diff options
author | graysky | 2019-02-23 06:52:04 -0500 |
---|---|---|
committer | graysky | 2019-02-23 06:52:04 -0500 |
commit | 0411bf0858d2ef16a450915e02619f4389806175 (patch) | |
tree | 681c9521fd7f1258fac7058aa9441b4d76a1a15f | |
parent | 6e3b66b8781265128a8cd617d3dc667baa66f28a (diff) | |
download | aur-0411bf0858d2ef16a450915e02619f4389806175.tar.gz |
Update to 4.20.12-3
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | 0000-unfuck-ck1-for-kvm-intel-symbol.patch (renamed from 0003-unfuck-ck1-for-kvm-intel-symbol.patch) | 0 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 102 | ||||
-rw-r--r-- | 0001-exec-Fix-mem-leak-in-kernel_read_file.patch (renamed from 0002-exec-Fix-mem-leak-in-kernel_read_file.patch) | 0 | ||||
-rw-r--r-- | PKGBUILD | 12 |
5 files changed, 10 insertions, 116 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Sat Feb 23 11:15:07 UTC 2019 +# Sat Feb 23 11:52:03 UTC 2019 pkgbase = linux-ck pkgver = 4.20.12 - pkgrel = 2 + pkgrel = 3 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 license = GPL2 @@ -19,9 +19,8 @@ pkgbase = linux-ck source = linux.preset source = enable_additional_cpu_optimizations-20180509.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20180509.tar.gz source = http://ck.kolivas.org/patches/4.0/4.20/4.20-ck1/patch-4.20-ck1.xz - source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-exec-Fix-mem-leak-in-kernel_read_file.patch - source = 0003-unfuck-ck1-for-kvm-intel-symbol.patch + source = 0000-unfuck-ck1-for-kvm-intel-symbol.patch + source = 0001-exec-Fix-mem-leak-in-kernel_read_file.patch sha256sums = 1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504 sha256sums = SKIP sha256sums = 4ff10c16fa729f808e812e3ff53ef8087ab9c220c84d860676d3bfb5c1c63c5d @@ -30,9 +29,8 @@ pkgbase = linux-ck sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = 226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d sha256sums = 4bd614333fcbe509118b5362889f76d241e1d33e1ee691bd24fd82384ce7f2de - sha256sums = b6eea702f203632f12fa9edd4a38781d66498c20b1baedb23722537930b9a863 - sha256sums = a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb sha256sums = 3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64 + sha256sums = a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler v0.185 diff --git a/0003-unfuck-ck1-for-kvm-intel-symbol.patch b/0000-unfuck-ck1-for-kvm-intel-symbol.patch index fd8568a24ab4..fd8568a24ab4 100644 --- a/0003-unfuck-ck1-for-kvm-intel-symbol.patch +++ b/0000-unfuck-ck1-for-kvm-intel-symbol.patch diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch deleted file mode 100644 index 215dc6c12bba..000000000000 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ /dev/null @@ -1,102 +0,0 @@ -From aa38734a9d06dd75d61819e884742be9eadbc143 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@canonical.com> -Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by - default - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -[bwh: Remove unneeded binary sysctl bits] -Signed-off-by: Daniel Micay <danielmicay@gmail.com> ---- - kernel/fork.c | 15 +++++++++++++++ - kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 3 +++ - 3 files changed, 30 insertions(+) - -diff --git a/kernel/fork.c b/kernel/fork.c -index 906cd0c13d15..0d1d30ad91e7 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -104,6 +104,11 @@ - - #define CREATE_TRACE_POINTS - #include <trace/events/task.h> -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 9ee261fce89e..ab26ddeab33d 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -106,6 +106,9 @@ extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -515,6 +518,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 923414a246e9..6b9dbc257e34 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -26,6 +26,9 @@ - #include <linux/bsearch.h> - #include <linux/sort.h> - -+/* sysctl */ -+int unprivileged_userns_clone; -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - --- -2.20.1 - diff --git a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/0001-exec-Fix-mem-leak-in-kernel_read_file.patch index bed047b765a2..bed047b765a2 100644 --- a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch +++ b/0001-exec-Fix-mem-leak-in-kernel_read_file.patch @@ -63,7 +63,7 @@ _localmodcfg= pkgbase=linux-ck _srcver=4.20.12-arch1 pkgver=${_srcver%-*} -pkgrel=2 +pkgrel=3 _ckpatchversion=1 arch=(x86_64) url="https://wiki.archlinux.org/index.php/Linux-ck" @@ -80,9 +80,8 @@ source=( linux.preset # standard config files for mkinitcpio ramdisk "enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz" "http://ck.kolivas.org/patches/4.0/4.20/4.20-ck${_ckpatchversion}/$_ckpatch.xz" - 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - 0002-exec-Fix-mem-leak-in-kernel_read_file.patch - 0003-unfuck-ck1-for-kvm-intel-symbol.patch + 0000-unfuck-ck1-for-kvm-intel-symbol.patch + 0001-exec-Fix-mem-leak-in-kernel_read_file.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -96,9 +95,8 @@ sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d' '4bd614333fcbe509118b5362889f76d241e1d33e1ee691bd24fd82384ce7f2de' - 'b6eea702f203632f12fa9edd4a38781d66498c20b1baedb23722537930b9a863' - 'a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb' - '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64') + '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64' + 'a8962ae10431de7c5eebe07a34fff5acd613904865dcabbcea03e8108d11b1fb') _kernelname=${pkgbase#linux} : ${_kernelname:=-ARCH} |