rpms/kernel/F-10 make-mmap_min_addr-suck-less.patch, 1.1.2.2, 1.1.2.3

Kyle McMartin kyle at fedoraproject.org
Wed Aug 19 03:16:13 UTC 2009 

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1196

Modified Files:
      Tag: private-fedora-10-2_6_27
	make-mmap_min_addr-suck-less.patch 
Log Message:
oops, cap_capable doesn't take creds in 2.6.27

make-mmap_min_addr-suck-less.patch:
 include/linux/mm.h       |   15 --------------
 include/linux/security.h |   24 ++++++++++++++++++++---
 kernel/sysctl.c          |    7 +++---
 mm/Kconfig               |    6 ++---
 mm/mmap.c                |    3 --
 security/Kconfig         |   16 +++++++++++++++
 security/Makefile        |    2 -
 security/capability.c    |    9 --------
 security/commoncap.c     |   28 ++++++++++++++++++++++++++
 security/min_addr.c      |   49 +++++++++++++++++++++++++++++++++++++++++++++++
 security/selinux/hooks.c |   14 ++++++++++++-
 11 files changed, 135 insertions(+), 38 deletions(-)

Index: make-mmap_min_addr-suck-less.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/make-mmap_min_addr-suck-less.patch,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -p -r1.1.2.2 -r1.1.2.3
--- make-mmap_min_addr-suck-less.patch	19 Aug 2009 02:33:58 -0000	1.1.2.2
+++ make-mmap_min_addr-suck-less.patch	19 Aug 2009 03:16:13 -0000	1.1.2.3
@@ -71,6 +71,7 @@ Date:   Fri Jul 31 12:53:58 2009 -0400
     Signed-off-by: James Morris <jmorris at namei.org>
     (upstream 9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3)
 
+
 diff --git a/include/linux/mm.h b/include/linux/mm.h
 index eeb7e56..e13a1f8 100644
 --- a/include/linux/mm.h
@@ -285,10 +286,10 @@ index 2458748..1010bed 100644
  			     unsigned long prot)
  {
 diff --git a/security/commoncap.c b/security/commoncap.c
-index 378172b..c91ccfc 100644
+index 378172b..bf33ca9 100644
 --- a/security/commoncap.c
 +++ b/security/commoncap.c
-@@ -710,3 +710,32 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
+@@ -710,3 +710,31 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
  	return __vm_enough_memory(mm, pages, cap_sys_admin);
  }
  
@@ -313,8 +314,7 @@ index 378172b..c91ccfc 100644
 +	int ret = 0;
 +
 +	if (addr < dac_mmap_min_addr) {
-+		ret = cap_capable(current, current_cred(), CAP_SYS_RAWIO,
-+				  SECURITY_CAP_AUDIT);
++		ret = cap_capable(current, CAP_SYS_RAWIO);
 +		/* set PF_SUPERPRIV if it turns out we allow the low mmap */
 +		if (ret == 0)
 +			current->flags |= PF_SUPERPRIV;

More information about the fedora-extras-commits mailing list