Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0b4f5b1d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files
To obtain new flag FLOWI_FLAG_KNOWN_NH to fix netfilter's xt_TEE target.
parents 939ccba4 9f0d3c27
Loading
Loading
Loading
Loading
+14 −0
Original line number Diff line number Diff line
@@ -14,6 +14,10 @@
*.o.*
*.a
*.s
*.ko.unsigned
*.ko.stripped
*.ko.stripped.dig
*.ko.stripped.sig
*.ko
*.so
*.so.dbg
@@ -84,3 +88,13 @@ GTAGS
*.orig
*~
\#*#

#
# Leavings from module signing
#
extra_certificates
signing_key.priv
signing_key.x509
signing_key.x509.keyid
signing_key.x509.signer
x509.genkey
+0 −2
Original line number Diff line number Diff line
@@ -270,8 +270,6 @@ preempt-locking.txt
	- info on locking under a preemptive kernel.
printk-formats.txt
	- how to get printk format specifiers right
prio_tree.txt
	- info on radix-priority-search-tree use for indexing vmas.
ramoops.txt
	- documentation of the ramoops oops/panic logging module.
rbtree.txt
+0 −22
Original line number Diff line number Diff line
What:	/proc/<pid>/oom_adj
When:	August 2012
Why:	/proc/<pid>/oom_adj allows userspace to influence the oom killer's
	badness heuristic used to determine which task to kill when the kernel
	is out of memory.

	The badness heuristic has since been rewritten since the introduction of
	this tunable such that its meaning is deprecated.  The value was
	implemented as a bitshift on a score generated by the badness()
	function that did not have any precise units of measure.  With the
	rewrite, the score is given as a proportion of available memory to the
	task allocating pages, so using a bitshift which grows the score
	exponentially is, thus, impossible to tune with fine granularity.

	A much more powerful interface, /proc/<pid>/oom_score_adj, was
	introduced with the oom killer rewrite that allows users to increase or
	decrease the badness score linearly.  This interface will replace
	/proc/<pid>/oom_adj.

	A warning will be emitted to the kernel log if an application uses this
	deprecated interface.  After it is printed once, future warnings will be
	suppressed until the kernel is rebooted.
+21 −4
Original line number Diff line number Diff line
@@ -12,11 +12,14 @@ Description:
		then closing the file.  The new policy takes effect after
		the file ima/policy is closed.

		IMA appraisal, if configured, uses these file measurements
		for local measurement appraisal.

		rule format: action [condition ...]

		action: measure | dont_measure
		action: measure | dont_measure | appraise | dont_appraise | audit
		condition:= base | lsm
			base:	[[func=] [mask=] [fsmagic=] [uid=]]
			base:	[[func=] [mask=] [fsmagic=] [uid=] [fowner]]
			lsm:	[[subj_user=] [subj_role=] [subj_type=]
				 [obj_user=] [obj_role=] [obj_type=]]

@@ -24,36 +27,50 @@ Description:
			mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
			fsmagic:= hex value
			uid:= decimal value
			fowner:=decimal value
		lsm:  	are LSM specific

		default policy:
			# PROC_SUPER_MAGIC
			dont_measure fsmagic=0x9fa0
			dont_appraise fsmagic=0x9fa0
			# SYSFS_MAGIC
			dont_measure fsmagic=0x62656572
			dont_appraise fsmagic=0x62656572
			# DEBUGFS_MAGIC
			dont_measure fsmagic=0x64626720
			dont_appraise fsmagic=0x64626720
			# TMPFS_MAGIC
			dont_measure fsmagic=0x01021994
			dont_appraise fsmagic=0x01021994
			# RAMFS_MAGIC
			dont_measure fsmagic=0x858458f6
			dont_appraise fsmagic=0x858458f6
			# SECURITYFS_MAGIC
			dont_measure fsmagic=0x73636673
			dont_appraise fsmagic=0x73636673

			measure func=BPRM_CHECK
			measure func=FILE_MMAP mask=MAY_EXEC
			measure func=FILE_CHECK mask=MAY_READ uid=0
			appraise fowner=0

		The default policy measures all executables in bprm_check,
		all files mmapped executable in file_mmap, and all files
		open for read by root in do_filp_open.
		open for read by root in do_filp_open.  The default appraisal
		policy appraises all files owned by root.

		Examples of LSM specific definitions:

		SELinux:
			# SELINUX_MAGIC
			dont_measure fsmagic=0xF97CFF8C
			dont_measure fsmagic=0xf97cff8c
			dont_appraise fsmagic=0xf97cff8c

			dont_measure obj_type=var_log_t
			dont_appraise obj_type=var_log_t
			dont_measure obj_type=auditd_log_t
			dont_appraise obj_type=auditd_log_t
			measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
			measure subj_role=system_r func=FILE_CHECK mask=MAY_READ

+14 −0
Original line number Diff line number Diff line
@@ -206,3 +206,17 @@ Description:
		when a discarded area is read the discard_zeroes_data
		parameter will be set to one. Otherwise it will be 0 and
		the result of reading a discarded area is undefined.

What:		/sys/block/<disk>/queue/write_same_max_bytes
Date:		January 2012
Contact:	Martin K. Petersen <martin.petersen@oracle.com>
Description:
		Some devices support a write same operation in which a
		single data block can be written to a range of several
		contiguous blocks on storage. This can be used to wipe
		areas on disk or to initialize drives in a RAID
		configuration. write_same_max_bytes indicates how many
		bytes can be written in a single write same command. If
		write_same_max_bytes is 0, write same is not supported
		by the device.
Loading