diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-06-26 17:45:45 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-06-26 17:45:45 -0300 |
commit | aa41b0f81387ce2adb44aaddbb2cefbbb7473f5e (patch) | |
tree | 1bce8d5a52b7103d496b86d6677c6a4c0a10aef8 /libre/linux-libre-grsec | |
parent | 5e8fd240f188ba2ba339d9fcbf54d1adcbfae649 (diff) |
linux-libre-grsec-3.15.1.201406222112-3: updating revision
* enable container-compatible chroot restrictions by default
* add missing module
Diffstat (limited to 'libre/linux-libre-grsec')
-rw-r--r-- | libre/linux-libre-grsec/PKGBUILD | 6 | ||||
-rw-r--r-- | libre/linux-libre-grsec/config.x86_64 | 2 | ||||
-rw-r--r-- | libre/linux-libre-grsec/sysctl.conf | 12 |
3 files changed, 10 insertions, 10 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 5dacbe4f2..6bf9e5c0f 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -17,7 +17,7 @@ _grsecver=3.0 _timestamp=201406222112 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} -pkgrel=2 +pkgrel=3 _lxopkgver=${_basekernel}.1 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" @@ -44,14 +44,14 @@ sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688' '24835ddd8b524b11d1179697052a3d669efcaef56a254ba384c73ef77ebd4b13' 'SKIP' '20d7aa7723620bcdefc0828c2ba0c5b17049e7ecb8475703ddccd9f3e84c30d7' - '6a9e7a0bd92f04379566809e4d1d677f690b4e49dcb841d8f7bff69782879f2a' + 'e686e05416e6060d1345f58c0b77eff9d554c412d97df086bbcf2a97a39564ae' '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486' 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b' '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9' 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6' 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' - '763f9323cdefc9ddf74ffeffd856f9eaec4d8d4ef702c88ee1aab429c2d0b389' + 'd4d4ae0b9c510547f47d94582e4ca08a7f12e9baf324181cb54d328027305e31' 'f769db2fa56c7cba2c62ff52071dbf46a46a817ad39ec4d62bc2cecff3911954') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64 index 2a2579dfc..8b5501a57 100644 --- a/libre/linux-libre-grsec/config.x86_64 +++ b/libre/linux-libre-grsec/config.x86_64 @@ -2194,7 +2194,7 @@ CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m CONFIG_NET_VENDOR_CISCO=y CONFIG_ENIC=m -# CONFIG_CX_ECAT is not set +CONFIG_CX_ECAT=m CONFIG_DNET=m CONFIG_NET_VENDOR_DEC=y CONFIG_NET_TULIP=y diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf index ebd4dd574..a5f6bf83e 100644 --- a/libre/linux-libre-grsec/sysctl.conf +++ b/libre/linux-libre-grsec/sysctl.conf @@ -44,21 +44,21 @@ kernel.grsecurity.fifo_restrictions = 1 #kernel.grsecurity.romount_protect = 1 # -# chroot restrictions (many of these will break containers) +# chroot restrictions (the commented options will break containers) # #kernel.grsecurity.chroot_caps = 1 #kernel.grsecurity.chroot_deny_chmod = 1 #kernel.grsecurity.chroot_deny_chroot = 1 -#kernel.grsecurity.chroot_deny_fchdir = 1 +kernel.grsecurity.chroot_deny_fchdir = 1 #kernel.grsecurity.chroot_deny_mknod = 1 #kernel.grsecurity.chroot_deny_mount = 1 #kernel.grsecurity.chroot_deny_pivot = 1 -#kernel.grsecurity.chroot_deny_shmat = 1 -#kernel.grsecurity.chroot_deny_sysctl = 1 -#kernel.grsecurity.chroot_deny_unix = 1 +kernel.grsecurity.chroot_deny_shmat = 1 +kernel.grsecurity.chroot_deny_sysctl = 1 +kernel.grsecurity.chroot_deny_unix = 1 kernel.grsecurity.chroot_enforce_chdir = 1 -#kernel.grsecurity.chroot_findtask = 1 +kernel.grsecurity.chroot_findtask = 1 #kernel.grsecurity.chroot_restrict_nice = 1 # |