- 29 Feb, 2016 40 commits
-
-
Serge Hallyn authored
It is turned on by default, but can be turned off if admins prefer or, more importantly, if a security vulnerability is found. The intent is to use this as mitigation so long as Ubuntu is on the cutting edge of enablement for things like unprivileged filesystem mounting. (This patch is tweaked from the one currently still in Debian sid, which in turn came from the patch we had in saucy) Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> [bwh: Remove unneeded binary sysctl bits] Signed-off-by:
Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1526869Signed-off-by:
-
Tim Gardner authored
Signed-off-by: -
Haren Myneni authored
BugLink: http://bugs.launchpad.net/bugs/1529666 NX842 coprocessor sets 3rd bit in CR register with XER[S0] which is nothing to do with NX request. Since this bit can be set with other valuable return status, mast this bit. One of other bits (INITIATED, BUSY or REJECTED) will be returned for any given NX request. Signed-off-by:
Haren Myneni <haren@us.ibm.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from linux-next commit 6333ed8f) Signed-off-by:
-
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Jann Horn authored
BugLink: http://bugs.launchpad.net/bugs/1527374 ptrace_has_cap() checks whether the current process should be treated as having a certain capability for ptrace checks against another process. Until now, this was equivalent to has_ns_capability(current, target_ns, CAP_SYS_PTRACE). However, if a root-owned process wants to enter a user namespace for some reason without knowing who owns it and therefore can't change to the namespace owner's uid and gid before entering, as soon as it has entered the namespace, the namespace owner can attach to it via ptrace and thereby gain access to its uid and gid. While it is possible for the entering process to switch to the uid of a claimed namespace owner before entering, causing the attempt to enter to fail if the claimed uid is wrong, this doesn't solve the problem of determining an appropriate gid. With this change, the entering process can first enter the namespace and then safely inspect the namespace's properties, e.g. through /proc/self/{uid_map,gid_map}, assuming that the namespace owner doesn't have access to uid 0. Signed-off-by:
Jann Horn <jann@thejh.net> Reference: https://lkml.org/lkml/2015/12/12/259Acked-by:
Andy Whitcroft <andy.whitcroft@canonical.com> Acked-by:
Brad Figg <brad.figg@canonical.com> Signed-off-by:
Kamal Mostafa <kamal@canonical.com>
-
Hui Wang authored
BugLink: http://bugs.launchpad.net/bugs/1527096 This commit wants to enable the Intel Baytrail I2C semaphore, this driver was added into the kernel from v4.0. The driver implements a hardware semphore to protect the I2C bus to be shared among several users safely. We have met a problem on a Cherry Trail platform, when we insert the SD storage card into the SD slot, the system will hang, after enable this driver in the kernel, the problem disappers. This driver depends on the "CONFIG_IOSF_MBI=y", so we change this config item from m to y. Signed-off-by:
Hui Wang <hui.wang@canonical.com> Signed-off-by:
-
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Andy Whitcroft authored
UBUNTU: [Config] disable CONFIG_CRYPTO_AES_ARM64_CE* to avoid issues with ARMv8.1 support in latest compilers Signed-off-by:Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
UBUNTU: [Config] disable CONFIG_ARM64_LSE_ATOMICS to avoid issues with ARMv8.1 support in latest compilers Signed-off-by: -
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Andy Whitcroft authored
Signed-off-by: -
Andy Whitcroft authored
Signed-off-by:
-
Andy Whitcroft authored
Signed-off-by: -
Andy Whitcroft authored
We are not yet making tools packages for s390x. Enable the basic tools to fill out this package. BugLink: http://bugs.launchpad.net/bugs/1524319Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1525297Signed-off-by:
-
Tim Gardner authored
Annotations are unique to the derivative. Therefore, use annotations found in the derivative config directory. Signed-off-by:
Paolo Pisati <paolo.pisati@canonical.com>
-
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1522210Signed-off-by:
-
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
Signed-off-by: -
Andy Whitcroft authored
Signed-off-by:
-
