rpms/kernel/F-11 kernel.spec, 1.1695, 1.1696 linux-2.6-selinux-mprotect-checks.patch, 1.8, 1.9 linux-2.6-sparc-selinux-mprotect-checks.patch, 1.2, NONE
Kyle McMartin
kyle at fedoraproject.org
Mon Aug 10 19:53:18 UTC 2009
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1931
Modified Files:
kernel.spec linux-2.6-selinux-mprotect-checks.patch
Removed Files:
linux-2.6-sparc-selinux-mprotect-checks.patch
Log Message:
fix up selinux-mprotect-checks patch
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1695
retrieving revision 1.1696
diff -u -p -r1.1695 -r1.1696
--- kernel.spec 10 Aug 2009 19:46:36 -0000 1.1695
+++ kernel.spec 10 Aug 2009 19:53:18 -0000 1.1696
@@ -1228,9 +1228,8 @@ ApplyPatch linux-2.6-silence-noise.patch
ApplyPatch linux-2.6-silence-fbcon-logo.patch
# Fix the SELinux mprotect checks on executable mappings
-#ApplyPatch linux-2.6-selinux-mprotect-checks.patch
-# Fix SELinux for sparc
-#ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+# (but it's broken on sparc... sigh)
+ApplyPatch linux-2.6-selinux-mprotect-checks.patch
# Changes to upstream defaults.
linux-2.6-selinux-mprotect-checks.patch:
hooks.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6-selinux-mprotect-checks.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/linux-2.6-selinux-mprotect-checks.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- linux-2.6-selinux-mprotect-checks.patch 29 Dec 2008 02:48:00 -0000 1.8
+++ linux-2.6-selinux-mprotect-checks.patch 10 Aug 2009 19:53:18 -0000 1.9
@@ -5,37 +5,25 @@ ie, Fedora has a new enough toolchain, a
the ifdefs. Other distros don't/haven't, and this patch would break them
if pushed upstream.
---- linux-2.6.26.noarch/security/selinux/hooks.c~ 2008-09-25 14:11:17.000000000 -0400
-+++ linux-2.6.26.noarch/security/selinux/hooks.c 2008-09-25 14:12:17.000000000 -0400
-@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index 2fcad7c..012c753 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2999,7 +2999,7 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
const struct cred *cred = current_cred();
int rc = 0;
-#ifndef CONFIG_PPC32
++#ifndef CONFIG_SPARC
if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
/*
* We are making executable an anonymous mapping or a
-@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi
- if (rc)
- goto error;
- }
--#endif
-
- if (file) {
- /* read access is always possible with a mapping */
-@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct
+@@ -3059,7 +3059,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
if (selinux_checkreqprot)
prot = reqprot;
-#ifndef CONFIG_PPC32
++#ifndef CONFIG_SPARC
if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
- rc = 0;
+ int rc = 0;
if (vma->vm_start >= vma->vm_mm->start_brk &&
-@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct
- if (rc)
- return rc;
- }
--#endif
-
- return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
- }
--- linux-2.6-sparc-selinux-mprotect-checks.patch DELETED ---
More information about the fedora-extras-commits
mailing list