diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-05-15 18:14:20 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-05-15 18:14:20 -0400 |
commit | 0b3c8d9300b701411981b6e943c001e90a2331ff (patch) | |
tree | 69a223bf88374bc776e8bdf0ef4a9ae4860035a6 /2.6.32 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.12}-201305082215 (diff) | |
download | hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.gz hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.bz2 hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.zip |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.2}-2013051420130514
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch) | 183 | ||||
-rw-r--r-- | 2.6.32/4450_grsec-kconfig-default-gids.patch | 12 | ||||
-rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 |
4 files changed, 118 insertions, 81 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index ec404fe..64c91d5 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch index 08033a1..f34ed36 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch @@ -76580,18 +76580,10 @@ index cb2849f..3718fb4 100644 if (entry->bitmap && entry->bytes > bytes + empty_size) { ret = btrfs_bitmap_cluster(block_group, entry, cluster, diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index e03a836..d4e4e69 100644 +index e03a836..e786215 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -17,6 +17,7 @@ - */ - - #include <linux/kernel.h> -+#include <linux/module.h> - #include <linux/bio.h> - #include <linux/buffer_head.h> - #include <linux/file.h> -@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations; +@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations; static const struct address_space_operations btrfs_aops; static const struct address_space_operations btrfs_symlink_aops; static const struct file_operations btrfs_dir_file_operations; @@ -76600,7 +76592,7 @@ index e03a836..d4e4e69 100644 static struct kmem_cache *btrfs_inode_cachep; struct kmem_cache *btrfs_trans_handle_cachep; -@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, +@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, 1, 0, NULL, GFP_NOFS); while (start < end) { async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS); @@ -76608,7 +76600,7 @@ index e03a836..d4e4e69 100644 async_cow->inode = inode; async_cow->root = root; async_cow->locked_page = locked_page; -@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, +@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, inline_size = btrfs_file_extent_inline_item_len(leaf, btrfs_item_nr(leaf, path->slots[0])); tmp = kmalloc(inline_size, GFP_NOFS); @@ -76617,31 +76609,7 @@ index e03a836..d4e4e69 100644 ptr = btrfs_file_extent_inline_start(item); read_extent_buffer(leaf, tmp, ptr, inline_size); -@@ -5410,7 +5414,7 @@ fail: - return -ENOMEM; - } - --static int btrfs_getattr(struct vfsmount *mnt, -+int btrfs_getattr(struct vfsmount *mnt, - struct dentry *dentry, struct kstat *stat) - { - struct inode *inode = dentry->d_inode; -@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt, - return 0; - } - -+EXPORT_SYMBOL(btrfs_getattr); -+ -+dev_t get_btrfs_dev_from_inode(struct inode *inode) -+{ -+ return BTRFS_I(inode)->root->anon_super.s_dev; -+} -+EXPORT_SYMBOL(get_btrfs_dev_from_inode); -+ - static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry) - { -@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = { +@@ -5972,7 +5975,7 @@ static const struct file_operations btrfs_dir_file_operations = { .fsync = btrfs_sync_file, }; @@ -86469,10 +86437,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..8d867c7 +index 0000000..6c8c298 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4201 @@ +@@ -0,0 +1,4203 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -86499,6 +86467,13 @@ index 0000000..8d867c7 +#include <linux/fdtable.h> +#include <linux/percpu.h> +#include <linux/posix-timers.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -86573,19 +86548,14 @@ index 0000000..8d867c7 + return (gr_status & GR_READY); +} + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) @@ -92012,10 +91982,10 @@ index 0000000..70b2179 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..6bb1860 +index 0000000..f755034 --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,284 @@ +@@ -0,0 +1,301 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -92034,6 +92004,13 @@ index 0000000..6bb1860 +#include <linux/gracl.h> +#include <linux/grsecurity.h> +#include <linux/grinternal.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +static struct crash_uid *uid_set; +static unsigned short uid_used; @@ -92044,6 +92021,16 @@ index 0000000..6bb1860 + struct acl_role_label *role); +extern int gr_fake_force_sig(int sig, struct task_struct *t); + ++static inline dev_t __get_dev(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev; ++ else ++#endif ++ return dentry->d_sb->s_dev; ++} ++ +int +gr_init_uidset(void) +{ @@ -92256,7 +92243,7 @@ index 0000000..6bb1860 + + read_lock(&gr_inode_lock); + curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino, -+ filp->f_path.dentry->d_inode->i_sb->s_dev, ++ __get_dev(filp->f_path.dentry), + current->role); + read_unlock(&gr_inode_lock); + @@ -92767,7 +92754,7 @@ index 0000000..bc7b363 +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..7a358f8 +index 0000000..61dafe0 --- /dev/null +++ b/grsecurity/grsec_disabled.c @@ -0,0 +1,442 @@ @@ -93199,7 +93186,7 @@ index 0000000..7a358f8 + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +void gr_put_exec_file(struct task_struct *task) @@ -105997,10 +105984,22 @@ index d656c27..21e452c 100644 }; diff --git a/kernel/perf_event.c b/kernel/perf_event.c -index 37ebc14..9c121d9 100644 +index 37ebc14..4596080 100644 --- a/kernel/perf_event.c +++ b/kernel/perf_event.c -@@ -77,7 +77,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */ +@@ -52,7 +52,11 @@ static atomic_t nr_task_events __read_mostly; + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv + */ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++int sysctl_perf_event_paranoid __read_mostly = 2; ++#else + int sysctl_perf_event_paranoid __read_mostly = 1; ++#endif + + static inline bool perf_paranoid_tracepoint_raw(void) + { +@@ -77,7 +81,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */ */ int sysctl_perf_event_sample_rate __read_mostly = 100000; @@ -106009,7 +106008,7 @@ index 37ebc14..9c121d9 100644 /* * Lock for (sysadmin-configurable) event reservations: -@@ -1094,9 +1094,9 @@ static void __perf_event_sync_stat(struct perf_event *event, +@@ -1094,9 +1098,9 @@ static void __perf_event_sync_stat(struct perf_event *event, * In order to keep per-task stats reliable we need to flip the event * values when we flip the contexts. */ @@ -106022,7 +106021,7 @@ index 37ebc14..9c121d9 100644 swap(event->total_time_enabled, next_event->total_time_enabled); swap(event->total_time_running, next_event->total_time_running); -@@ -1552,7 +1552,7 @@ static u64 perf_event_read(struct perf_event *event) +@@ -1552,7 +1556,7 @@ static u64 perf_event_read(struct perf_event *event) update_event_times(event); } @@ -106031,7 +106030,7 @@ index 37ebc14..9c121d9 100644 } /* -@@ -1790,11 +1790,11 @@ static int perf_event_read_group(struct perf_event *event, +@@ -1790,11 +1794,11 @@ static int perf_event_read_group(struct perf_event *event, values[n++] = 1 + leader->nr_siblings; if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = leader->total_time_enabled + @@ -106045,7 +106044,7 @@ index 37ebc14..9c121d9 100644 } size = n * sizeof(u64); -@@ -1829,11 +1829,11 @@ static int perf_event_read_one(struct perf_event *event, +@@ -1829,11 +1833,11 @@ static int perf_event_read_one(struct perf_event *event, values[n++] = perf_event_read_value(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = event->total_time_enabled + @@ -106059,7 +106058,7 @@ index 37ebc14..9c121d9 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -1903,7 +1903,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait) +@@ -1903,7 +1907,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait) static void perf_event_reset(struct perf_event *event) { (void)perf_event_read(event); @@ -106068,7 +106067,7 @@ index 37ebc14..9c121d9 100644 perf_event_update_userpage(event); } -@@ -2079,15 +2079,15 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -2079,15 +2083,15 @@ void perf_event_update_userpage(struct perf_event *event) ++userpg->lock; barrier(); userpg->index = perf_event_index(event); @@ -106088,7 +106087,7 @@ index 37ebc14..9c121d9 100644 barrier(); ++userpg->lock; -@@ -2903,14 +2903,14 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -2903,14 +2907,14 @@ static void perf_output_read_one(struct perf_output_handle *handle, u64 values[4]; int n = 0; @@ -106106,7 +106105,7 @@ index 37ebc14..9c121d9 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -2940,7 +2940,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, +@@ -2940,7 +2944,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, if (leader != event) leader->pmu->read(leader); @@ -106115,7 +106114,7 @@ index 37ebc14..9c121d9 100644 if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(leader); -@@ -2952,7 +2952,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, +@@ -2952,7 +2956,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, if (sub != event) sub->pmu->read(sub); @@ -106124,7 +106123,7 @@ index 37ebc14..9c121d9 100644 if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(sub); -@@ -3525,12 +3525,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -3525,12 +3529,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -106139,7 +106138,7 @@ index 37ebc14..9c121d9 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -3783,7 +3783,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr, +@@ -3783,7 +3787,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr, { struct hw_perf_event *hwc = &event->hw; @@ -106148,7 +106147,7 @@ index 37ebc14..9c121d9 100644 if (!hwc->sample_period) return; -@@ -4040,9 +4040,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event) +@@ -4040,9 +4044,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event) u64 now; now = cpu_clock(cpu); @@ -106161,7 +106160,7 @@ index 37ebc14..9c121d9 100644 } static int cpu_clock_perf_event_enable(struct perf_event *event) -@@ -4050,7 +4050,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event) +@@ -4050,7 +4054,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event) struct hw_perf_event *hwc = &event->hw; int cpu = raw_smp_processor_id(); @@ -106170,7 +106169,7 @@ index 37ebc14..9c121d9 100644 perf_swevent_start_hrtimer(event); return 0; -@@ -4082,9 +4082,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now) +@@ -4082,9 +4086,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now) u64 prev; s64 delta; @@ -106182,7 +106181,7 @@ index 37ebc14..9c121d9 100644 } static int task_clock_perf_event_enable(struct perf_event *event) -@@ -4094,7 +4094,7 @@ static int task_clock_perf_event_enable(struct perf_event *event) +@@ -4094,7 +4098,7 @@ static int task_clock_perf_event_enable(struct perf_event *event) now = event->ctx->time; @@ -106191,7 +106190,7 @@ index 37ebc14..9c121d9 100644 perf_swevent_start_hrtimer(event); -@@ -4289,7 +4289,7 @@ perf_event_alloc(struct perf_event_attr *attr, +@@ -4289,7 +4293,7 @@ perf_event_alloc(struct perf_event_attr *attr, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -106200,7 +106199,7 @@ index 37ebc14..9c121d9 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -4720,15 +4720,15 @@ static void sync_child_event(struct perf_event *child_event, +@@ -4720,15 +4724,15 @@ static void sync_child_event(struct perf_event *child_event, if (child_event->attr.inherit_stat) perf_event_read_event(child_event, child); @@ -118996,7 +118995,7 @@ index 524ba56..8f2f836 100644 if (!res) eth_started = 1; diff --git a/net/tipc/link.c b/net/tipc/link.c -index dd4c18b..f40d38d 100644 +index dd4c18b..356b07d 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1418,7 +1418,7 @@ again: @@ -119017,6 +119016,44 @@ index dd4c18b..f40d38d 100644 sect_crs += sz; sect_rest -= sz; fragm_crs += sz; +@@ -2551,12 +2551,13 @@ static int link_recv_changeover_msg(struct link **l_ptr, + struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf); + u32 msg_typ = msg_type(tunnel_msg); + u32 msg_count = msg_msgcnt(tunnel_msg); ++ u32 bearer_id = msg_bearer_id(tunnel_msg); + +- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)]; +- if (!dest_link) { +- msg_dbg(tunnel_msg, "NOLINK/<REC<"); ++ if (bearer_id >= MAX_BEARERS) ++ goto exit; ++ dest_link = (*l_ptr)->owner->links[bearer_id]; ++ if (!dest_link) + goto exit; +- } + if (dest_link == *l_ptr) { + err("Unexpected changeover message on link <%s>\n", + (*l_ptr)->name); +@@ -2798,15 +2799,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb, + struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm); + u32 msg_sz = msg_size(imsg); + u32 fragm_sz = msg_data_sz(fragm); +- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz); ++ u32 exp_fragm_cnt; + u32 max = TIPC_MAX_USER_MSG_SIZE + LONG_H_SIZE; ++ + if (msg_type(imsg) == TIPC_MCAST_MSG) + max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE; +- if (msg_size(imsg) > max) { +- msg_dbg(fragm,"<REC<Oversized: "); ++ if (fragm_sz == 0 || msg_size(imsg) > max) { + buf_discard(fbuf); + return 0; + } ++ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz); + pbuf = buf_acquire(msg_size(imsg)); + if (pbuf != NULL) { + pbuf->next = *pending; diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c index 0747d8a..e8bf3f3 100644 --- a/net/tipc/subscr.c diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch index dbd4565..87aa8e4 100644 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -560,7 +560,7 @@ +@@ -570,7 +570,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -780,7 +780,7 @@ +@@ -790,7 +790,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -789,7 +789,7 @@ +@@ -799,7 +799,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -882,7 +882,7 @@ +@@ -892,7 +892,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -903,7 +903,7 @@ +@@ -913,7 +913,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -921,7 +921,7 @@ +@@ -931,7 +931,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch index 6273202..19027c3 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -980,6 +980,27 @@ +@@ -990,6 +990,27 @@ menu "Logging Options" depends on GRKERNSEC |