Merge remote-tracking branch 'security/next'

author Stephen Rothwell <sfr@canb.auug.org.au>

Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)

committer Stephen Rothwell <sfr@canb.auug.org.au>

Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)
author Stephen Rothwell <sfr@canb.auug.org.au>
Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)
committer Stephen Rothwell <sfr@canb.auug.org.au>
Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)
diff --cc MAINTAINERS
Simple merge
diff --cc include/asm-generic/siginfo.h

index 5e5e3865f1edb3df5b928b6d0b2951b91c3dbccc,af5d0350f84cc030070e656445ef908bb29648ac..8ed67779fc09cef1b60407e4eb5361aadbeb7027
--- 1/include/asm-generic/siginfo.h
--- 2/include/asm-generic/siginfo.h
+++ b/include/asm-generic/siginfo.h
@@@ -98,9 -90,18 +98,18 @@@ typedef struct siginfo 
                         __ARCH_SI_BAND_T _band; /* POLL_IN, POLL_OUT, POLL_MSG */
                         int _fd;
                 } _sigpoll;
+ 
+               /* SIGSYS */
+               struct {
+                       void __user *_call_addr; /* calling user insn */
+                       int _syscall;   /* triggering system call number */
+                       unsigned int _arch;     /* AUDIT_ARCH_* of syscall */
+               } _sigsys;
         } _sifields;
- -} siginfo_t;
+ +} __ARCH_SI_ATTRIBUTES siginfo_t;
   
+ /* If the arch shares siginfo, then it has SIGSYS. */
+ #define __ARCH_SIGSYS
   #endif
   
   /*
diff --cc include/linux/filter.h

index 72090994d789c235c7f73545cec3bc136ff57600,f2e53152e835c91dab568cac58b69fcf2c555851..82b01357af8b0672c330c648f3b01f5aa65134d2
--- 1/include/linux/filter.h
--- 2/include/linux/filter.h
+++ b/include/linux/filter.h
@@@ -232,7 -239,7 +243,8 @@@ enum 
         BPF_S_ANC_HATYPE,
         BPF_S_ANC_RXHASH,
         BPF_S_ANC_CPU,
+ +      BPF_S_ANC_ALU_XOR_X,
+       BPF_S_ANC_SECCOMP_LD_W,
   };
   
   #endif /* __KERNEL__ */
diff --cc kernel/fork.c
Simple merge
diff --cc net/compat.c
Simple merge
diff --cc net/core/filter.c
Simple merge
diff --cc security/commoncap.c

index 71a166a05975bfef1ea92f68473dc147063b4a7b,edd3918fac02793991db97ae0c937cb09f04c319..f80d116093915acb906b7bd80a9424d5d1f98f0b
--- 1/security/commoncap.c
--- 2/security/commoncap.c
+++ b/security/commoncap.c
@@@ -506,13 -505,10 +506,15 @@@ int cap_bprm_set_creds(struct linux_bin
         }
   skip:
   
+ +      /* if we have fs caps, clear dangerous personality flags */
+ +      if (!cap_issubset(new->cap_permitted, old->cap_permitted))
+ +              bprm->per_clear |= PER_CLEAR_ON_SETID;
+ +
+ +
         /* Don't let someone trace a set[ug]id/setpcap binary with the revised
-        * credentials unless they have the appropriate permit
+        * credentials unless they have the appropriate permit.
+        *
+        * In addition, if NO_NEW_PRIVS, then ensure we get no new privs.
          */
         if ((new->euid != old->uid ||
              new->egid != old->gid ||
author	Stephen Rothwell <sfr@canb.auug.org.au>
	Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)
committer	Stephen Rothwell <sfr@canb.auug.org.au>
	Mon, 30 Apr 2012 03:26:05 +0000 (13:26 +1000)
		1	2
MAINTAINERS	patch \|	diff1 \|	diff2 \|	blob \| history
include/asm-generic/siginfo.h	patch \|	diff1 \|	diff2 \|	blob \| history
include/linux/filter.h	patch \|	diff1 \|	diff2 \|	blob \| history
kernel/fork.c	patch \|	diff1 \|	diff2 \|	blob \| history
net/compat.c	patch \|	diff1 \|	diff2 \|	blob \| history
net/core/filter.c	patch \|	diff1 \|	diff2 \|	blob \| history
security/commoncap.c	patch \|	diff1 \|	diff2 \|	blob \| history