Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.2}-2013051420130514

author: Anthony G. Basile <blueness@gentoo.org> 2013-05-15 18:14:20 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2013-05-15 18:14:20 -0400
commit: 0b3c8d9300b701411981b6e943c001e90a2331ff (patch)
tree: 69a223bf88374bc776e8bdf0ef4a9ae4860035a6 /2.6.32
parent: Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.12}-201305082215 (diff)
download: hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.gz
hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.bz2
hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.zip
4 files changed, 118 insertions, 81 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index ec404fe..64c91d5 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch:	1059_linux-2.6.32.60.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch
+Patch:	4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
index 08033a1..f34ed36 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
@@ -76580,18 +76580,10 @@ index cb2849f..3718fb4 100644
  		if (entry->bitmap && entry->bytes > bytes + empty_size) {
  			ret = btrfs_bitmap_cluster(block_group, entry, cluster,
 diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index e03a836..d4e4e69 100644
+index e03a836..e786215 100644
 --- a/fs/btrfs/inode.c
 +++ b/fs/btrfs/inode.c
-@@ -17,6 +17,7 @@
-  */
- 
- #include <linux/kernel.h>
-+#include <linux/module.h>
- #include <linux/bio.h>
- #include <linux/buffer_head.h>
- #include <linux/file.h>
-@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations;
+@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations;
  static const struct address_space_operations btrfs_aops;
  static const struct address_space_operations btrfs_symlink_aops;
  static const struct file_operations btrfs_dir_file_operations;
@@ -76600,7 +76592,7 @@ index e03a836..d4e4e69 100644
  
  static struct kmem_cache *btrfs_inode_cachep;
  struct kmem_cache *btrfs_trans_handle_cachep;
-@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
+@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
  			 1, 0, NULL, GFP_NOFS);
  	while (start < end) {
  		async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS);
@@ -76608,7 +76600,7 @@ index e03a836..d4e4e69 100644
  		async_cow->inode = inode;
  		async_cow->root = root;
  		async_cow->locked_page = locked_page;
-@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
+@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
  	inline_size = btrfs_file_extent_inline_item_len(leaf,
  					btrfs_item_nr(leaf, path->slots[0]));
  	tmp = kmalloc(inline_size, GFP_NOFS);
@@ -76617,31 +76609,7 @@ index e03a836..d4e4e69 100644
  	ptr = btrfs_file_extent_inline_start(item);
  
  	read_extent_buffer(leaf, tmp, ptr, inline_size);
-@@ -5410,7 +5414,7 @@ fail:
- 	return -ENOMEM;
- }
- 
--static int btrfs_getattr(struct vfsmount *mnt,
-+int btrfs_getattr(struct vfsmount *mnt,
- 			 struct dentry *dentry, struct kstat *stat)
- {
- 	struct inode *inode = dentry->d_inode;
-@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
- 	return 0;
- }
- 
-+EXPORT_SYMBOL(btrfs_getattr);
-+
-+dev_t get_btrfs_dev_from_inode(struct inode *inode)
-+{
-+	return BTRFS_I(inode)->root->anon_super.s_dev;
-+}
-+EXPORT_SYMBOL(get_btrfs_dev_from_inode);
-+
- static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry,
- 			   struct inode *new_dir, struct dentry *new_dentry)
- {
-@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = {
+@@ -5972,7 +5975,7 @@ static const struct file_operations btrfs_dir_file_operations = {
  	.fsync		= btrfs_sync_file,
  };
  
@@ -86469,10 +86437,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..8d867c7
+index 0000000..6c8c298
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4201 @@
+@@ -0,0 +1,4203 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -86499,6 +86467,13 @@ index 0000000..8d867c7
 +#include <linux/fdtable.h>
 +#include <linux/percpu.h>
 +#include <linux/posix-timers.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +#include <asm/uaccess.h>
 +#include <asm/errno.h>
@@ -86573,19 +86548,14 @@ index 0000000..8d867c7
 +	return (gr_status & GR_READY);
 +}
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
@@ -92012,10 +91982,10 @@ index 0000000..70b2179
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..6bb1860
+index 0000000..f755034
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,284 @@
+@@ -0,0 +1,301 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -92034,6 +92004,13 @@ index 0000000..6bb1860
 +#include <linux/gracl.h>
 +#include <linux/grsecurity.h>
 +#include <linux/grinternal.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +static struct crash_uid *uid_set;
 +static unsigned short uid_used;
@@ -92044,6 +92021,16 @@ index 0000000..6bb1860
 +			      struct acl_role_label *role);
 +extern int gr_fake_force_sig(int sig, struct task_struct *t);
 +
++static inline dev_t __get_dev(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev;
++	else
++#endif
++		return dentry->d_sb->s_dev;
++}
++
 +int
 +gr_init_uidset(void)
 +{
@@ -92256,7 +92243,7 @@ index 0000000..6bb1860
 +
 +	read_lock(&gr_inode_lock);
 +	curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
-+				     filp->f_path.dentry->d_inode->i_sb->s_dev,
++				     __get_dev(filp->f_path.dentry),
 +				     current->role);
 +	read_unlock(&gr_inode_lock);
 +
@@ -92767,7 +92754,7 @@ index 0000000..bc7b363
 +}
 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
 new file mode 100644
-index 0000000..7a358f8
+index 0000000..61dafe0
 --- /dev/null
 +++ b/grsecurity/grsec_disabled.c
 @@ -0,0 +1,442 @@
@@ -93199,7 +93186,7 @@ index 0000000..7a358f8
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
 +{
-+	return dentry->d_inode->i_sb->s_dev;
++	return dentry->d_sb->s_dev;
 +}
 +
 +void gr_put_exec_file(struct task_struct *task)
@@ -105997,10 +105984,22 @@ index d656c27..21e452c 100644
  };
  
 diff --git a/kernel/perf_event.c b/kernel/perf_event.c
-index 37ebc14..9c121d9 100644
+index 37ebc14..4596080 100644
 --- a/kernel/perf_event.c
 +++ b/kernel/perf_event.c
-@@ -77,7 +77,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */
+@@ -52,7 +52,11 @@ static atomic_t nr_task_events __read_mostly;
+  *   1 - disallow cpu events for unpriv
+  *   2 - disallow kernel profiling for unpriv
+  */
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++int sysctl_perf_event_paranoid __read_mostly = 2;
++#else
+ int sysctl_perf_event_paranoid __read_mostly = 1;
++#endif
+ 
+ static inline bool perf_paranoid_tracepoint_raw(void)
+ {
+@@ -77,7 +81,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */
   */
  int sysctl_perf_event_sample_rate __read_mostly = 100000;
  
@@ -106009,7 +106008,7 @@ index 37ebc14..9c121d9 100644
  
  /*
   * Lock for (sysadmin-configurable) event reservations:
-@@ -1094,9 +1094,9 @@ static void __perf_event_sync_stat(struct perf_event *event,
+@@ -1094,9 +1098,9 @@ static void __perf_event_sync_stat(struct perf_event *event,
  	 * In order to keep per-task stats reliable we need to flip the event
  	 * values when we flip the contexts.
  	 */
@@ -106022,7 +106021,7 @@ index 37ebc14..9c121d9 100644
  
  	swap(event->total_time_enabled, next_event->total_time_enabled);
  	swap(event->total_time_running, next_event->total_time_running);
-@@ -1552,7 +1552,7 @@ static u64 perf_event_read(struct perf_event *event)
+@@ -1552,7 +1556,7 @@ static u64 perf_event_read(struct perf_event *event)
  		update_event_times(event);
  	}
  
@@ -106031,7 +106030,7 @@ index 37ebc14..9c121d9 100644
  }
  
  /*
-@@ -1790,11 +1790,11 @@ static int perf_event_read_group(struct perf_event *event,
+@@ -1790,11 +1794,11 @@ static int perf_event_read_group(struct perf_event *event,
  	values[n++] = 1 + leader->nr_siblings;
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = leader->total_time_enabled +
@@ -106045,7 +106044,7 @@ index 37ebc14..9c121d9 100644
  	}
  
  	size = n * sizeof(u64);
-@@ -1829,11 +1829,11 @@ static int perf_event_read_one(struct perf_event *event,
+@@ -1829,11 +1833,11 @@ static int perf_event_read_one(struct perf_event *event,
  	values[n++] = perf_event_read_value(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = event->total_time_enabled +
@@ -106059,7 +106058,7 @@ index 37ebc14..9c121d9 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -1903,7 +1903,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait)
+@@ -1903,7 +1907,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait)
  static void perf_event_reset(struct perf_event *event)
  {
  	(void)perf_event_read(event);
@@ -106068,7 +106067,7 @@ index 37ebc14..9c121d9 100644
  	perf_event_update_userpage(event);
  }
  
-@@ -2079,15 +2079,15 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -2079,15 +2083,15 @@ void perf_event_update_userpage(struct perf_event *event)
  	++userpg->lock;
  	barrier();
  	userpg->index = perf_event_index(event);
@@ -106088,7 +106087,7 @@ index 37ebc14..9c121d9 100644
  
  	barrier();
  	++userpg->lock;
-@@ -2903,14 +2903,14 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -2903,14 +2907,14 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	u64 values[4];
  	int n = 0;
  
@@ -106106,7 +106105,7 @@ index 37ebc14..9c121d9 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -2940,7 +2940,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
+@@ -2940,7 +2944,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
  	if (leader != event)
  		leader->pmu->read(leader);
  
@@ -106115,7 +106114,7 @@ index 37ebc14..9c121d9 100644
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(leader);
  
-@@ -2952,7 +2952,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
+@@ -2952,7 +2956,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
  		if (sub != event)
  			sub->pmu->read(sub);
  
@@ -106124,7 +106123,7 @@ index 37ebc14..9c121d9 100644
  		if (read_format & PERF_FORMAT_ID)
  			values[n++] = primary_event_id(sub);
  
-@@ -3525,12 +3525,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -3525,12 +3529,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
  		 * need to add enough zero bytes after the string to handle
  		 * the 64bit alignment we do later.
  		 */
@@ -106139,7 +106138,7 @@ index 37ebc14..9c121d9 100644
  		if (IS_ERR(name)) {
  			name = strncpy(tmp, "//toolong", sizeof(tmp));
  			goto got_name;
-@@ -3783,7 +3783,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr,
+@@ -3783,7 +3787,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr,
  {
  	struct hw_perf_event *hwc = &event->hw;
  
@@ -106148,7 +106147,7 @@ index 37ebc14..9c121d9 100644
  
  	if (!hwc->sample_period)
  		return;
-@@ -4040,9 +4040,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event)
+@@ -4040,9 +4044,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event)
  	u64 now;
  
  	now = cpu_clock(cpu);
@@ -106161,7 +106160,7 @@ index 37ebc14..9c121d9 100644
  }
  
  static int cpu_clock_perf_event_enable(struct perf_event *event)
-@@ -4050,7 +4050,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event)
+@@ -4050,7 +4054,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event)
  	struct hw_perf_event *hwc = &event->hw;
  	int cpu = raw_smp_processor_id();
  
@@ -106170,7 +106169,7 @@ index 37ebc14..9c121d9 100644
  	perf_swevent_start_hrtimer(event);
  
  	return 0;
-@@ -4082,9 +4082,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now)
+@@ -4082,9 +4086,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now)
  	u64 prev;
  	s64 delta;
  
@@ -106182,7 +106181,7 @@ index 37ebc14..9c121d9 100644
  }
  
  static int task_clock_perf_event_enable(struct perf_event *event)
-@@ -4094,7 +4094,7 @@ static int task_clock_perf_event_enable(struct perf_event *event)
+@@ -4094,7 +4098,7 @@ static int task_clock_perf_event_enable(struct perf_event *event)
  
  	now = event->ctx->time;
  
@@ -106191,7 +106190,7 @@ index 37ebc14..9c121d9 100644
  
  	perf_swevent_start_hrtimer(event);
  
-@@ -4289,7 +4289,7 @@ perf_event_alloc(struct perf_event_attr *attr,
+@@ -4289,7 +4293,7 @@ perf_event_alloc(struct perf_event_attr *attr,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(current->nsproxy->pid_ns);
@@ -106200,7 +106199,7 @@ index 37ebc14..9c121d9 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -4720,15 +4720,15 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -4720,15 +4724,15 @@ static void sync_child_event(struct perf_event *child_event,
  	if (child_event->attr.inherit_stat)
  		perf_event_read_event(child_event, child);
  
@@ -118996,7 +118995,7 @@ index 524ba56..8f2f836 100644
  	if (!res)
  		eth_started = 1;
 diff --git a/net/tipc/link.c b/net/tipc/link.c
-index dd4c18b..f40d38d 100644
+index dd4c18b..356b07d 100644
 --- a/net/tipc/link.c
 +++ b/net/tipc/link.c
 @@ -1418,7 +1418,7 @@ again:
@@ -119017,6 +119016,44 @@ index dd4c18b..f40d38d 100644
  		sect_crs += sz;
  		sect_rest -= sz;
  		fragm_crs += sz;
+@@ -2551,12 +2551,13 @@ static int link_recv_changeover_msg(struct link **l_ptr,
+ 	struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf);
+ 	u32 msg_typ = msg_type(tunnel_msg);
+ 	u32 msg_count = msg_msgcnt(tunnel_msg);
++	u32 bearer_id = msg_bearer_id(tunnel_msg);
+ 
+-	dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)];
+-	if (!dest_link) {
+-		msg_dbg(tunnel_msg, "NOLINK/<REC<");
++	if (bearer_id >= MAX_BEARERS)
++		goto exit;
++	dest_link = (*l_ptr)->owner->links[bearer_id];
++	if (!dest_link)
+ 		goto exit;
+-	}
+ 	if (dest_link == *l_ptr) {
+ 		err("Unexpected changeover message on link <%s>\n",
+ 		    (*l_ptr)->name);
+@@ -2798,15 +2799,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
+ 		struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
+ 		u32 msg_sz = msg_size(imsg);
+ 		u32 fragm_sz = msg_data_sz(fragm);
+-		u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
++		u32 exp_fragm_cnt;
+ 		u32 max =  TIPC_MAX_USER_MSG_SIZE + LONG_H_SIZE;
++
+ 		if (msg_type(imsg) == TIPC_MCAST_MSG)
+ 			max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
+-		if (msg_size(imsg) > max) {
+-			msg_dbg(fragm,"<REC<Oversized: ");
++		if (fragm_sz == 0 || msg_size(imsg) > max) {
+ 			buf_discard(fbuf);
+ 			return 0;
+ 		}
++		exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz);
+ 		pbuf = buf_acquire(msg_size(imsg));
+ 		if (pbuf != NULL) {
+ 			pbuf->next = *pending;
 diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
 index 0747d8a..e8bf3f3 100644
 --- a/net/tipc/subscr.c
diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
index dbd4565..87aa8e4 100644
--- a/2.6.32/4450_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -560,7 +560,7 @@
+@@ -570,7 +570,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -780,7 +780,7 @@
+@@ -790,7 +790,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -789,7 +789,7 @@
+@@ -799,7 +799,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -882,7 +882,7 @@
+@@ -892,7 +892,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -903,7 +903,7 @@
+@@ -913,7 +913,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -921,7 +921,7 @@
+@@ -931,7 +931,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
index 6273202..19027c3 100644
--- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 18:47:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 18:51:15.000000000 -0400
-@@ -980,6 +980,27 @@
+@@ -990,6 +990,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
author	Anthony G. Basile <blueness@gentoo.org>	2013-05-15 18:14:20 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2013-05-15 18:14:20 -0400
commit	0b3c8d9300b701411981b6e943c001e90a2331ff (patch)
tree	69a223bf88374bc776e8bdf0ef4a9ae4860035a6 /2.6.32
parent	Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.12}-201305082215 (diff)
download	hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.gz hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.bz2 hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.zip