main/linux-virt-grsec: upgrade to version 3.12.4

1 files changed, 0 insertions, 31 deletions

diff --git a/main/linux-virt-grsec/sysctl_lxc.patch b/main/linux-virt-grsec/sysctl_lxc.patch
deleted file mode 100644
index 56279aa03..000000000
--- a/main/linux-virt-grsec/sysctl_lxc.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-This patch allows guests to set /proc/sys/net/*/ip_forward without
-needing CAP_SYS_ADMIN.
-
-diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index 1e6dc7e..0a5638b 100644
---- a/fs/proc/proc_sysctl.c
-+++ b/fs/proc/proc_sysctl.c
-@@ -11,6 +11,7 @@
- #include <linux/namei.h>
- #include <linux/mm.h>
- #include <linux/module.h>
-+#include <linux/nsproxy.h>
- #include "internal.h"
- 
- extern int gr_handle_chroot_sysctl(const int op);
-@@ -521,8 +522,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
- 	dput(filp->f_path.dentry);
- 	if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
- 		goto out;
--	if (write && !capable(CAP_SYS_ADMIN))
--		goto out;
-+	if (write) {
-+		if (current->nsproxy->net_ns != table->extra2) {
-+			if (!capable(CAP_SYS_ADMIN))
-+				goto out;
-+		} else if (!nsown_capable(CAP_NET_ADMIN))
-+			goto out;
-+	}
- #endif
- 
- 	/* careful: calling conventions are nasty here */