diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-08-11 16:33:29 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-08-11 16:35:35 -0300 |
commit | d733fc26b31fb2fd30c080762e588d502f3de4f5 (patch) | |
tree | 7a764e9930c24738e0f563b9d552ea438711bd5a /libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch | |
parent | b21daa0fd8fe26e15e810258efeaa8a5e559c0cd (diff) | |
download | abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.gz abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.tar.bz2 abslibre-d733fc26b31fb2fd30c080762e588d502f3de4f5.zip |
linux-libre-grsec-3.15.9.201408110025-1: updating version
* rely on grsecurity to disable unprivileged user namespaces
Diffstat (limited to 'libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch')
-rw-r--r-- | libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch b/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch deleted file mode 100644 index 5713dbb20..000000000 --- a/libre/linux-libre-grsec/Revert-userns-Allow-unprivileged-users-to-create-use.patch +++ /dev/null @@ -1,41 +0,0 @@ -From e3da68be55914bfeedb8866f191cc0958579611d Mon Sep 17 00:00:00 2001 -From: Josh Boyer <jwboyer@fedoraproject.org> -Date: Wed, 13 Nov 2013 10:21:18 -0500 -Subject: [PATCH] Revert "userns: Allow unprivileged users to create user - namespaces." - -This reverts commit 5eaf563e53294d6696e651466697eb9d491f3946. - -Conflicts: - kernel/fork.c ---- - kernel/fork.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/kernel/fork.c b/kernel/fork.c -index f6d11fc..e04c9a7 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -1573,6 +1573,19 @@ long do_fork(unsigned long clone_flags, - long nr; - - /* -+ * Do some preliminary argument and permissions checking before we -+ * actually start allocating stuff -+ */ -+ if (clone_flags & CLONE_NEWUSER) { -+ /* hopefully this check will go away when userns support is -+ * complete -+ */ -+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || -+ !capable(CAP_SETGID)) -+ return -EPERM; -+ } -+ -+ /* - * Determine whether and which event to report to ptracer. When - * called from kernel_thread or CLONE_UNTRACED is explicitly - * requested, no event is reported; otherwise, report if the event --- -1.8.3.1 - |