summaryrefslogtreecommitdiff
path: root/system/easy-kernel/0120-XATTR_USER_PREFIX.patch
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2022-03-13 18:37:36 -0500
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2022-05-01 17:05:54 -0500
commit5ee14d3ae6662498723b1daf6f00f1a71521740f (patch)
tree9898987815da56f4f2b79c6e85ceb384c24ebb15 /system/easy-kernel/0120-XATTR_USER_PREFIX.patch
parent59e83832ec569bcc4b2dd0b39d5553aa5210cb81 (diff)
downloadpackages-5ee14d3ae6662498723b1daf6f00f1a71521740f.tar.gz
packages-5ee14d3ae6662498723b1daf6f00f1a71521740f.tar.bz2
packages-5ee14d3ae6662498723b1daf6f00f1a71521740f.tar.xz
packages-5ee14d3ae6662498723b1daf6f00f1a71521740f.zip
system/easy-kernel: Replace with 5.15 test-kernel
Diffstat (limited to 'system/easy-kernel/0120-XATTR_USER_PREFIX.patch')
-rw-r--r--system/easy-kernel/0120-XATTR_USER_PREFIX.patch67
1 files changed, 67 insertions, 0 deletions
diff --git a/system/easy-kernel/0120-XATTR_USER_PREFIX.patch b/system/easy-kernel/0120-XATTR_USER_PREFIX.patch
new file mode 100644
index 000000000..245dcc29f
--- /dev/null
+++ b/system/easy-kernel/0120-XATTR_USER_PREFIX.patch
@@ -0,0 +1,67 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+
+This patch adds support for a restricted user-controlled namespace on
+tmpfs filesystem used to house PaX flags. The namespace must be of the
+form user.pax.* and its value cannot exceed a size of 8 bytes.
+
+This is needed even on all Gentoo systems so that XATTR_PAX flags
+are preserved for users who might build packages using portage on
+a tmpfs system with a non-hardened kernel and then switch to a
+hardened kernel with XATTR_PAX enabled.
+
+The namespace is added to any user with Extended Attribute support
+enabled for tmpfs. Users who do not enable xattrs will not have
+the XATTR_PAX flags preserved.
+
+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
+index 1590c49..5eab462 100644
+--- a/include/uapi/linux/xattr.h
++++ b/include/uapi/linux/xattr.h
+@@ -73,5 +73,9 @@
+ #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
+
++/* User namespace */
++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."
++#define XATTR_PAX_FLAGS_SUFFIX "flags"
++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
+
+ #endif /* _UAPI_LINUX_XATTR_H */
+--- a/mm/shmem.c 2020-05-04 15:30:27.042035334 -0400
++++ b/mm/shmem.c 2020-05-04 15:34:57.013881725 -0400
+@@ -3238,6 +3238,14 @@ static int shmem_xattr_handler_set(const
+ struct shmem_inode_info *info = SHMEM_I(inode);
+
+ name = xattr_full_name(handler, name);
++
++ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
++ if (strcmp(name, XATTR_NAME_PAX_FLAGS))
++ return -EOPNOTSUPP;
++ if (size > 8)
++ return -EINVAL;
++ }
++
+ return simple_xattr_set(&info->xattrs, name, value, size, flags, NULL);
+ }
+
+@@ -3253,6 +3261,12 @@ static const struct xattr_handler shmem_
+ .set = shmem_xattr_handler_set,
+ };
+
++static const struct xattr_handler shmem_user_xattr_handler = {
++ .prefix = XATTR_USER_PREFIX,
++ .get = shmem_xattr_handler_get,
++ .set = shmem_xattr_handler_set,
++};
++
+ static const struct xattr_handler *shmem_xattr_handlers[] = {
+ #ifdef CONFIG_TMPFS_POSIX_ACL
+ &posix_acl_access_xattr_handler,
+@@ -3260,6 +3274,7 @@ static const struct xattr_handler *shmem
+ #endif
+ &shmem_security_xattr_handler,
+ &shmem_trusted_xattr_handler,
++ &shmem_user_xattr_handler,
+ NULL
+ };
+