--- /dev/null
+From 31110ebbec8688c6e9597b641101afc94e1c762a Mon Sep 17 00:00:00 2001
+From: Sam Ravnborg <sam@ravnborg.org>
+Date: Sat, 13 Dec 2008 23:00:45 +0100
+Subject: kbuild: fix make incompatibility
+
+From: Sam Ravnborg <sam@ravnborg.org>
+
+commit 31110ebbec8688c6e9597b641101afc94e1c762a upstream.
+
+"Paul Smith" <psmith@gnu.org> reported that we would fail
+to build with a new check that may be enabled in an
+upcoming version of make.
+
+The error was:
+
+ Makefile:442: *** mixed implicit and normal rules. Stop.
+
+The problem is that we did stuff like this:
+
+config %config: ...
+
+The solution was simple - the above was split into two with identical
+prerequisites and commands.
+With only three lines it was not worth to try to avoid the duplication.
+
+Cc: "Paul Smith" <psmith@gnu.org>
+Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
+Cc: Thomas Backlund <tmb@mandriva.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ Makefile | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -440,7 +440,11 @@ ifeq ($(config-targets),1)
+ include $(srctree)/arch/$(SRCARCH)/Makefile
+ export KBUILD_DEFCONFIG
+
+-config %config: scripts_basic outputmakefile FORCE
++config: scripts_basic outputmakefile FORCE
++ $(Q)mkdir -p include/linux include/config
++ $(Q)$(MAKE) $(build)=scripts/kconfig $@
++
++%config: scripts_basic outputmakefile FORCE
+ $(Q)mkdir -p include/linux include/config
+ $(Q)$(MAKE) $(build)=scripts/kconfig $@
+
+@@ -1602,7 +1606,11 @@ endif
+ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+
+ # Modules
+-/ %/: prepare scripts FORCE
++/: prepare scripts FORCE
++ $(cmd_crmodverdir)
++ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
++ $(build)=$(build-dir)
++%/: prepare scripts FORCE
+ $(cmd_crmodverdir)
+ $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ $(build)=$(build-dir)
--- /dev/null
+From ea6b184f7d521a503ecab71feca6e4057562252b Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Mon, 22 Sep 2008 15:41:19 -0400
+Subject: selinux: use default proc sid on symlinks
+
+From: Stephen Smalley <sds@tycho.nsa.gov>
+
+commit ea6b184f7d521a503ecab71feca6e4057562252b upstream.
+
+As we are not concerned with fine-grained control over reading of
+symlinks in proc, always use the default proc SID for all proc symlinks.
+This should help avoid permission issues upon changes to the proc tree
+as in the /proc/net -> /proc/self/net example.
+This does not alter labeling of symlinks within /proc/pid directories.
+ls -Zd /proc/net output before and after the patch should show the difference.
+
+Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
+Signed-off-by: James Morris <jmorris@namei.org>
+Cc: Florian Mickler <florian@mickler.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/selinux/hooks.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -1290,7 +1290,7 @@ static int inode_doinit_with_dentry(stru
+ /* Default to the fs superblock SID. */
+ isec->sid = sbsec->sid;
+
+- if (sbsec->proc) {
++ if (sbsec->proc && !S_ISLNK(inode->i_mode)) {
+ struct proc_inode *proci = PROC_I(inode);
+ if (proci->pde) {
+ isec->sclass = inode_mode_to_security_class(inode->i_mode);
projects / thirdparty / kernel / stable-queue.git / commitdiff
