diff options
author | Mike Pagano <mpagano@gentoo.org> | 2015-03-18 19:16:43 -0400 |
---|---|---|
committer | Mike Pagano <mpagano@gentoo.org> | 2015-03-18 19:16:43 -0400 |
commit | aca5f6281d96053a892f47fb707516f7df7d56a9 (patch) | |
tree | 618aa368d9538e31039eac6bd6d6bb1a923299d0 /1510_fs-enable-link-security-restrictions-by-default.patch | |
parent | Add patch to support namespace user.pax.* on tmpfs, bug #470644 (diff) | |
download | linux-patches-aca5f6281d96053a892f47fb707516f7df7d56a9.tar.gz linux-patches-aca5f6281d96053a892f47fb707516f7df7d56a9.tar.bz2 linux-patches-aca5f6281d96053a892f47fb707516f7df7d56a9.zip |
Patch to enable link security restrictions by default. Patch to disable Windows 8 compatibility for some Lenovo ThinkPads. Patch to ensure that /dev/root doesn't appear in /proc/mounts when bootint without an initramfs. Path to not not lock when UMH is waiting on current thread spawned by linuxrc. (bug #481344) fbcondecor bootsplash patch. Add Gentoo Linux support config settings and defaults. Kernel patch that enables gcc < v4.9 optimizations for additional CPUs. Kernel patch enables gcc >= v4.9 optimizations for additional CPUs.
Diffstat (limited to '1510_fs-enable-link-security-restrictions-by-default.patch')
-rw-r--r-- | 1510_fs-enable-link-security-restrictions-by-default.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch new file mode 100644 index 00000000..639fb3c3 --- /dev/null +++ b/1510_fs-enable-link-security-restrictions-by-default.patch @@ -0,0 +1,22 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Subject: fs: Enable link security restrictions by default +Date: Fri, 02 Nov 2012 05:32:06 +0000 +Bug-Debian: https://bugs.debian.org/609455 +Forwarded: not-needed + +This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 +('VFS: don't do protected {sym,hard}links by default'). + +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -651,8 +651,8 @@ static inline void put_link(struct namei + path_put(link); + } + +-int sysctl_protected_symlinks __read_mostly = 0; +-int sysctl_protected_hardlinks __read_mostly = 0; ++int sysctl_protected_symlinks __read_mostly = 1; ++int sysctl_protected_hardlinks __read_mostly = 1; + + /** + * may_follow_link - Check symlink following for unsafe situations |