- 3.1.101

[packages/kernel.git] / kernel-vserver-fixes.patch

diff --git a/kernel-vserver-fixes.patch b/kernel-vserver-fixes.patch
index 7c074ab2b1a23a8c2f92a03c6935489a4ec82dee..18721f94bf85d7da20e20f53436183d2b3428b6b 100644 (file)
--- a/kernel-vserver-fixes.patch
+++ b/kernel-vserver-fixes.patch
@@ -1,37 +1,29 @@
-Missing header for routes patch, caused vs2.3 route.h mixing
---- a/net/ipv4/netfilter/nf_nat_core.c~        2008-01-24 23:58:37.000000000 +0100
-+++ a/net/ipv4/netfilter/nf_nat_core.c 2008-03-30 21:00:19.349593833 +0200
-@@ -15,6 +15,7 @@
- #include <net/checksum.h>
- #include <net/icmp.h>
- #include <net/ip.h>
-+#include <net/route.h>
- #include <net/tcp.h>  /* For tcp_prot in getorigdst */
- #include <linux/icmp.h>
- #include <linux/udp.h>
---- linux-2.6.33/arch/x86/kernel/process.c~    2010-02-24 19:52:17.000000000 +0100
-+++ linux-2.6.33/arch/x86/kernel/process.c     2010-02-25 23:44:56.487156216 +0100
-@@ -110,8 +110,8 @@
-       board = dmi_get_system_info(DMI_BOARD_NAME);
+--- linux-3.3/fs/proc/base.c~  2012-03-19 21:44:42.000000000 +0100
++++ linux-3.3/fs/proc/base.c   2012-03-21 12:25:28.051092423 +0100
+@@ -568,6 +568,8 @@
+                                struct task_struct *task,
+                                int hide_pid_min)
+ {
++      if (vx_check(0, VS_WATCH_P))
++              return true;
+       if (pid->hide_pid < hide_pid_min)
+               return true;
+       if (in_group_p(pid->pid_gid))
+
+upstream addition of masking all capabilities above CAP_LAST_CAP did not account for linux-vserver CAP_CONTEXT
+
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=76f01555c78e496203105bd29b878db3431a2260
+
+diff -urNpd linux-3.10.56-vs2.3.6.9~/include/linux/capability.h linux-3.10.56-vs2.3.6.9/include/linux/capability.h
+--- linux-3.10.56-vs2.3.6.9~/include/linux/capability.h        2014-09-18 12:28:39.000000000 -0500
++++ linux-3.10.56-vs2.3.6.9/include/linux/capability.h 2014-10-05 23:00:59.000000000 -0500
+@@ -79,7 +79,8 @@ extern const kernel_cap_t __cap_init_eff
+ #else /* HAND-CODED capability initializers */
  
-       printk(KERN_CONT "\n");
--      printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s",
--              current->pid, current->comm, print_tainted(),
-+      printk(KERN_DEFAULT "Pid: %d, xid: #%u, comm: %.20s %s %s %.*s",
-+              current->pid, current->xid, current->comm, print_tainted(),
-               init_utsname()->release,
-               (int)strcspn(init_utsname()->version, " "),
-               init_utsname()->version);
---- linux-2.6.31/arch/x86/kernel/dumpstack.c~  2009-09-16 08:32:02.000000000 +0200
-+++ linux-2.6.31/arch/x86/kernel/dumpstack.c   2009-09-17 21:58:13.778791960 +0200
-@@ -180,8 +180,8 @@
-       unsigned long stack;
+ #define CAP_LAST_U32                  ((_KERNEL_CAPABILITY_U32S) - 1)
+-#define CAP_LAST_U32_VALID_MASK               (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
++#define CAP_LAST_U32_VALID_MASK               ((CAP_TO_MASK(CAP_LAST_CAP + 1) -1) \
++                                      | CAP_TO_MASK(CAP_CONTEXT))
  
-       bp = stack_frame(current, NULL);
--      printk("Pid: %d, comm: %.20s %s %s %.*s\n",
--              current->pid, current->comm, print_tainted(),
-+      printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n",
-+              current->pid, current->comm, current->xid, print_tainted(),
-               init_utsname()->release,
-               (int)strcspn(init_utsname()->version, " "),
-               init_utsname()->version);
+ # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
+ # define CAP_FULL_SET     ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})