[gentoo-commits] proj/linux-patches:4.5 commit in: / - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/linux-patches:4.5 commit in: /
Date:	Sun, 27 Mar 2016 19:35:33
Message-Id:	`1459107729.86d8d1264cf8a1f897ca565d2b5b08c375f67f01.blueness@gentoo`

1

commit:     86d8d1264cf8a1f897ca565d2b5b08c375f67f01

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Sun Mar 27 19:42:09 2016 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Sun Mar 27 19:42:09 2016 +0000

6

URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=86d8d126

7

8

Forward port 1500_XATTR_USER_PREFIX.patch to 4.5 kernels

9

10

 0000_README                  |  4 ++++

11

 1500_XATTR_USER_PREFIX.patch | 54 ++++++++++++++++++++++++++++++++++++++++++++

12

 2 files changed, 58 insertions(+)

13

14

diff --git a/0000_README b/0000_README

15

index 1eb82e8..8e70e78 100644

16

--- a/0000_README

17

+++ b/0000_README

18

@@ -43,6 +43,10 @@ EXPERIMENTAL

19

 Individual Patch Descriptions:

20

 --------------------------------------------------------------------------

21

22

+Patch:  1500_XATTR_USER_PREFIX.patch

23

+From:   https://bugs.gentoo.org/show_bug.cgi?id=470644

24

+Desc:   Support for namespace user.pax.* on tmpfs.

25

+

26

 Patch:  1510_fs-enable-link-security-restrictions-by-default.patch

27

 From:   http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/

28

 Desc:   Enable link security restrictions by default.

29

30

diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch

31

new file mode 100644

32

index 0000000..cc15cd5

33

--- /dev/null

34

+++ b/1500_XATTR_USER_PREFIX.patch

35

@@ -0,0 +1,54 @@

36

+From: Anthony G. Basile <blueness@g.o>

37

+

38

+This patch adds support for a restricted user-controlled namespace on

39

+tmpfs filesystem used to house PaX flags.  The namespace must be of the

40

+form user.pax.* and its value cannot exceed a size of 8 bytes.

41

+

42

+This is needed even on all Gentoo systems so that XATTR_PAX flags

43

+are preserved for users who might build packages using portage on

44

+a tmpfs system with a non-hardened kernel and then switch to a

45

+hardened kernel with XATTR_PAX enabled.

46

+

47

+The namespace is added to any user with Extended Attribute support

48

+enabled for tmpfs.  Users who do not enable xattrs will not have

49

+the XATTR_PAX flags preserved.

50

+

51

+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h

52

+index e4629b9..6958086 100644

53

+--- a/include/uapi/linux/xattr.h

54

++++ b/include/uapi/linux/xattr.h

55

+@@ -63,5 +63,9 @@

56

+ #define XATTR_POSIX_ACL_DEFAULT  "posix_acl_default"

57

+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT

58

+

59

++/* User namespace */

60

++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."

61

++#define XATTR_PAX_FLAGS_SUFFIX "flags"

62

++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX

63

+

64

+ #endif /* _UAPI_LINUX_XATTR_H */

65

+diff --git a/mm/shmem.c b/mm/shmem.c

66

+index 1c44af7..f23bb1b 100644

67

+--- a/mm/shmem.c

68

++++ b/mm/shmem.c

69

+@@ -2201,6 +2201,7 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {

70

+ static int shmem_xattr_validate(const char *name)

71

+ {

72

+ 	struct { const char *prefix; size_t len; } arr[] = {

73

++		{ XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN},

74

+ 		{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },

75

+ 		{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }

76

+ 	};

77

+@@ -2256,6 +2257,12 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,

78

+ 	if (err)

79

+ 		return err;

80

+

81

++	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {

82

++		if (strcmp(name, XATTR_NAME_PAX_FLAGS))

83

++			return -EOPNOTSUPP;

84

++		if (size > 8)

85

++			return -EINVAL;

86

++	}

87

+ 	return simple_xattr_set(&info->xattrs, name, value, size, flags);

88

+ }

89

+

1	commit: 86d8d1264cf8a1f897ca565d2b5b08c375f67f01
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Sun Mar 27 19:42:09 2016 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Sun Mar 27 19:42:09 2016 +0000
6	URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=86d8d126
7
8	Forward port 1500_XATTR_USER_PREFIX.patch to 4.5 kernels
9
10	0000_README \| 4 ++++
11	1500_XATTR_USER_PREFIX.patch \| 54 ++++++++++++++++++++++++++++++++++++++++++++
12	2 files changed, 58 insertions(+)
13
14	diff --git a/0000_README b/0000_README
15	index 1eb82e8..8e70e78 100644
16	--- a/0000_README
17	+++ b/0000_README
18	@@ -43,6 +43,10 @@ EXPERIMENTAL
19	Individual Patch Descriptions:
20	--------------------------------------------------------------------------
21
22	+Patch: 1500_XATTR_USER_PREFIX.patch
23	+From: https://bugs.gentoo.org/show_bug.cgi?id=470644
24	+Desc: Support for namespace user.pax.* on tmpfs.
25	+
26	Patch: 1510_fs-enable-link-security-restrictions-by-default.patch
27	From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
28	Desc: Enable link security restrictions by default.
29
30	diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch
31	new file mode 100644
32	index 0000000..cc15cd5
33	--- /dev/null
34	+++ b/1500_XATTR_USER_PREFIX.patch
35	@@ -0,0 +1,54 @@
36	+From: Anthony G. Basile <blueness@g.o>
37	+
38	+This patch adds support for a restricted user-controlled namespace on
39	+tmpfs filesystem used to house PaX flags. The namespace must be of the
40	+form user.pax.* and its value cannot exceed a size of 8 bytes.
41	+
42	+This is needed even on all Gentoo systems so that XATTR_PAX flags
43	+are preserved for users who might build packages using portage on
44	+a tmpfs system with a non-hardened kernel and then switch to a
45	+hardened kernel with XATTR_PAX enabled.
46	+
47	+The namespace is added to any user with Extended Attribute support
48	+enabled for tmpfs. Users who do not enable xattrs will not have
49	+the XATTR_PAX flags preserved.
50	+
51	+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
52	+index e4629b9..6958086 100644
53	+--- a/include/uapi/linux/xattr.h
54	++++ b/include/uapi/linux/xattr.h
55	+@@ -63,5 +63,9 @@
56	+ #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
57	+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
58	+
59	++/* User namespace */
60	++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."
61	++#define XATTR_PAX_FLAGS_SUFFIX "flags"
62	++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
63	+
64	+ #endif /* _UAPI_LINUX_XATTR_H */
65	+diff --git a/mm/shmem.c b/mm/shmem.c
66	+index 1c44af7..f23bb1b 100644
67	+--- a/mm/shmem.c
68	++++ b/mm/shmem.c
69	+@@ -2201,6 +2201,7 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
70	+ static int shmem_xattr_validate(const char *name)
71	+ {
72	+ struct { const char *prefix; size_t len; } arr[] = {
73	++ { XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN},
74	+ { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
75	+ { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
76	+ };
77	+@@ -2256,6 +2257,12 @@ static int shmem_setxattr(struct dentry dentry, const char name,
78	+ if (err)
79	+ return err;
80	+
81	++ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
82	++ if (strcmp(name, XATTR_NAME_PAX_FLAGS))
83	++ return -EOPNOTSUPP;
84	++ if (size > 8)
85	++ return -EINVAL;
86	++ }
87	+ return simple_xattr_set(&info->xattrs, name, value, size, flags);
88	+ }
89	+

Gentoo Archives: gentoo-commits