diff options
author | graysky | 2019-06-11 14:58:22 -0400 |
---|---|---|
committer | graysky | 2019-06-11 14:58:48 -0400 |
commit | 99703a2c47af22581eb91ed767969d350b3b8a35 (patch) | |
tree | 0eeef6ab5e929767cd5866d5386dee82f3cdf8f8 | |
parent | 7d7da59a5963bd2459b9d3b1e7c1cf81bf235b46 (diff) | |
download | aur-99703a2c47af22581eb91ed767969d350b3b8a35.tar.gz |
Update to 5.1.9rc1-1
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch | 57 | ||||
-rw-r--r-- | PKGBUILD | 14 | ||||
-rw-r--r-- | config | 4 |
4 files changed, 78 insertions, 15 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.1.8rc1 + pkgver = 5.1.9rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -9,26 +9,28 @@ pkgbase = linux-rc makedepends = bc makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.7.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.7.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.8-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.8-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.8.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.8.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.9-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.9-rc1.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 0246d04df2b799bd0adbde8f24fcb0daa18819fa5442e9bdd6992979b7adf3a6 + sha256sums = d0164ffcc6e2ab3a96cc771d3fbdf2f8b49a2597ec4da9a06df590b0fe87a6ec sha256sums = SKIP - sha256sums = e15a44b8bf320be64b987e30abea8184dab57d25d2323399fdf14c842c6be27e + sha256sums = f2e99c56db408c7f695fa80507201036e4828f23e202800d4cac94d46e13517f sha256sums = SKIP - sha256sums = 02390efe7637927502bc834daf3f413ea5e2cb084bca125372e70dc9438e824c + sha256sums = 2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = 4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629 + sha256sums = 1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch new file mode 100644 index 000000000000..6c25e34545bd --- /dev/null +++ b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch @@ -0,0 +1,57 @@ +From d279aeda16b4cc525a0a2c4747946d87683e3e51 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Thu, 7 Dec 2017 13:50:48 +0100 +Subject: [PATCH 2/3] ZEN: Add CONFIG for unprivileged_userns_clone + +This way our default behavior continues to match the vanilla kernel. +--- + init/Kconfig | 16 ++++++++++++++++ + kernel/user_namespace.c | 4 ++++ + 2 files changed, 20 insertions(+) + +diff --git a/init/Kconfig b/init/Kconfig +index 4592bf7997c0..f3df02990aff 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1004,6 +1004,22 @@ config USER_NS + + If unsure, say N. + ++config USER_NS_UNPRIVILEGED ++ bool "Allow unprivileged users to create namespaces" ++ default y ++ depends on USER_NS ++ help ++ When disabled, unprivileged users will not be able to create ++ new namespaces. Allowing users to create their own namespaces ++ has been part of several recent local privilege escalation ++ exploits, so if you need user namespaces but are ++ paranoid^Wsecurity-conscious you want to disable this. ++ ++ This setting can be overridden at runtime via the ++ kernel.unprivileged_userns_clone sysctl. ++ ++ If unsure, say Y. ++ + config PID_NS + bool "PID Namespaces" + default y +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 6b9dbc257e34..107b17f0d528 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -27,7 +27,11 @@ + #include <linux/sort.h> + + /* sysctl */ ++#ifdef CONFIG_USER_NS_UNPRIVILEGED ++int unprivileged_userns_clone = 1; ++#else + int unprivileged_userns_clone; ++#endif + + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); +-- +2.22.0 + @@ -5,8 +5,8 @@ pkgbase=linux-rc pkgrel=1 _srcname=linux-5.1 -_stable=5.1.7 -_patchver=5.1.8 +_stable=5.1.8 +_patchver=5.1.9 _rcver=1 pkgver=${_patchver}rc${_rcver} _rcpatch=patch-${_patchver}-rc${_rcver} @@ -23,21 +23,23 @@ source=( 90-linux.hook # pacman hook for initramfs regeneration linux.preset # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1 ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('0246d04df2b799bd0adbde8f24fcb0daa18819fa5442e9bdd6992979b7adf3a6' +sha256sums=('d0164ffcc6e2ab3a96cc771d3fbdf2f8b49a2597ec4da9a06df590b0fe87a6ec' 'SKIP' - 'e15a44b8bf320be64b987e30abea8184dab57d25d2323399fdf14c842c6be27e' + 'f2e99c56db408c7f695fa80507201036e4828f23e202800d4cac94d46e13517f' 'SKIP' - '02390efe7637927502bc834daf3f413ea5e2cb084bca125372e70dc9438e824c' + '2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629') + '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629' + '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec') _kernelname=${pkgbase#linux} @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.1.0-arch1 Kernel Configuration +# Linux/x86 5.1.8-arch1 Kernel Configuration # # @@ -167,6 +167,7 @@ CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y +CONFIG_USER_NS_UNPRIVILEGED=y CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_CHECKPOINT_RESTORE=y @@ -780,6 +781,7 @@ CONFIG_HAVE_RELIABLE_STACKTRACE=y CONFIG_ISA_BUS_API=y CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y +CONFIG_64BIT_TIME=y CONFIG_COMPAT_32BIT_TIME=y CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y |