/[linux-patches]/hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
Gentoo

Contents of /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 602 - (show annotations) (download)
Fri Aug 18 10:41:55 2006 UTC (7 years, 10 months ago) by johnm
File size: 3315 byte(s)
re-apply reslog fixes
1 diff -Nrup linux-2.6.16/grsecurity/gracl_res.c linux-2.6.16-reslog/grsecurity/gracl_res.c
2 --- linux-2.6.16/grsecurity/gracl_res.c 2006-07-06 15:36:47.000000000 -0400
3 +++ linux-2.6.16-reslog/grsecurity/gracl_res.c 2006-07-06 14:30:28.000000000 -0400
4 @@ -35,7 +35,8 @@ gr_log_resource(const struct task_struct
5 if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) ||
6 (!gt && wanted >= task->signal->rlim[res].rlim_cur)) &&
7 task->signal->rlim[res].rlim_cur != RLIM_INFINITY))
8 - gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
9 + if (gr_acl_is_enabled() || grsec_resource_logging)
10 + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
11 preempt_enable_no_resched();
12
13 return;
14 diff -Nrup linux-2.6.16/grsecurity/grsec_init.c linux-2.6.16-reslog/grsecurity/grsec_init.c
15 --- linux-2.6.16/grsecurity/grsec_init.c 2006-07-06 15:36:47.000000000 -0400
16 +++ linux-2.6.16-reslog/grsecurity/grsec_init.c 2006-07-06 14:32:04.000000000 -0400
17 @@ -47,6 +47,7 @@ int grsec_socket_client_gid;
18 int grsec_enable_socket_server;
19 int grsec_socket_server_gid;
20 int grsec_lock;
21 +int grsec_resource_logging;
22
23 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
24 unsigned long grsec_alert_wtime = 0;
25 @@ -162,6 +163,9 @@ grsecurity_init(void)
26 #ifdef CONFIG_GRKERNSEC_TIME
27 grsec_enable_time = 1;
28 #endif
29 +#ifdef CONFIG_GRKERNSEC_RELOG
30 + grsec_resource_logging = 1;
31 +#endif
32 #ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
33 grsec_enable_chroot_findtask = 1;
34 #endif
35 diff -Nrup linux-2.6.16/grsecurity/grsec_sysctl.c linux-2.6.16-reslog/grsecurity/grsec_sysctl.c
36 --- linux-2.6.16/grsecurity/grsec_sysctl.c 2006-07-06 15:36:47.000000000 -0400
37 +++ linux-2.6.16-reslog/grsecurity/grsec_sysctl.c 2006-07-06 15:31:02.000000000 -0400
38 @@ -29,7 +29,7 @@ gr_handle_sysctl_mod(const char *dirname
39
40 #if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
41 enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL,
42 -GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
43 +GS_FORKFAIL, GS_TIME, GS_RESLOG, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT,
44 GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM,
45 GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS,
46 GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS,
47 @@ -111,6 +111,16 @@ ctl_table grsecurity_table[] = {
48 .proc_handler = &proc_dointvec,
49 },
50 #endif
51 +#ifdef CONFIG_GRKERNSEC_RESLOG
52 + {
53 + .ctl_name = GS_RESLOG,
54 + .procname = "resource_logging",
55 + .data = &grsec_resource_logging,
56 + .maxlen = sizeof(int),
57 + .mode = 0600,
58 + .proc_handler = &proc_dointvec,
59 + },
60 +#endif
61 #ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
62 {
63 .ctl_name = GS_CHROOT_SHMAT,
64 diff -Nrup linux-2.6.16/include/linux/grinternal.h linux-2.6.16-reslog/include/linux/grinternal.h
65 --- linux-2.6.16/include/linux/grinternal.h 2006-07-06 15:36:47.000000000 -0400
66 +++ linux-2.6.16-reslog/include/linux/grinternal.h 2006-07-06 14:32:53.000000000 -0400
67 @@ -71,6 +71,7 @@ extern int grsec_enable_audit_textrel;
68 extern int grsec_enable_mount;
69 extern int grsec_enable_chdir;
70 extern int grsec_lock;
71 +extern int grsec_resource_logging;
72
73 extern struct task_struct *child_reaper;
74

  ViewVC Help
Powered by ViewVC 1.1.20