rpms/kernel/F-11 kernel.spec, 1.1695, 1.1696 linux-2.6-selinux-mprotect-checks.patch, 1.8, 1.9 linux-2.6-sparc-selinux-mprotect-checks.patch, 1.2, NONE

Kyle McMartin kyle at fedoraproject.org
Mon Aug 10 19:53:18 UTC 2009 

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1931

Modified Files:
	kernel.spec linux-2.6-selinux-mprotect-checks.patch 
Removed Files:
	linux-2.6-sparc-selinux-mprotect-checks.patch 
Log Message:
fix up selinux-mprotect-checks patch


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1695
retrieving revision 1.1696
diff -u -p -r1.1695 -r1.1696
--- kernel.spec	10 Aug 2009 19:46:36 -0000	1.1695
+++ kernel.spec	10 Aug 2009 19:53:18 -0000	1.1696
@@ -1228,9 +1228,8 @@ ApplyPatch linux-2.6-silence-noise.patch
 ApplyPatch linux-2.6-silence-fbcon-logo.patch
 
 # Fix the SELinux mprotect checks on executable mappings
-#ApplyPatch linux-2.6-selinux-mprotect-checks.patch
-# Fix SELinux for sparc
-#ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+#  (but it's broken on sparc... sigh)
+ApplyPatch linux-2.6-selinux-mprotect-checks.patch
 
 # Changes to upstream defaults.
 

linux-2.6-selinux-mprotect-checks.patch:
 hooks.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: linux-2.6-selinux-mprotect-checks.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/linux-2.6-selinux-mprotect-checks.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- linux-2.6-selinux-mprotect-checks.patch	29 Dec 2008 02:48:00 -0000	1.8
+++ linux-2.6-selinux-mprotect-checks.patch	10 Aug 2009 19:53:18 -0000	1.9
@@ -5,37 +5,25 @@ ie, Fedora has a new enough toolchain, a
 the ifdefs.  Other distros don't/haven't, and this patch would break them
 if pushed upstream.
 
---- linux-2.6.26.noarch/security/selinux/hooks.c~	2008-09-25 14:11:17.000000000 -0400
-+++ linux-2.6.26.noarch/security/selinux/hooks.c	2008-09-25 14:12:17.000000000 -0400
-@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index 2fcad7c..012c753 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2999,7 +2999,7 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
  	const struct cred *cred = current_cred();
  	int rc = 0;
  
 -#ifndef CONFIG_PPC32
++#ifndef CONFIG_SPARC
  	if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
  		/*
  		 * We are making executable an anonymous mapping or a
-@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi
- 		if (rc)
- 			goto error;
- 	}
--#endif
- 
- 	if (file) {
- 		/* read access is always possible with a mapping */
-@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct 
+@@ -3059,7 +3059,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
  	if (selinux_checkreqprot)
  		prot = reqprot;
  
 -#ifndef CONFIG_PPC32
++#ifndef CONFIG_SPARC
  	if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
- 		rc = 0;
+ 		int rc = 0;
  		if (vma->vm_start >= vma->vm_mm->start_brk &&
-@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct 
- 		if (rc)
- 			return rc;
- 	}
--#endif
- 
- 	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
- }


--- linux-2.6-sparc-selinux-mprotect-checks.patch DELETED ---

More information about the fedora-extras-commits mailing list