Djam/kernel-5.15
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-5.15.git synced 2025-02-23 18:42:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
kernel-5.15/0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch
Mikhail Novosyolov 5488a28d4b Update from 5.4 to 5.10.1 
- rediffed most of patches, renamed files to easify further rediffs by git format-patch
- thanks to abf.io/kernels_stable for some patches for kernel 5.9
- using unofficial patch for AUFS for kernel 5.10, there may be issues with stability, try to avoid using AUFS (I would have dropped it, but MagOS wants it very much)
- pulled updates of AltHa from http://git.altlinux.org/gears/k/kernel-image-un-def.git?p=kernel-image-un-def.git;a=history;f=security/altha;hb=HEAD
- dropped patch adding sysctl to disable disk-based swap because it has not found any usage
- bpf is now in the list of LSM modules (ability to write LSM modules as BPF programs), enable it, it is potentially useful and does not seem to be harmful
- keeping kernel libc headers in older kernels for now
- dropped building external virtualbox guest modules because they are now included into the mainline kernel
- offed building VirtualBox host modules, I do not know how to keep these binary modules in sync with userspace part of VirtualBox, users can continue using dkms
- offed building kernel-shredder because it is not buildable on kernel 5.10
- updated rtl8821ce and added a dependency from its "blacklist" subpackage here (see https://github.com/tomaspinho/rtl8821ce/commit/14b536f0)

It is not clear if kernel 5.10 will receive an LTS support longer than 5.4 or not. Support until Dec, 2022 is declared right now at https://www.kernel.org/category/releases.html for 5.10 and until Dec, 2025 - for 5.4.

TODO: update kernel configs
TODO: solve problems with version of virtualbox host modules not matching version of the virtualbox package after virtualbox is updated but kernel is not rebuilt
2020-12-21 21:09:17 +03:00

68 lines
2.4 KiB
Diff
Raw Blame History

From d89442861500242809d99c9e178b0ed1dd741b28 Mon Sep 17 00:00:00 2001
From: Kernel Bot <kernelbot@altlinux.org>
Date: Mon, 24 Aug 2020 17:16:53 +0300
Subject: [PATCH 3/4] security/altha/altha_lsm.c: build fixed with kernel 5.8
---
security/altha/altha_lsm.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/security/altha/altha_lsm.c b/security/altha/altha_lsm.c
index 7d1cc8f8a1a7..41f0fc7ac8e5 100644
--- a/security/altha/altha_lsm.c
+++ b/security/altha/altha_lsm.c
@@ -216,6 +216,15 @@ struct altha_readdir_callback {
int found;
};
+int compare_paths(const struct path *path1, const struct path *path2)
+{
+ char a1[PATH_MAX];
+ char a2[PATH_MAX];
+ char* p1, *p2;
+ p1=d_path(path1,a1,PATH_MAX);
+ p2=d_path(path2,a2,PATH_MAX);
+ return strcmp(p1,p2);
+}
int is_olock_dir(struct inode *inode)
{
@@ -233,14 +242,14 @@ int is_olock_dir(struct inode *inode)
}
/* Hooks */
-static int altha_bprm_set_creds(struct linux_binprm *bprm)
+static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * fi)
{
struct altha_list_struct *node;
/* when it's not a shebang issued script interpreter */
- if (rstrscript_enabled && !bprm->called_set_creds) {
+ if (rstrscript_enabled && bprm->filename == bprm->interp) {
down_read(&interpreters_sem);
list_for_each_entry(node, &interpreters_list, list) {
- if (path_equal(&bprm->file->f_path, &node->path)) {
+ if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
uid_t cur_uid = from_kuid(bprm->cred->user_ns,
bprm->cred->uid);
pr_notice_ratelimited
@@ -257,7 +266,7 @@ static int altha_bprm_set_creds(struct linux_binprm *bprm)
uid_t cur_uid = from_kuid(bprm->cred->user_ns, bprm->cred->uid);
down_read(&nosuid_exceptions_sem);
list_for_each_entry(node, &nosuid_exceptions_list, list) {
- if (path_equal(&bprm->file->f_path, &node->path)) {
+ if (compare_paths(&bprm->file->f_path, &node->path) == 0) {
pr_notice_ratelimited
("AltHa/NoSUID: %s permitted to setuid from %d\n",
bprm->filename, cur_uid);
@@ -291,7 +300,7 @@ static int altha_inode_unlink(struct inode *inode, struct dentry *dentry)
/* Initialization */
static struct security_hook_list altha_hooks[] = {
- LSM_HOOK_INIT(bprm_set_creds, altha_bprm_set_creds),
+ LSM_HOOK_INIT(bprm_creds_from_file, altha_bprm_creds_from_file),
LSM_HOOK_INIT(inode_unlink, altha_inode_unlink),
};
--
2.25.1
Reference in a new issue View git blame Copy permalink