- updated for 2.6.25.4

author zbyniu <zbyniu@pld-linux.org>

Mon, 19 May 2008 10:13:02 +0000 (10:13 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author zbyniu <zbyniu@pld-linux.org>
Mon, 19 May 2008 10:13:02 +0000 (10:13 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/kernel-grsec-caps.patch b/kernel-grsec-caps.patch

index 1aa28767713c1487830a782c5f390adec52da758..e768ece8ff6b0055e888259766b71aff3e0d5dec 100644 (file)
--- a/kernel-grsec-caps.patch
+++ b/kernel-grsec-caps.patch
@@ -1,11 +1,11 @@
---- linux-2.6.22/grsecurity/gracl_cap.c~       2007-08-09 22:52:32.000000000 +0200
-+++ linux-2.6.22/grsecurity/gracl_cap.c        2007-08-09 23:04:23.465906250 +0200
-@@ -37,7 +37,8 @@ static const char *captab_log[] = {
-       "CAP_MKNOD",
-       "CAP_LEASE",
-       "CAP_AUDIT_WRITE",
--      "CAP_AUDIT_CONTROL"
-+      "CAP_AUDIT_CONTROL",
+--- e/grsecurity/gracl_cap.c~  2008-05-18 23:53:55.000000000 +0200
++++ e/grsecurity/gracl_cap.c   2008-05-18 23:55:05.591733291 +0200
+@@ -39,7 +39,8 @@ static const char *captab_log[] = {
+       "CAP_AUDIT_CONTROL",
+       "CAP_SETFCAP",
+       "CAP_MAC_OVERRIDE",
+-      "CAP_MAC_ADMIN"
++      "CAP_MAC_ADMIN",
  +      "CAP_CONTEXT"
   };
   
diff --git a/kernel-grsec-common.patch b/kernel-grsec-common.patch

index c8faf79cd8bbca6698943f13514a3e5a97774e9b..72792d13ff8b4e7443b361b0fbe06aeb06c586ea 100644 (file)
--- a/kernel-grsec-common.patch
+++ b/kernel-grsec-common.patch
@@ -62,8 +62,8 @@
   
   int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
   {
--      cap_t(NETLINK_CB(skb).eff_cap) = gr_cap_rtnetlink(sk);
-+      cap_t(NETLINK_CB(skb).eff_cap) = gr_cap_rtnetlink(sk) & vx_mbcap(cap_effective);
+-      NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
++      NETLINK_CB(skb).eff_cap = cap_intersect(gr_cap_rtnetlink(sk), vx_mbcaps(current->cap_effective));
         return 0;
   }
   
diff --git a/linux-2.6-grsec-caps.patch b/linux-2.6-grsec-caps.patch

index 1aa28767713c1487830a782c5f390adec52da758..e768ece8ff6b0055e888259766b71aff3e0d5dec 100644 (file)
--- a/linux-2.6-grsec-caps.patch
+++ b/linux-2.6-grsec-caps.patch
@@ -1,11 +1,11 @@
---- linux-2.6.22/grsecurity/gracl_cap.c~       2007-08-09 22:52:32.000000000 +0200
-+++ linux-2.6.22/grsecurity/gracl_cap.c        2007-08-09 23:04:23.465906250 +0200
-@@ -37,7 +37,8 @@ static const char *captab_log[] = {
-       "CAP_MKNOD",
-       "CAP_LEASE",
-       "CAP_AUDIT_WRITE",
--      "CAP_AUDIT_CONTROL"
-+      "CAP_AUDIT_CONTROL",
+--- e/grsecurity/gracl_cap.c~  2008-05-18 23:53:55.000000000 +0200
++++ e/grsecurity/gracl_cap.c   2008-05-18 23:55:05.591733291 +0200
+@@ -39,7 +39,8 @@ static const char *captab_log[] = {
+       "CAP_AUDIT_CONTROL",
+       "CAP_SETFCAP",
+       "CAP_MAC_OVERRIDE",
+-      "CAP_MAC_ADMIN"
++      "CAP_MAC_ADMIN",
  +      "CAP_CONTEXT"
   };
   
diff --git a/linux-2.6-grsec-common.patch b/linux-2.6-grsec-common.patch

index c8faf79cd8bbca6698943f13514a3e5a97774e9b..72792d13ff8b4e7443b361b0fbe06aeb06c586ea 100644 (file)
--- a/linux-2.6-grsec-common.patch
+++ b/linux-2.6-grsec-common.patch
@@ -62,8 +62,8 @@
   
   int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
   {
--      cap_t(NETLINK_CB(skb).eff_cap) = gr_cap_rtnetlink(sk);
-+      cap_t(NETLINK_CB(skb).eff_cap) = gr_cap_rtnetlink(sk) & vx_mbcap(cap_effective);
+-      NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
++      NETLINK_CB(skb).eff_cap = cap_intersect(gr_cap_rtnetlink(sk), vx_mbcaps(current->cap_effective));
         return 0;
   }
author	zbyniu <zbyniu@pld-linux.org>
	Mon, 19 May 2008 10:13:02 +0000 (10:13 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
kernel-grsec-caps.patch		patch \| blob \| blame \| history
kernel-grsec-common.patch		patch \| blob \| blame \| history
linux-2.6-grsec-caps.patch		patch \| blob \| blame \| history
linux-2.6-grsec-common.patch		patch \| blob \| blame \| history