Djam/kernel-5.15
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-5.15.git synced 2025-02-23 18:42:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
kernel-5.15/0004-altha-use-path-strings-instead-of-path-structs.patch

102 lines
3.5 KiB
Diff
Raw Normal View History

Update from 5.4 to 5.10.1 - rediffed most of patches, renamed files to easify further rediffs by git format-patch - thanks to abf.io/kernels_stable for some patches for kernel 5.9 - using unofficial patch for AUFS for kernel 5.10, there may be issues with stability, try to avoid using AUFS (I would have dropped it, but MagOS wants it very much) - pulled updates of AltHa from http://git.altlinux.org/gears/k/kernel-image-un-def.git?p=kernel-image-un-def.git;a=history;f=security/altha;hb=HEAD - dropped patch adding sysctl to disable disk-based swap because it has not found any usage - bpf is now in the list of LSM modules (ability to write LSM modules as BPF programs), enable it, it is potentially useful and does not seem to be harmful - keeping kernel libc headers in older kernels for now - dropped building external virtualbox guest modules because they are now included into the mainline kernel - offed building VirtualBox host modules, I do not know how to keep these binary modules in sync with userspace part of VirtualBox, users can continue using dkms - offed building kernel-shredder because it is not buildable on kernel 5.10 - updated rtl8821ce and added a dependency from its "blacklist" subpackage here (see https://github.com/tomaspinho/rtl8821ce/commit/14b536f0) It is not clear if kernel 5.10 will receive an LTS support longer than 5.4 or not. Support until Dec, 2022 is declared right now at https://www.kernel.org/category/releases.html for 5.10 and until Dec, 2025 - for 5.4. TODO: update kernel configs TODO: solve problems with version of virtualbox host modules not matching version of the virtualbox package after virtualbox is updated but kernel is not rebuilt
2020-12-20 18:49:24 +03:00
From 5765b709411696cd58db43e6e006a36e5a207ee0 Mon Sep 17 00:00:00 2001
From: Kernel Bot <kernelbot@altlinux.org>
Date: Wed, 2 Sep 2020 15:19:59 +0300
Subject: [PATCH 4/4] altha: use path strings instead of path structs
Path strings continueto work even when target file was replaced.
---
security/altha/altha_lsm.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/security/altha/altha_lsm.c b/security/altha/altha_lsm.c
index 41f0fc7ac8e5..ccde83ebb26c 100644
--- a/security/altha/altha_lsm.c
+++ b/security/altha/altha_lsm.c
@@ -52,6 +52,8 @@ __setup("altha=", altha_enabled_setup);
struct altha_list_struct {
struct path path;
+ char * spath;
+ char * spath_p;
struct list_head list;
};
@@ -91,6 +93,7 @@ static int altha_list_handler(struct ctl_table *table, int write,
list_for_each_entry_safe(item, tmp, list_struct, list) {
list_del(&item->list);
path_put(&item->path);
+ kfree(item->spath_p);
kfree(item);
}
@@ -106,7 +109,9 @@ static int altha_list_handler(struct ctl_table *table, int write,
while ((p = strsep(&fluid, ":\n")) != NULL) {
if (strlen(p)) {
item = kmalloc(sizeof(*item), GFP_KERNEL);
- if (!item) {
+ if (item)
+ item->spath_p = kmalloc(PATH_MAX, GFP_KERNEL);
+ if (!item || !item->spath_p) {
pr_err
("AltHa: can't get memory processing sysctl\n");
kfree(copy_buffer);
@@ -118,6 +123,7 @@ static int altha_list_handler(struct ctl_table *table, int write,
("AltHa: error lookup '%s'\n", p);
kfree(item);
} else {
+ item->spath=d_path(&item->path,item->spath_p,PATH_MAX);
list_add_tail(&item->list, list_struct);
}
}
@@ -216,16 +222,6 @@ struct altha_readdir_callback {
int found;
};
-int compare_paths(const struct path *path1, const struct path *path2)
-{
- char a1[PATH_MAX];
- char a2[PATH_MAX];
- char* p1, *p2;
- p1=d_path(path1,a1,PATH_MAX);
- p2=d_path(path2,a2,PATH_MAX);
- return strcmp(p1,p2);
-}
-
int is_olock_dir(struct inode *inode)
{
struct altha_list_struct *node;
@@ -246,10 +242,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f
{
struct altha_list_struct *node;
/* when it's not a shebang issued script interpreter */
- if (rstrscript_enabled && bprm->filename == bprm->interp) {
+ if (rstrscript_enabled && bprm->executable == bprm->interpreter) {
+ char path_buffer[PATH_MAX];
+ char *path_p;
+ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX);
down_read(&interpreters_sem);
list_for_each_entry(node, &interpreters_list, list) {
- if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
+ if (strcmp(path_p, node->spath) == 0) {
uid_t cur_uid = from_kuid(bprm->cred->user_ns,
bprm->cred->uid);
pr_notice_ratelimited
@@ -263,10 +262,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f
}
if (unlikely(nosuid_enabled &&
!uid_eq(bprm->cred->uid, bprm->cred->euid))) {
+ char path_buffer[PATH_MAX];
+ char *path_p;
uid_t cur_uid = from_kuid(bprm->cred->user_ns, bprm->cred->uid);
+ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX);
down_read(&nosuid_exceptions_sem);
list_for_each_entry(node, &nosuid_exceptions_list, list) {
- if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
+ if (strcmp(path_p, node->spath) == 0) {
pr_notice_ratelimited
("AltHa/NoSUID: %s permitted to setuid from %d\n",
bprm->filename, cur_uid);
--
2.25.1
Reference in a new issue Copy permalink