rpms/kernel/F-10 make-mmap_min_addr-suck-less.patch, 1.1.2.2, 1.1.2.3
Kyle McMartin
kyle at fedoraproject.org
Wed Aug 19 03:16:13 UTC 2009
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1196
Modified Files:
Tag: private-fedora-10-2_6_27
make-mmap_min_addr-suck-less.patch
Log Message:
oops, cap_capable doesn't take creds in 2.6.27
make-mmap_min_addr-suck-less.patch:
include/linux/mm.h | 15 --------------
include/linux/security.h | 24 ++++++++++++++++++++---
kernel/sysctl.c | 7 +++---
mm/Kconfig | 6 ++---
mm/mmap.c | 3 --
security/Kconfig | 16 +++++++++++++++
security/Makefile | 2 -
security/capability.c | 9 --------
security/commoncap.c | 28 ++++++++++++++++++++++++++
security/min_addr.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++
security/selinux/hooks.c | 14 ++++++++++++-
11 files changed, 135 insertions(+), 38 deletions(-)
Index: make-mmap_min_addr-suck-less.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/make-mmap_min_addr-suck-less.patch,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -p -r1.1.2.2 -r1.1.2.3
--- make-mmap_min_addr-suck-less.patch 19 Aug 2009 02:33:58 -0000 1.1.2.2
+++ make-mmap_min_addr-suck-less.patch 19 Aug 2009 03:16:13 -0000 1.1.2.3
@@ -71,6 +71,7 @@ Date: Fri Jul 31 12:53:58 2009 -0400
Signed-off-by: James Morris <jmorris at namei.org>
(upstream 9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3)
+
diff --git a/include/linux/mm.h b/include/linux/mm.h
index eeb7e56..e13a1f8 100644
--- a/include/linux/mm.h
@@ -285,10 +286,10 @@ index 2458748..1010bed 100644
unsigned long prot)
{
diff --git a/security/commoncap.c b/security/commoncap.c
-index 378172b..c91ccfc 100644
+index 378172b..bf33ca9 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -710,3 +710,32 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
+@@ -710,3 +710,31 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
return __vm_enough_memory(mm, pages, cap_sys_admin);
}
@@ -313,8 +314,7 @@ index 378172b..c91ccfc 100644
+ int ret = 0;
+
+ if (addr < dac_mmap_min_addr) {
-+ ret = cap_capable(current, current_cred(), CAP_SYS_RAWIO,
-+ SECURITY_CAP_AUDIT);
++ ret = cap_capable(current, CAP_SYS_RAWIO);
+ /* set PF_SUPERPRIV if it turns out we allow the low mmap */
+ if (ret == 0)
+ current->flags |= PF_SUPERPRIV;
More information about the fedora-extras-commits
mailing list