Difference between revisions of "Download/kernel/rhel5/028stab047.1/changes"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(created)
 
m (Protected "Download/kernel/rhel5/028stab047.1/changes": Robot: Protecting a list of files. [edit=autoconfirmed:move=autoconfirmed])
 
(No difference)

Latest revision as of 18:29, 22 October 2009

Changes

  • Security fixes (see RHSA-2007:0940 for details)
  • Added TPE feature from grsecurity
  • Other minor fixes

Config changes

Added:

  • +CONFIG_GRKERNSEC=y
  • +CONFIG_GRKERNSEC_TPE=y
  • +CONFIG_GRKERNSEC_TPE_ALL=y
  • +CONFIG_GRKERNSEC_TPE_GID=1005
  • +CONFIG_GRKERNSEC_SYSCTL=y
  • +CONFIG_GRKERNSEC_FLOODTIME=10
  • +CONFIG_GRKERNSEC_FLOODBURST=4

Patches

diff-cpt-ptr-warn-20071015

Patch from Alexey Kuznetsov <alexey@openvz.org>
[CPT] warning in cpt_restore_process()

diff-cpt-warn-20071011

Patch from Alexandr Andreev <aandreev@openvz.org>
[PATCH] CPT: fix some compilation warnings

  • fix declaration of variable after statements
  • fix asmlinkage declaration of hook

[dev@: corrected asmlinkage fix]

diff-grsec-2.1.10-tpe-core-20071010

Patch from Alexandr Andreev <aandreev@openvz.org>
[PATCH] grsecurity: TPE feature

This patch is a part of big grsecure-2.1.10 patch.

This patch doesn't contain virtualization support, and source code looks like original grsecure source as much as possible.

V2 - added TPE check in mmap()/mprotect() V3 - removed exec_file; added grsec_lock feature

Bug #92177.

diff-grsec-2.1.10-tpe-virt-20071010

Patch from Alexandr Andreev <aandreev@openvz.org>
[PATCH] grsecurity: TPE feature virtualization

Bug #92177.

diff-ms-faster-oom-20071023

Patch from Denis Lunev <den@openvz.org>
Exit from OOMed process ASAP rather then dig in try_to_free_pages().

It can spend really lots of time in try_to_free_pages() (up to minutes), while process selected for OOM should die ASAP.

Bug #79344.

diff-ms-net-bridge-via-eth-f-20071022

Patch from Vitaliy Gusev <vgusev@openvz.org>

When via_phys_dev flag is set then bridge doesn't have any ip address. Therefore ip-traffic HW->VE passes only if bridge has the same MAC-address as real ethernet interface. This patch corrects checking for input packets.

Bug #92737.

diff-smp-nmi-show-regs-b

Patch from Vitaliy Gusev <vgusev@openvz.org>
[PATCH] fix bust_spinlocks() race when doing Alt-SysRq-P via NMI IPI

smp_show_regs() function calls bust_spinlocks() which is not protected by any lock.

Just call bust_spinlocks() under smp_show_regs lock.

Bug #92669.

diff-ve-proc-sound-20071015

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] hide global /proc/asound entry from VE

create_proc_entry() in sound/core/info.c is called with gobal parent == &proc_root, thus /proc/asound is global. Make it VE0 local.

Bug #92723.