mirror of
https://abf.rosa.ru/djam/kernel-5.15.git
synced 2025-02-23 18:42:55 +00:00
5488a28d4b
- rediffed most of patches, renamed files to easify further rediffs by git format-patch - thanks to abf.io/kernels_stable for some patches for kernel 5.9 - using unofficial patch for AUFS for kernel 5.10, there may be issues with stability, try to avoid using AUFS (I would have dropped it, but MagOS wants it very much) - pulled updates of AltHa from http://git.altlinux.org/gears/k/kernel-image-un-def.git?p=kernel-image-un-def.git;a=history;f=security/altha;hb=HEAD - dropped patch adding sysctl to disable disk-based swap because it has not found any usage - bpf is now in the list of LSM modules (ability to write LSM modules as BPF programs), enable it, it is potentially useful and does not seem to be harmful - keeping kernel libc headers in older kernels for now - dropped building external virtualbox guest modules because they are now included into the mainline kernel - offed building VirtualBox host modules, I do not know how to keep these binary modules in sync with userspace part of VirtualBox, users can continue using dkms - offed building kernel-shredder because it is not buildable on kernel 5.10 - updated rtl8821ce and added a dependency from its "blacklist" subpackage here (see https://github.com/tomaspinho/rtl8821ce/commit/14b536f0) It is not clear if kernel 5.10 will receive an LTS support longer than 5.4 or not. Support until Dec, 2022 is declared right now at https://www.kernel.org/category/releases.html for 5.10 and until Dec, 2025 - for 5.4. TODO: update kernel configs TODO: solve problems with version of virtualbox host modules not matching version of the virtualbox package after virtualbox is updated but kernel is not rebuilt
101 lines
3.5 KiB
Diff
101 lines
3.5 KiB
Diff
From 5765b709411696cd58db43e6e006a36e5a207ee0 Mon Sep 17 00:00:00 2001
|
|
From: Kernel Bot <kernelbot@altlinux.org>
|
|
Date: Wed, 2 Sep 2020 15:19:59 +0300
|
|
Subject: [PATCH 4/4] altha: use path strings instead of path structs
|
|
|
|
Path strings continueto work even when target file was replaced.
|
|
---
|
|
security/altha/altha_lsm.c | 30 ++++++++++++++++--------------
|
|
1 file changed, 16 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/security/altha/altha_lsm.c b/security/altha/altha_lsm.c
|
|
index 41f0fc7ac8e5..ccde83ebb26c 100644
|
|
--- a/security/altha/altha_lsm.c
|
|
+++ b/security/altha/altha_lsm.c
|
|
@@ -52,6 +52,8 @@ __setup("altha=", altha_enabled_setup);
|
|
|
|
struct altha_list_struct {
|
|
struct path path;
|
|
+ char * spath;
|
|
+ char * spath_p;
|
|
struct list_head list;
|
|
};
|
|
|
|
@@ -91,6 +93,7 @@ static int altha_list_handler(struct ctl_table *table, int write,
|
|
list_for_each_entry_safe(item, tmp, list_struct, list) {
|
|
list_del(&item->list);
|
|
path_put(&item->path);
|
|
+ kfree(item->spath_p);
|
|
kfree(item);
|
|
}
|
|
|
|
@@ -106,7 +109,9 @@ static int altha_list_handler(struct ctl_table *table, int write,
|
|
while ((p = strsep(&fluid, ":\n")) != NULL) {
|
|
if (strlen(p)) {
|
|
item = kmalloc(sizeof(*item), GFP_KERNEL);
|
|
- if (!item) {
|
|
+ if (item)
|
|
+ item->spath_p = kmalloc(PATH_MAX, GFP_KERNEL);
|
|
+ if (!item || !item->spath_p) {
|
|
pr_err
|
|
("AltHa: can't get memory processing sysctl\n");
|
|
kfree(copy_buffer);
|
|
@@ -118,6 +123,7 @@ static int altha_list_handler(struct ctl_table *table, int write,
|
|
("AltHa: error lookup '%s'\n", p);
|
|
kfree(item);
|
|
} else {
|
|
+ item->spath=d_path(&item->path,item->spath_p,PATH_MAX);
|
|
list_add_tail(&item->list, list_struct);
|
|
}
|
|
}
|
|
@@ -216,16 +222,6 @@ struct altha_readdir_callback {
|
|
int found;
|
|
};
|
|
|
|
-int compare_paths(const struct path *path1, const struct path *path2)
|
|
-{
|
|
- char a1[PATH_MAX];
|
|
- char a2[PATH_MAX];
|
|
- char* p1, *p2;
|
|
- p1=d_path(path1,a1,PATH_MAX);
|
|
- p2=d_path(path2,a2,PATH_MAX);
|
|
- return strcmp(p1,p2);
|
|
-}
|
|
-
|
|
int is_olock_dir(struct inode *inode)
|
|
{
|
|
struct altha_list_struct *node;
|
|
@@ -246,10 +242,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f
|
|
{
|
|
struct altha_list_struct *node;
|
|
/* when it's not a shebang issued script interpreter */
|
|
- if (rstrscript_enabled && bprm->filename == bprm->interp) {
|
|
+ if (rstrscript_enabled && bprm->executable == bprm->interpreter) {
|
|
+ char path_buffer[PATH_MAX];
|
|
+ char *path_p;
|
|
+ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX);
|
|
down_read(&interpreters_sem);
|
|
list_for_each_entry(node, &interpreters_list, list) {
|
|
- if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
|
|
+ if (strcmp(path_p, node->spath) == 0) {
|
|
uid_t cur_uid = from_kuid(bprm->cred->user_ns,
|
|
bprm->cred->uid);
|
|
pr_notice_ratelimited
|
|
@@ -263,10 +262,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f
|
|
}
|
|
if (unlikely(nosuid_enabled &&
|
|
!uid_eq(bprm->cred->uid, bprm->cred->euid))) {
|
|
+ char path_buffer[PATH_MAX];
|
|
+ char *path_p;
|
|
uid_t cur_uid = from_kuid(bprm->cred->user_ns, bprm->cred->uid);
|
|
+ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX);
|
|
down_read(&nosuid_exceptions_sem);
|
|
list_for_each_entry(node, &nosuid_exceptions_list, list) {
|
|
- if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
|
|
+ if (strcmp(path_p, node->spath) == 0) {
|
|
pr_notice_ratelimited
|
|
("AltHa/NoSUID: %s permitted to setuid from %d\n",
|
|
bprm->filename, cur_uid);
|
|
--
|
|
2.25.1
|
|
|