|
|
Changelog for uml-patch-2.4.17-9.bz2
Release Date : Jan 25 2002
Released By : jdike
-
The md config is now pulled into the UML config.
-
A segfault when a network interface has no IP addresses was fixed.
-
James McMechan's latest changes to the ubd driver are in. end_request
is now locked properly. The construction and dispatch of a request is
now much cleaner.
-
ubd_ioctl now calls blk_ioctl.
-
A stupid bug in the signal delivery code was fixed.
-
execve now uses KERNEL_CALL like it always should have.
-
Removed the ignoring of SIGSEGV from the gdb init string since it is
no longer routed through the debugger.
-
When a process is in userspace, all kernel memory (with a few exceptions) -
kernel text, static data, the heap, physical memory, and kernel virtual
memory - is write-protected.
-
The only /proc or /dev files that I know of that allow access to kernel memory
are /dev/mem and /dev/kmem. These have been disabled by removing CAP_SYS_RAWIO
from the bounding capability set.
-
UML no longer reads /proc/self/maps, so /proc is no longer required for
running UML in a chroot jail.
-
'honeypot' enables 'jail'.
-
With 'honeypot', a number of system calls need to be treated specially
because STACK_TOP > TASK_SIZE. This causes getname to return -EFAULT for
any filenames on the stack. To get around this, all system calls that
take filenames as arguments have KERNEL_DS enabled before making the
system call. Any of those system calls which also have output buffers
have those buffers checked for validity before making the system call.
|
