commit: dc67ca51dcde0aa0d217936bb08e650f5a0a8087 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Mon Oct 30 11:29:50 2023 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Mon Oct 30 11:29:50 2023 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=dc67ca51
Remove incompatible patch Removed: 1500_XATTR_USER_PREFIX.patch Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 --- 1500_XATTR_USER_PREFIX.patch | 66 -------------------------------------------- 2 files changed, 70 deletions(-) diff --git a/0000_README b/0000_README index 1efa027c..aed4554c 100644 --- a/0000_README +++ b/0000_README @@ -43,10 +43,6 @@ EXPERIMENTAL Individual Patch Descriptions: -------------------------------------------------------------------------- -Patch: 1500_XATTR_USER_PREFIX.patch -From: https://bugs.gentoo.org/show_bug.cgi?id=470644 -Desc: Support for namespace user.pax.* on tmpfs. - Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ Desc: Enable link security restrictions by default. diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch deleted file mode 100644 index fac3eed7..00000000 --- a/1500_XATTR_USER_PREFIX.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Anthony G. Basile <[email protected]> - -This patch adds support for a restricted user-controlled namespace on -tmpfs filesystem used to house PaX flags. The namespace must be of the -form user.pax.* and its value cannot exceed a size of 8 bytes. - -This is needed even on all Gentoo systems so that XATTR_PAX flags -are preserved for users who might build packages using portage on -a tmpfs system with a non-hardened kernel and then switch to a -hardened kernel with XATTR_PAX enabled. - -The namespace is added to any user with Extended Attribute support -enabled for tmpfs. Users who do not enable xattrs will not have -the XATTR_PAX flags preserved. - - ---- a/include/uapi/linux/xattr.h 2022-11-22 05:56:58.175733644 -0500 -+++ b/include/uapi/linux/xattr.h 2022-11-22 06:04:26.394834989 -0500 -@@ -81,5 +81,9 @@ - #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" - #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT - -+/* User namespace */ -+#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax." -+#define XATTR_PAX_FLAGS_SUFFIX "flags" -+#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX - - #endif /* _UAPI_LINUX_XATTR_H */ ---- a/mm/shmem.c 2022-11-22 05:57:29.011626215 -0500 -+++ b/mm/shmem.c 2022-11-22 06:03:33.165939400 -0500 -@@ -3297,6 +3297,14 @@ static int shmem_xattr_handler_set(const - struct shmem_inode_info *info = SHMEM_I(inode); - int err; - -+ -+ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { -+ if (strcmp(name, XATTR_NAME_PAX_FLAGS)) -+ return -EOPNOTSUPP; -+ if (size > 8) -+ return -EINVAL; -+ } -+ - name = xattr_full_name(handler, name); - err = simple_xattr_set(&info->xattrs, name, value, size, flags, NULL); - if (!err) { -@@ -3312,6 +3320,12 @@ static const struct xattr_handler shmem_ - .set = shmem_xattr_handler_set, - }; - -+static const struct xattr_handler shmem_user_xattr_handler = { -+ .prefix = XATTR_USER_PREFIX, -+ .get = shmem_xattr_handler_get, -+ .set = shmem_xattr_handler_set, -+}; -+ - static const struct xattr_handler shmem_trusted_xattr_handler = { - .prefix = XATTR_TRUSTED_PREFIX, - .get = shmem_xattr_handler_get, -@@ -3325,6 +3339,7 @@ static const struct xattr_handler *shmem - #endif - &shmem_security_xattr_handler, - &shmem_trusted_xattr_handler, -+ &shmem_user_xattr_handler, - NULL - }; -
