                                       | CAP_TO_MASK(CAP_CONTEXT))
  27
  28  # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
  29  # define CAP_FULL_SET     ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})