From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Mon, 23 Aug 2010 22:46:36 +0000 (-0700)
Subject: .27 patches
X-Git-Tag: v2.6.32.21~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c079d0952c4e83ccea63d851737e977b21c33b4b;p=thirdparty%2Fkernel%2Fstable-queue.git

.27 patches
---

diff --git a/queue-2.6.27/kbuild-fix-make-incompatibility.patch b/queue-2.6.27/kbuild-fix-make-incompatibility.patch
new file mode 100644
index 00000000000..91f13b7eddd
--- /dev/null
+++ b/queue-2.6.27/kbuild-fix-make-incompatibility.patch
@@ -0,0 +1,62 @@
+From 31110ebbec8688c6e9597b641101afc94e1c762a Mon Sep 17 00:00:00 2001
+From: Sam Ravnborg <sam@ravnborg.org>
+Date: Sat, 13 Dec 2008 23:00:45 +0100
+Subject: kbuild: fix make incompatibility
+
+From: Sam Ravnborg <sam@ravnborg.org>
+
+commit 31110ebbec8688c6e9597b641101afc94e1c762a upstream.
+
+"Paul Smith" <psmith@gnu.org> reported that we would fail
+to build with a new check that may be enabled in an
+upcoming version of make.
+
+The error was:
+
+      Makefile:442: *** mixed implicit and normal rules.  Stop.
+
+The problem is that we did stuff like this:
+
+config %config: ...
+
+The solution was simple - the above was split into two with identical
+prerequisites and commands.
+With only three lines it was not worth to try to avoid the duplication.
+
+Cc: "Paul Smith" <psmith@gnu.org>
+Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
+Cc: Thomas Backlund <tmb@mandriva.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ Makefile |   12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -440,7 +440,11 @@ ifeq ($(config-targets),1)
+ include $(srctree)/arch/$(SRCARCH)/Makefile
+ export KBUILD_DEFCONFIG
+ 
+-config %config: scripts_basic outputmakefile FORCE
++config: scripts_basic outputmakefile FORCE
++	$(Q)mkdir -p include/linux include/config
++	$(Q)$(MAKE) $(build)=scripts/kconfig $@
++
++%config: scripts_basic outputmakefile FORCE
+ 	$(Q)mkdir -p include/linux include/config
+ 	$(Q)$(MAKE) $(build)=scripts/kconfig $@
+ 
+@@ -1602,7 +1606,11 @@ endif
+ 	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
+ 
+ # Modules
+-/ %/: prepare scripts FORCE
++/: prepare scripts FORCE
++	$(cmd_crmodverdir)
++	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
++	$(build)=$(build-dir)
++%/: prepare scripts FORCE
+ 	$(cmd_crmodverdir)
+ 	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
+ 	$(build)=$(build-dir)
diff --git a/queue-2.6.27/selinux-use-default-proc-sid-on-symlinks.patch b/queue-2.6.27/selinux-use-default-proc-sid-on-symlinks.patch
new file mode 100644
index 00000000000..15b5e193881
--- /dev/null
+++ b/queue-2.6.27/selinux-use-default-proc-sid-on-symlinks.patch
@@ -0,0 +1,36 @@
+From ea6b184f7d521a503ecab71feca6e4057562252b Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Mon, 22 Sep 2008 15:41:19 -0400
+Subject: selinux: use default proc sid on symlinks
+
+From: Stephen Smalley <sds@tycho.nsa.gov>
+
+commit ea6b184f7d521a503ecab71feca6e4057562252b upstream.
+
+As we are not concerned with fine-grained control over reading of
+symlinks in proc, always use the default proc SID for all proc symlinks.
+This should help avoid permission issues upon changes to the proc tree
+as in the /proc/net -> /proc/self/net example.
+This does not alter labeling of symlinks within /proc/pid directories.
+ls -Zd /proc/net output before and after the patch should show the difference.
+
+Signed-off-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
+Signed-off-by: James Morris <jmorris@namei.org>
+Cc: Florian Mickler <florian@mickler.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/selinux/hooks.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -1290,7 +1290,7 @@ static int inode_doinit_with_dentry(stru
+ 		/* Default to the fs superblock SID. */
+ 		isec->sid = sbsec->sid;
+ 
+-		if (sbsec->proc) {
++		if (sbsec->proc && !S_ISLNK(inode->i_mode)) {
+ 			struct proc_inode *proci = PROC_I(inode);
+ 			if (proci->pde) {
+ 				isec->sclass = inode_mode_to_security_class(inode->i_mode);
diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index f2283224f17..d0675f7a7dc 100644
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -1 +1,3 @@
 arm-tighten-check-for-allowable-cpsr-values.patch
+kbuild-fix-make-incompatibility.patch
+selinux-use-default-proc-sid-on-symlinks.patch