diff options
author | rudson <rudson@370017ae-e619-0410-ac65-c121f96126d4> | 2006-11-16 00:00:59 +0000 |
---|---|---|
committer | rudson <rudson@370017ae-e619-0410-ac65-c121f96126d4> | 2006-11-16 00:00:59 +0000 |
commit | c1b62595dcc300d4fe362edafa99d914a347731e (patch) | |
tree | bcd79ca9b13a2f095ce7068207475ca725eb50fc /kernel-ratten/rt-lsm-0.8.7-kernel.patch | |
parent | fa14a96efdda7eeff7ed33f337a8692de7f178a7 (diff) | |
download | slackbuilds-c1b62595dcc300d4fe362edafa99d914a347731e.tar.gz slackbuilds-c1b62595dcc300d4fe362edafa99d914a347731e.tar.bz2 |
movendo libs...
git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@693 370017ae-e619-0410-ac65-c121f96126d4
Diffstat (limited to 'kernel-ratten/rt-lsm-0.8.7-kernel.patch')
-rw-r--r-- | kernel-ratten/rt-lsm-0.8.7-kernel.patch | 223 |
1 files changed, 0 insertions, 223 deletions
diff --git a/kernel-ratten/rt-lsm-0.8.7-kernel.patch b/kernel-ratten/rt-lsm-0.8.7-kernel.patch deleted file mode 100644 index 194aecfd..00000000 --- a/kernel-ratten/rt-lsm-0.8.7-kernel.patch +++ /dev/null @@ -1,223 +0,0 @@ -diff -puN /dev/null Documentation/realtime-lsm.txt ---- /dev/null 2003-09-15 06:40:47.000000000 -0700 -+++ 25-akpm/Documentation/realtime-lsm.txt 2005-02-06 00:32:52.000000000 -0800 -@@ -0,0 +1,39 @@ -+ -+ Realtime Linux Security Module -+ -+ -+This Linux Security Module (LSM) enables realtime capabilities. It -+was written by Torben Hohn and Jack O'Quin, under the provisions of -+the GPL (see the COPYING file). We make no warranty concerning the -+safety, security or even stability of your system when using it. But, -+we will fix problems if you report them. -+ -+Once the LSM has been installed and the kernel for which it was built -+is running, the root user can load it and pass parameters as follows: -+ -+ # modprobe realtime any=1 -+ -+ Any program can request realtime privileges. This allows any local -+ user to crash the system by hogging the CPU in a tight loop or -+ locking down too much memory. But, it is simple to administer. :-) -+ -+ # modprobe realtime gid=29 -+ -+ All users belonging to group 29 and programs that are setgid to that -+ group have realtime privileges. Use any group number you like. A -+ `gid' of -1 disables group access. -+ -+ # modprobe realtime mlock=0 -+ -+ Grants realtime scheduling privileges without the ability to lock -+ memory using mlock() or mlockall() system calls. This option can be -+ used in conjunction with any of the other options. -+ -+After the module is loaded, its parameters can be changed dynamically -+via sysfs. -+ -+ # echo 1 > /sys/module/realtime/parameters/any -+ # echo 29 > /sys/module/realtime/parameters/gid -+ # echo 1 > /sys/module/realtime/parameters/mlock -+ -+Jack O'Quin, joq@joq.us -diff -puN security/Kconfig~rt-lsm security/Kconfig ---- 25/security/Kconfig~rt-lsm 2005-02-06 00:32:52.000000000 -0800 -+++ 25-akpm/security/Kconfig 2005-02-06 00:32:52.000000000 -0800 -@@ -85,6 +85,17 @@ config SECURITY_SECLVL - - If you are unsure how to answer this question, answer N. - -+config SECURITY_REALTIME -+ tristate "Realtime Capabilities" -+ depends on SECURITY && SECURITY_CAPABILITIES!=y -+ default n -+ help -+ This module selectively grants realtime privileges -+ controlled by parameters set at load time or via files in -+ /sys/module/realtime/parameters. -+ -+ If you are unsure how to answer this question, answer N. -+ - source security/selinux/Kconfig - - endmenu -diff -puN security/Makefile~rt-lsm security/Makefile ---- 25/security/Makefile~rt-lsm 2005-02-06 00:32:52.000000000 -0800 -+++ 25-akpm/security/Makefile 2005-02-06 00:32:52.000000000 -0800 -@@ -17,3 +17,4 @@ obj-$(CONFIG_SECURITY_SELINUX) += selin - obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o - obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o - obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o -+obj-$(CONFIG_SECURITY_REALTIME) += commoncap.o realtime.o -diff -puN /dev/null security/realtime.c ---- /dev/null 2003-09-15 06:40:47.000000000 -0700 -+++ 25-akpm/security/realtime.c 2005-02-06 00:32:52.000000000 -0800 -@@ -0,0 +1,146 @@ -+/* -+ * Realtime Capabilities Linux Security Module -+ * -+ * Copyright (C) 2003 Torben Hohn -+ * Copyright (C) 2003-2005 Jack O'Quin -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ */ -+ -+#include <linux/module.h> -+#include <linux/security.h> -+ -+#define RT_LSM "Realtime LSM " /* syslog module name prefix */ -+#define RT_ERR "Realtime: " /* syslog error message prefix */ -+ -+#include <linux/vermagic.h> -+MODULE_INFO(vermagic,VERMAGIC_STRING); -+ -+/* module parameters -+ * -+ * These values could change at any time due to some process writing -+ * a new value in /sys/module/realtime/parameters. This is OK, -+ * because each is referenced only once in each function call. -+ * Nothing depends on parameters having the same value every time. -+ */ -+ -+/* if TRUE, any process is realtime */ -+static int rt_any; -+module_param_named(any, rt_any, int, 0644); -+MODULE_PARM_DESC(any, " grant realtime privileges to any process."); -+ -+/* realtime group id, or NO_GROUP */ -+static int rt_gid = -1; -+module_param_named(gid, rt_gid, int, 0644); -+MODULE_PARM_DESC(gid, " the group ID with access to realtime privileges."); -+ -+/* enable mlock() privileges */ -+static int rt_mlock = 1; -+module_param_named(mlock, rt_mlock, int, 0644); -+MODULE_PARM_DESC(mlock, " enable memory locking privileges."); -+ -+/* helper function for testing group membership */ -+static inline int gid_ok(int gid) -+{ -+ if (gid == -1) -+ return 0; -+ -+ if (gid == current->gid) -+ return 1; -+ -+ return in_egroup_p(gid); -+} -+ -+static void realtime_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) -+{ -+ cap_bprm_apply_creds(bprm, unsafe); -+ -+ /* If a non-zero `any' parameter was specified, we grant -+ * realtime privileges to every process. If the `gid' -+ * parameter was specified and it matches the group id of the -+ * executable, of the current process or any supplementary -+ * groups, we grant realtime capabilites. -+ */ -+ -+ if (rt_any || gid_ok(rt_gid)) { -+ cap_raise(current->cap_effective, CAP_SYS_NICE); -+ if (rt_mlock) { -+ cap_raise(current->cap_effective, CAP_IPC_LOCK); -+ } -+ } -+} -+ -+static struct security_operations capability_ops = { -+ .ptrace = cap_ptrace, -+ .capget = cap_capget, -+ .capset_check = cap_capset_check, -+ .capset_set = cap_capset_set, -+ .capable = cap_capable, -+ .netlink_send = cap_netlink_send, -+ .netlink_recv = cap_netlink_recv, -+ .bprm_apply_creds = realtime_bprm_apply_creds, -+ .bprm_set_security = cap_bprm_set_security, -+ .bprm_secureexec = cap_bprm_secureexec, -+ .task_post_setuid = cap_task_post_setuid, -+ .task_reparent_to_init = cap_task_reparent_to_init, -+ .syslog = cap_syslog, -+ .vm_enough_memory = cap_vm_enough_memory, -+}; -+ -+#define MY_NAME __stringify(KBUILD_MODNAME) -+ -+static int secondary; /* flag to keep track of how we were registered */ -+ -+static int __init realtime_init(void) -+{ -+ /* register ourselves with the security framework */ -+ if (register_security(&capability_ops)) { -+ -+ /* try registering with primary module */ -+ if (mod_reg_security(MY_NAME, &capability_ops)) { -+ printk(KERN_INFO RT_ERR "Failure registering " -+ "capabilities with primary security module.\n"); -+ printk(KERN_INFO RT_ERR "Is kernel configured " -+ "with CONFIG_SECURITY_CAPABILITIES=m?\n"); -+ return -EINVAL; -+ } -+ secondary = 1; -+ } -+ -+ if (rt_any) -+ printk(KERN_INFO RT_LSM -+ "initialized (all groups, mlock=%d)\n", rt_mlock); -+ else if (rt_gid == -1) -+ printk(KERN_INFO RT_LSM -+ "initialized (no groups, mlock=%d)\n", rt_mlock); -+ else -+ printk(KERN_INFO RT_LSM -+ "initialized (group %d, mlock=%d)\n", rt_gid, rt_mlock); -+ -+ return 0; -+} -+ -+static void __exit realtime_exit(void) -+{ -+ /* remove ourselves from the security framework */ -+ if (secondary) { -+ if (mod_unreg_security(MY_NAME, &capability_ops)) -+ printk(KERN_INFO RT_ERR "Failure unregistering " -+ "capabilities with primary module.\n"); -+ -+ } else if (unregister_security(&capability_ops)) { -+ printk(KERN_INFO RT_ERR -+ "Failure unregistering capabilities with the kernel\n"); -+ } -+ printk(KERN_INFO "Realtime Capability LSM exiting\n"); -+} -+ -+security_initcall(realtime_init); -+module_exit(realtime_exit); -+ -+MODULE_DESCRIPTION("Realtime Capabilities Security Module"); -+MODULE_LICENSE("GPL"); -_ |