linux-libre-grsec-3.15.1.201406222112-3: updating revision

* enable container-compatible chroot restrictions by default
* add missing module

3 files changed, 10 insertions, 10 deletions

diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 5dacbe4f2..6bf9e5c0f 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -17,7 +17,7 @@ _grsecver=3.0
 _timestamp=201406222112
 _pkgver=${_basekernel}.${_sublevel}
 pkgver=${_basekernel}.${_sublevel}.${_timestamp}
-pkgrel=2
+pkgrel=3
 _lxopkgver=${_basekernel}.1 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="https://grsecurity.net/"
@@ -44,14 +44,14 @@ sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688'
             '24835ddd8b524b11d1179697052a3d669efcaef56a254ba384c73ef77ebd4b13'
             'SKIP'
             '20d7aa7723620bcdefc0828c2ba0c5b17049e7ecb8475703ddccd9f3e84c30d7'
-            '6a9e7a0bd92f04379566809e4d1d677f690b4e49dcb841d8f7bff69782879f2a'
+            'e686e05416e6060d1345f58c0b77eff9d554c412d97df086bbcf2a97a39564ae'
             '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486'
             'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b'
             '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9'
             'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6'
             'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
             '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
-            '763f9323cdefc9ddf74ffeffd856f9eaec4d8d4ef702c88ee1aab429c2d0b389'
+            'd4d4ae0b9c510547f47d94582e4ca08a7f12e9baf324181cb54d328027305e31'
             'f769db2fa56c7cba2c62ff52071dbf46a46a817ad39ec4d62bc2cecff3911954')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 2a2579dfc..8b5501a57 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -2194,7 +2194,7 @@ CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
 CONFIG_NET_VENDOR_CISCO=y
 CONFIG_ENIC=m
-# CONFIG_CX_ECAT is not set
+CONFIG_CX_ECAT=m
 CONFIG_DNET=m
 CONFIG_NET_VENDOR_DEC=y
 CONFIG_NET_TULIP=y
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index ebd4dd574..a5f6bf83e 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -44,21 +44,21 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.romount_protect = 1
 
 #
-# chroot restrictions (many of these will break containers)
+# chroot restrictions (the commented options will break containers)
 #
 
 #kernel.grsecurity.chroot_caps = 1
 #kernel.grsecurity.chroot_deny_chmod = 1
 #kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
 #kernel.grsecurity.chroot_deny_mknod = 1
 #kernel.grsecurity.chroot_deny_mount = 1
 #kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 1
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
 kernel.grsecurity.chroot_enforce_chdir = 1
-#kernel.grsecurity.chroot_findtask = 1
+kernel.grsecurity.chroot_findtask = 1
 #kernel.grsecurity.chroot_restrict_nice = 1
 
 #