sys-kernel/coreos-{sources,kernel}: update to 4.6

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.6

@@ -2,7 +2,6 @@
 CONFIG_SYSVIPC=y
 CONFIG_POSIX_MQUEUE=y
 # CONFIG_CROSS_MEMORY_ATTACH is not set
-CONFIG_FHANDLE=y
 CONFIG_AUDIT=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
@@ -171,7 +170,6 @@ CONFIG_INET_IPCOMP=m
 CONFIG_INET_XFRM_MODE_TRANSPORT=m
 CONFIG_INET_XFRM_MODE_TUNNEL=m
 CONFIG_INET_XFRM_MODE_BEET=m
-CONFIG_INET_LRO=m
 CONFIG_INET_DIAG=m
 CONFIG_INET_UDP_DIAG=m
 CONFIG_TCP_CONG_ADVANCED=y
@@ -450,7 +448,6 @@ CONFIG_DCB=y
 CONFIG_OPENVSWITCH=m
 CONFIG_VSOCKETS=m
 CONFIG_VMWARE_VMCI_VSOCKETS=m
-CONFIG_NETLINK_MMAP=y
 CONFIG_NETLINK_DIAG=m
 CONFIG_MPLS_ROUTING=m
 CONFIG_CGROUP_NET_PRIO=y

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/arm64_defconfig-4.6

@@ -1,7 +1,6 @@
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_SYSVIPC=y
 CONFIG_POSIX_MQUEUE=y
-CONFIG_FHANDLE=y
 CONFIG_AUDIT=y
 CONFIG_NO_HZ_IDLE=y
 CONFIG_HIGH_RES_TIMERS=y
@@ -42,7 +41,6 @@ CONFIG_MODULE_SIG=y
 CONFIG_MODULE_SIG_SHA256=y
 CONFIG_BLK_DEV_THROTTLING=y
 # CONFIG_IOSCHED_DEADLINE is not set
-CONFIG_ARCH_EXYNOS7=y
 CONFIG_ARCH_MEDIATEK=y
 CONFIG_ARCH_QCOM=y
 CONFIG_ARCH_SEATTLE=y
@@ -73,7 +71,6 @@ CONFIG_IP_PNP=y
 CONFIG_IP_PNP_DHCP=y
 CONFIG_IP_PNP_BOOTP=y
 CONFIG_SYN_COOKIES=y
-# CONFIG_INET_LRO is not set
 CONFIG_NETFILTER=y
 CONFIG_BRIDGE_NETFILTER=y
 CONFIG_NF_CONNTRACK=y
@@ -263,8 +260,6 @@ CONFIG_MSM_GCC_8916=y
 CONFIG_MAILBOX=y
 # CONFIG_IOMMU_SUPPORT is not set
 CONFIG_ARCH_TEGRA_132_SOC=y
-# CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set
-# CONFIG_PHY_EXYNOS_DP_VIDEO is not set
 CONFIG_PHY_XGENE=y
 CONFIG_EXT2_FS=y
 CONFIG_EXT3_FS=y
@@ -315,7 +310,6 @@ CONFIG_SCHEDSTATS=y
 CONFIG_DEBUG_CREDENTIALS=y
 # CONFIG_FTRACE is not set
 CONFIG_DEBUG_SET_MODULE_RONX=y
-CONFIG_DEBUG_RODATA=y
 CONFIG_DEBUG_ALIGN_RODATA=y
 CONFIG_SECURITY=y
 CONFIG_CRYPTO_ANSI_CPRNG=y

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest

@@ -1,2 +1 @@
-DIST linux-4.5.tar.xz 88375040 SHA256 a40defb401e01b37d6b8c8ad5c1bbab665be6ac6310cdeed59950c96b31a519c SHA512 cb0d5f30baff37dfea40fbc1119a1482182f95858c883e019ee3f81055c8efbdb9dba7dfc02ebcc4216db38f03ece58688e69efc0fce1dade359af30bd5426de WHIRLPOOL 8faa0b02c5733fc45dbe61f82a7022e9246b9b1665f27541d4afa5d14c310b9dce7a8532dfac8273898edf8c6923654ee2fbcf2cec1ec2a220f4c9f926f2b333
+DIST linux-4.6.tar.xz 89461728 SHA256 a93771cd5a8ad27798f22e9240538dfea48d3a2bf2a6a6ab415de3f02d25d866 SHA512 df5ee40b0ebd89914a900f63c32a481cb4f405d8f792b2d03ea167ce9c5bdf75154c7bd8ecd7ebac77a8dbf2b077c972cbfe6b95163e27c38c1fefc6ddbdfa0b WHIRLPOOL 50ee28a06930ffb29ade1aa5fb4e3bf165ead92cb660dc6771a265cdbc2240713ebf14fe235fa153d8b6e3ab853852ea06c2525209cd7989aa3d6f6fad5b7edf
-DIST patch-4.5.4.xz 190944 SHA256 6a9cfe691ac77346c48b7f83375a1880ebb379594de1000acad45da45d711e42 SHA512 56eb7551ba39b087bc0bd8d12e1a2006974ed7640d03751a540ad9f04b7e325efd3488ae3ebbbaddea46dc25dc666ddeccde9969f5ef8fa139088689da7e9147 WHIRLPOOL 19da92049dedeab810b4a3df72f93295ec0288f4d42006310731c74d4f2876b441e2114b84b2937a63d18c9682047a415cb87b36deecc9c4323ce457d9c56ae2

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.5.4.ebuild

@@ -1,45 +0,0 @@
-# Copyright 2014 CoreOS, Inc.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-ETYPE="sources"
-inherit kernel-2
-detect_version
-
-DESCRIPTION="Full sources for the CoreOS Linux kernel"
-HOMEPAGE="http://www.kernel.org"
-SRC_URI="${KERNEL_URI}"
-
-KEYWORDS="amd64 arm64"
-IUSE=""
-
-PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}"
-
-# XXX: Note we must prefix the patch filenames with "z" to ensure they are
-# applied _after_ a potential patch-${KV}.patch file, present when building a
-# patchlevel revision.  We mustn't apply our patches first, it fails when the
-# local patches overlap with the upstream patch.
-
-# in $PATCH_DIR: ls -1 | sed -e 's/^/\t${PATCH_DIR}\//g' -e 's/$/ \\/g'
-UNIPATCH_LIST="
-		${PATCH_DIR}/0001-Add-secure_modules-call.patch \
-		${PATCH_DIR}/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \
-		${PATCH_DIR}/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \
-		${PATCH_DIR}/0004-ACPI-Limit-access-to-custom_method.patch \
-		${PATCH_DIR}/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \
-		${PATCH_DIR}/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \
-		${PATCH_DIR}/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \
-		${PATCH_DIR}/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \
-		${PATCH_DIR}/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \
-		${PATCH_DIR}/0010-Add-option-to-automatically-enforce-module-signature.patch \
-		${PATCH_DIR}/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
-		${PATCH_DIR}/0012-efi-Add-EFI_SECURE_BOOT-bit.patch \
-		${PATCH_DIR}/0013-hibernate-Disable-in-a-signed-modules-environment.patch \
-		${PATCH_DIR}/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \
-		${PATCH_DIR}/0015-Overlayfs-Use-copy-up-security-hooks.patch \
-		${PATCH_DIR}/0016-SELinux-Stub-in-copy-up-handling.patch \
-		${PATCH_DIR}/0017-SELinux-Handle-opening-of-a-unioned-file.patch \
-		${PATCH_DIR}/0018-SELinux-Check-against-union-label-for-file-operation.patch \
-		${PATCH_DIR}/0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
-		${PATCH_DIR}/0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
-"

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.6.0.ebuild

@@ -0,0 +1,45 @@
+# Copyright 2014 CoreOS, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+DESCRIPTION="Full sources for the CoreOS Linux kernel"
+HOMEPAGE="http://www.kernel.org"
+SRC_URI="${KERNEL_URI}"
+
+KEYWORDS="amd64 arm64"
+IUSE=""
+
+PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}"
+
+# XXX: Note we must prefix the patch filenames with "z" to ensure they are
+# applied _after_ a potential patch-${KV}.patch file, present when building a
+# patchlevel revision.  We mustn't apply our patches first, it fails when the
+# local patches overlap with the upstream patch.
+
+# in $PATCH_DIR: ls -1 | sed -e 's/^/\t${PATCH_DIR}\//g' -e 's/$/ \\/g'
+UNIPATCH_LIST="
+        ${PATCH_DIR}/z0001-Add-secure_modules-call.patch \
+        ${PATCH_DIR}/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \
+        ${PATCH_DIR}/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \
+        ${PATCH_DIR}/z0004-ACPI-Limit-access-to-custom_method.patch \
+        ${PATCH_DIR}/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \
+        ${PATCH_DIR}/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \
+        ${PATCH_DIR}/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \
+        ${PATCH_DIR}/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \
+        ${PATCH_DIR}/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \
+        ${PATCH_DIR}/z0010-Add-option-to-automatically-enforce-module-signature.patch \
+        ${PATCH_DIR}/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
+        ${PATCH_DIR}/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch \
+        ${PATCH_DIR}/z0013-hibernate-Disable-in-a-signed-modules-environment.patch \
+        ${PATCH_DIR}/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \
+        ${PATCH_DIR}/z0015-Overlayfs-Use-copy-up-security-hooks.patch \
+        ${PATCH_DIR}/z0016-SELinux-Stub-in-copy-up-handling.patch \
+        ${PATCH_DIR}/z0017-SELinux-Handle-opening-of-a-unioned-file.patch \
+        ${PATCH_DIR}/z0018-SELinux-Check-against-union-label-for-file-operation.patch \
+        ${PATCH_DIR}/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
+        ${PATCH_DIR}/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
+"

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0001-Add-secure_modules-call.patch

@@ -1,7 +1,7 @@
-From 02edef7def11ef45c9dca82382f4d5037b359ce6 Mon Sep 17 00:00:00 2001
+From c35230624d1464523272de88a5085cd808e2eb97 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH 01/21] Add secure_modules() call
+Subject: [PATCH 01/20] Add secure_modules() call
 
 Provide a single call to allow kernel code to determine whether the system
 has been configured to either disable module loading entirely or to load
@@ -41,10 +41,10 @@ index 2bb0c30..ab13009 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 794ebe8..7dfb91b 100644
+index 041200c..392ac8c 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4112,3 +4112,13 @@ void module_layout(struct module *mod,
+@@ -4080,3 +4080,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -59,5 +59,5 @@ index 794ebe8..7dfb91b 100644
 +}
 +EXPORT_SYMBOL(secure_modules);
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,7 +1,7 @@
-From 4f9bf3ce823a63e72687fa331bdcfd9050f00b54 Mon Sep 17 00:00:00 2001
+From de2acb86b00352b3e58c55aa5474970bd52640a5 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH 02/21] PCI: Lock down BAR access when module security is
+Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
  enabled
 
 Any hardware that can potentially generate DMA has to be locked down from
@@ -18,7 +18,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  3 files changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 95d9e7b..0e249f1 100644
+index 342b691..2809631 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -30,6 +30,7 @@
@@ -39,7 +39,7 @@ index 95d9e7b..0e249f1 100644
  	if (off > dev->cfg_size)
  		return 0;
  	if (off + count > dev->cfg_size) {
-@@ -998,6 +1002,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -1002,6 +1006,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
  	resource_size_t start, end;
  	int i;
  
@@ -49,7 +49,7 @@ index 95d9e7b..0e249f1 100644
  	for (i = 0; i < PCI_ROM_RESOURCE; i++)
  		if (res == &pdev->resource[i])
  			break;
-@@ -1098,6 +1105,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1102,6 +1109,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
  				     struct bin_attribute *attr, char *buf,
  				     loff_t off, size_t count)
  {
@@ -114,5 +114,5 @@ index b91c4da..98f5637 100644
  
  	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch

@@ -1,7 +1,7 @@
-From fbcd2f7543b10fb9ff7075eab04aafc8ced67761 Mon Sep 17 00:00:00 2001
+From 9822e9d4cc1c380146f6b7b0984a9f03c2d5ee30 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
-Subject: [PATCH 03/21] x86: Lock down IO port access when module security is
+Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
  enabled
 
 IO port access would permit users to gain access to PCI configuration
@@ -16,7 +16,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 7 insertions(+), 2 deletions(-)
 
 diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
-index 37dae79..1ecc03c 100644
+index 589b319..ab83724 100644
 --- a/arch/x86/kernel/ioport.c
 +++ b/arch/x86/kernel/ioport.c
 @@ -15,6 +15,7 @@
@@ -36,7 +36,7 @@ index 37dae79..1ecc03c 100644
  		return -EPERM;
  
  	/*
-@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
+@@ -108,7 +109,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
  		return -EINVAL;
  	/* Trying to gain more privileges? */
  	if (level > old) {
@@ -44,9 +44,9 @@ index 37dae79..1ecc03c 100644
 +		if (!capable(CAP_SYS_RAWIO) || secure_modules())
  			return -EPERM;
  	}
- 	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
+ 	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 4f6f94c..9d53d66 100644
+index 71025c2..86e5bfa 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -27,6 +27,7 @@
@@ -68,5 +68,5 @@ index 4f6f94c..9d53d66 100644
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0004-ACPI-Limit-access-to-custom_method.patch

@@ -1,7 +1,7 @@
-From c84966668b5d607812d3f3788dcfa7fbcab400a3 Mon Sep 17 00:00:00 2001
+From b2f6e6b53381d5213e128e1266d1a4728bcb1e7f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
-Subject: [PATCH 04/21] ACPI: Limit access to custom_method
+Subject: [PATCH 04/20] ACPI: Limit access to custom_method
 
 custom_method effectively allows arbitrary access to system memory, making
 it possible for an attacker to circumvent restrictions on module loading.
@@ -27,5 +27,5 @@ index c68e724..4277938 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,7 +1,7 @@
-From aafea7dbb04999694c5d7514a8ade6dffc80b6a8 Mon Sep 17 00:00:00 2001
+From e84e314c9dbc752726045c29a7464a6b6910dd1f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
-Subject: [PATCH 05/21] asus-wmi: Restrict debugfs interface when module
+Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
  loading is restricted
 
 We have no way of validating what all of the Asus WMI methods do on a
@@ -50,5 +50,5 @@ index a96630d..92bf6b1 100644
  				     1, asus->debug.method_id,
  				     &input, &output);
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,7 +1,7 @@
-From e1a26d978277b78e5f0f393018cecc2e6f6660ab Mon Sep 17 00:00:00 2001
+From 75bf36f24bd1efeadb16130281207f488e38ad51 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH 06/21] Restrict /dev/mem and /dev/kmem when module loading is
+Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
  restricted
 
 Allowing users to write to address space makes it possible for the kernel
@@ -14,7 +14,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 6 insertions(+)
 
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 9d53d66..918f43a 100644
+index 86e5bfa..3264735 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
@@ -38,5 +38,5 @@ index 9d53d66..918f43a 100644
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,7 +1,7 @@
-From 2d464f9da317e687e5fa03b7a079ad811192f491 Mon Sep 17 00:00:00 2001
+From 301e69031df178a811ddb0745ed910518c36fbbe Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
-Subject: [PATCH 07/21] acpi: Ignore acpi_rsdp kernel parameter when module
+Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
  loading is restricted
 
 This option allows userspace to pass the RSDP address to the kernel, which
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 67da6fb..e027761 100644
+index 814d5f8..84ca0b5 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -40,6 +40,7 @@
@@ -35,5 +35,5 @@ index 67da6fb..e027761 100644
  #endif
  
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch

@@ -1,7 +1,7 @@
-From e6288d2d10780371525b4fadaabc8c2d5ac87ad8 Mon Sep 17 00:00:00 2001
+From a92898f1e8f05643870686a48812d2898127cf8e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
-Subject: [PATCH 08/21] kexec: Disable at runtime if the kernel enforces module
+Subject: [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module
  loading restrictions
 
 kexec permits the loading and execution of arbitrary code in ring 0, which
@@ -35,5 +35,5 @@ index ee70aef..755198b 100644
  
  	/*
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch

@@ -1,7 +1,7 @@
-From 0cf91ec9a013fe36fc934519e02d5ac3a281b907 Mon Sep 17 00:00:00 2001
+From b68abccfa5c9dca3e8c921139bcd5e794ae8e67c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
-Subject: [PATCH 09/21] x86: Restrict MSR access when module loading is
+Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
  restricted
 
 Writing to MSRs should not be allowed if module loading is restricted,
@@ -15,7 +15,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 64f9616..7fde015 100644
+index 7f3550a..963ba40 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
 @@ -83,6 +83,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
@@ -40,5 +40,5 @@ index 64f9616..7fde015 100644
  			err = -EFAULT;
  			break;
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0010-Add-option-to-automatically-enforce-module-signature.patch

@@ -1,7 +1,7 @@
-From 6e0533e9784929c426d8b9b8566f28d7b79aa109 Mon Sep 17 00:00:00 2001
+From ec3ce7daf05ab4d0456a06235e5f91f09fc57268 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH 10/21] Add option to automatically enforce module signatures
+Subject: [PATCH 10/20] Add option to automatically enforce module signatures
  when in Secure Boot mode
 
 UEFI Secure Boot provides a mechanism for ensuring that the firmware will
@@ -34,10 +34,10 @@ index 95a4d34..b8527c6 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index c46662f..a10f771 100644
+index 2dc18605..a701d09 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1754,6 +1754,16 @@ config EFI_MIXED
+@@ -1785,6 +1785,16 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -130,10 +130,10 @@ index 3292543..b61f853 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index d3d80e6..94eb7dd 100644
+index 2367ae0..1a78bf7 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1145,6 +1145,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1146,6 +1146,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -164,10 +164,10 @@ index ab13009..e072b84 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 7dfb91b..6eb3c6c 100644
+index 392ac8c..676c578 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4113,6 +4113,13 @@ void module_layout(struct module *mod,
+@@ -4081,6 +4081,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -182,5 +182,5 @@ index 7dfb91b..6eb3c6c 100644
  {
  #ifdef CONFIG_MODULE_SIG
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch

@@ -1,7 +1,7 @@
-From 635479012d1f2ecc3109f8d026286ed54e429e89 Mon Sep 17 00:00:00 2001
+From 6c1648fa6c1e91977c502e2f2a5b3c4f09124ce6 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
-Subject: [PATCH 11/21] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
+Subject: [PATCH 11/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
 
 The functionality of the config option is dependent upon the platform being
 UEFI based.  Reflect this in the config deps.
@@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index a10f771..36a2818 100644
+index a701d09..fef4036 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1755,7 +1755,8 @@ config EFI_MIXED
+@@ -1786,7 +1786,8 @@ config EFI_MIXED
  	   If unsure, say N.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE
@@ -26,5 +26,5 @@ index a10f771..36a2818 100644
  	---help---
  	  UEFI Secure Boot provides a mechanism for ensuring that the
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch

@@ -1,7 +1,7 @@
-From a3ac48fab6c056a4857dcb1adea99871d5846cd8 Mon Sep 17 00:00:00 2001
+From d1440220844d8a0cca8168526fc2d6a74787283c Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
-Subject: [PATCH 12/21] efi: Add EFI_SECURE_BOOT bit
+Subject: [PATCH 12/20] efi: Add EFI_SECURE_BOOT bit
 
 UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
 for use with efi_enabled.
@@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 94eb7dd..7c9fc347 100644
+index 1a78bf7..564921b 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1147,7 +1147,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1148,7 +1148,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -27,10 +27,10 @@ index 94eb7dd..7c9fc347 100644
  #endif
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 47be3ad..9bf95e8 100644
+index 1626474..2bd4516 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -980,6 +980,7 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -1009,6 +1009,7 @@ extern int __init efi_setup_pcdp_console(char *);
  #define EFI_ARCH_1		7	/* First arch-specific bit */
  #define EFI_DBG			8	/* Print additional debug info at runtime */
  #define EFI_NX_PE_DATA		9	/* Can runtime data regions be mapped non-executable? */
@@ -39,5 +39,5 @@ index 47be3ad..9bf95e8 100644
  #ifdef CONFIG_EFI
  /*
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0013-hibernate-Disable-in-a-signed-modules-environment.patch

@@ -1,7 +1,7 @@
-From 4483ccc2fb447291aaafe690570437e72b54a396 Mon Sep 17 00:00:00 2001
+From df84f18e06e61f63e4e7847d455a3601b15a941a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
-Subject: [PATCH 13/21] hibernate: Disable in a signed modules environment
+Subject: [PATCH 13/20] hibernate: Disable in a signed modules environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the signed modules trust model,
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index b7342a2..8a6b218 100644
+index fca9254..ffd8644 100644
 --- a/kernel/power/hibernate.c
 +++ b/kernel/power/hibernate.c
 @@ -29,6 +29,7 @@
@@ -35,5 +35,5 @@ index b7342a2..8a6b218 100644
  
  /**
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch

@@ -1,7 +1,7 @@
-From 5b5cf4e83fc167101790192e8f6711fb9f879101 Mon Sep 17 00:00:00 2001
+From 21bb922ca499884980a7a98992bb0b00c05c223a Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:31 +0100
-Subject: [PATCH 14/21] Security: Provide copy-up security hooks for unioned
+Subject: [PATCH 14/20] Security: Provide copy-up security hooks for unioned
  files
 
 Provide two new security hooks for use with security files that are used when
@@ -21,7 +21,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  3 files changed, 54 insertions(+)
 
 diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
-index 71969de..f5b7267 100644
+index cdee11c..adef596 100644
 --- a/include/linux/lsm_hooks.h
 +++ b/include/linux/lsm_hooks.h
 @@ -401,6 +401,24 @@
@@ -49,7 +49,7 @@ index 71969de..f5b7267 100644
   *
   * Security hooks for file operations
   *
-@@ -1425,6 +1443,9 @@ union security_list_options {
+@@ -1424,6 +1442,9 @@ union security_list_options {
  	int (*inode_listsecurity)(struct inode *inode, char *buffer,
  					size_t buffer_size);
  	void (*inode_getsecid)(struct inode *inode, u32 *secid);
@@ -59,7 +59,7 @@ index 71969de..f5b7267 100644
  
  	int (*file_permission)(struct file *file, int mask);
  	int (*file_alloc_security)(struct file *file);
-@@ -1694,6 +1715,8 @@ struct security_hook_heads {
+@@ -1695,6 +1716,8 @@ struct security_hook_heads {
  	struct list_head inode_setsecurity;
  	struct list_head inode_listsecurity;
  	struct list_head inode_getsecid;
@@ -69,10 +69,10 @@ index 71969de..f5b7267 100644
  	struct list_head file_alloc_security;
  	struct list_head file_free_security;
 diff --git a/include/linux/security.h b/include/linux/security.h
-index 4824a4c..1f9ea40 100644
+index 157f0cb..449f1b0 100644
 --- a/include/linux/security.h
 +++ b/include/linux/security.h
-@@ -274,6 +274,10 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf
+@@ -276,6 +276,10 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf
  int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
  int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
  void security_inode_getsecid(struct inode *inode, u32 *secid);
@@ -83,7 +83,7 @@ index 4824a4c..1f9ea40 100644
  int security_file_permission(struct file *file, int mask);
  int security_file_alloc(struct file *file);
  void security_file_free(struct file *file);
-@@ -740,6 +744,16 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
+@@ -744,6 +748,16 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
  	*secid = 0;
  }
  
@@ -101,7 +101,7 @@ index 4824a4c..1f9ea40 100644
  {
  	return 0;
 diff --git a/security/security.c b/security/security.c
-index e8ffd92..f1a1dbf 100644
+index 3644b03..8548340 100644
 --- a/security/security.c
 +++ b/security/security.c
 @@ -726,6 +726,19 @@ void security_inode_getsecid(struct inode *inode, u32 *secid)
@@ -124,7 +124,7 @@ index e8ffd92..f1a1dbf 100644
  int security_file_permission(struct file *file, int mask)
  {
  	int ret;
-@@ -1660,6 +1673,10 @@ struct security_hook_heads security_hook_heads = {
+@@ -1662,6 +1675,10 @@ struct security_hook_heads security_hook_heads = {
  		LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
  	.inode_getsecid =
  		LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
@@ -136,5 +136,5 @@ index e8ffd92..f1a1dbf 100644
  		LIST_HEAD_INIT(security_hook_heads.file_permission),
  	.file_alloc_security =
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0015-Overlayfs-Use-copy-up-security-hooks.patch

@@ -1,7 +1,7 @@
-From eabd104a61199840d5dfe65a8a6eb353fc112600 Mon Sep 17 00:00:00 2001
+From 4eac8c9deb0ffddf8d71b6783675087a4ee6b436 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:31 +0100
-Subject: [PATCH 15/21] Overlayfs: Use copy-up security hooks
+Subject: [PATCH 15/20] Overlayfs: Use copy-up security hooks
 
 Use the copy-up security hooks previously provided to allow an LSM to adjust
 the security on a newly created copy and to filter the xattrs copied to that
@@ -13,10 +13,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  1 file changed, 12 insertions(+)
 
 diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
-index d894e7c..41ca95d 100644
+index cc514da..a181c7c 100644
 --- a/fs/overlayfs/copy_up.c
 +++ b/fs/overlayfs/copy_up.c
-@@ -70,6 +70,14 @@ retry:
+@@ -102,6 +102,14 @@ retry:
  			value_size = size;
  			goto retry;
  		}
@@ -31,7 +31,7 @@ index d894e7c..41ca95d 100644
  
  		error = vfs_setxattr(new, name, value, size, 0);
  		if (error)
-@@ -233,6 +241,10 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
+@@ -265,6 +273,10 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
  	if (err)
  		goto out2;
  
@@ -41,7 +41,7 @@ index d894e7c..41ca95d 100644
 +
  	if (S_ISREG(stat->mode)) {
  		struct path upperpath;
- 		ovl_path_upper(dentry, &upperpath);
+ 
--- 
+-- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0016-SELinux-Stub-in-copy-up-handling.patch

@@ -1,7 +1,7 @@
-From 798fc50146e1c819932435bb2e0d92ef180fad81 Mon Sep 17 00:00:00 2001
+From f3798692115e472f7d508d725f8952b29250370e Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
-Subject: [PATCH 16/21] SELinux: Stub in copy-up handling
+Subject: [PATCH 16/20] SELinux: Stub in copy-up handling
 
 Provide stubs for union/overlay copy-up handling.  The xattr copy up stub
 discards lower SELinux xattrs rather than letting them be copied up so that
@@ -13,7 +13,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  1 file changed, 20 insertions(+)
 
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index f1ab715..d361b74 100644
+index 912deee..b4e3e63 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -3253,6 +3253,24 @@ static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
@@ -51,5 +51,5 @@ index f1ab715..d361b74 100644
  	LSM_HOOK_INIT(file_permission, selinux_file_permission),
  	LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0017-SELinux-Handle-opening-of-a-unioned-file.patch

@@ -1,7 +1,7 @@
-From 7c5c4e06a08f0f397e44bd88e8aff169fa407af6 Mon Sep 17 00:00:00 2001
+From 518b46aa4f4d0198593c2ffd9a3927db686d3c43 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
-Subject: [PATCH 17/21] SELinux: Handle opening of a unioned file
+Subject: [PATCH 17/20] SELinux: Handle opening of a unioned file
 
 Handle the opening of a unioned file by trying to derive the label that would
 be attached to the union-layer inode if it doesn't exist.
@@ -26,7 +26,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  2 files changed, 70 insertions(+)
 
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index d361b74..7186928 100644
+index b4e3e63..e5d0e2d 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -3584,10 +3584,72 @@ static int selinux_file_receive(struct file *file)
@@ -129,5 +129,5 @@ index a2ae054..54cce84 100644
  };
  
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0018-SELinux-Check-against-union-label-for-file-operation.patch

@@ -1,7 +1,7 @@
-From 92ca3f0e63d46f131f75f57ef2b6a44bd8acd2ab Mon Sep 17 00:00:00 2001
+From c847761aacd96fb03f6493ffc800ef9310d34ef7 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
-Subject: [PATCH 18/21] SELinux: Check against union label for file operations
+Subject: [PATCH 18/20] SELinux: Check against union label for file operations
 
 File operations (eg. read, write) issued against a file that is attached to
 the lower layer of a union file needs to be checked against the union-layer
@@ -16,7 +16,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 7186928..a44cca7 100644
+index e5d0e2d..c3f94dd 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -1745,6 +1745,7 @@ static int file_has_perm(const struct cred *cred,
@@ -46,5 +46,5 @@ index 7186928..a44cca7 100644
  out:
  	return rc;
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch

@@ -1,7 +1,7 @@
-From cb9ecb801b14c59df0a34717eb7ff4e5caff44e4 Mon Sep 17 00:00:00 2001
+From 1ef23e9e2c7d6d47ceeaf74d685d951ef109db7a Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 19/21] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 19/20] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 7b3ecdc..7d950e4 100644
+index 0f9cb36..44097a4 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
@@ -26,5 +26,5 @@ index 7b3ecdc..7d950e4 100644
  
  # Leave processing to above invocation of make
 -- 
-2.7.3
+2.8.2
 

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.6/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch

@@ -1,7 +1,7 @@
-From a19700db885d083eebff877f9b14e387d824f812 Mon Sep 17 00:00:00 2001
+From 6a65a70406567cf4c1264e9baa54b37844c3d5e1 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Tue, 22 Dec 2015 07:43:52 +0000
-Subject: [PATCH 20/21] Don't verify write permissions on lower inodes on
+Subject: [PATCH 20/20] Don't verify write permissions on lower inodes on
  overlayfs
 
 If a user opens a file r/w on overlayfs, and if the underlying inode is
@@ -33,10 +33,10 @@ index a4ff5d0..6ba3443 100644
  out_dput:
  	dput(alias);
 diff --git a/include/linux/fs.h b/include/linux/fs.h
-index ae68100..fb6e94b 100644
+index 70e61b5..ba1ed95 100644
 --- a/include/linux/fs.h
 +++ b/include/linux/fs.h
-@@ -83,6 +83,7 @@ typedef void (dax_iodone_t)(struct buffer_head *bh_map, int uptodate);
+@@ -85,6 +85,7 @@ typedef void (dax_iodone_t)(struct buffer_head *bh_map, int uptodate);
  #define MAY_CHDIR		0x00000040
  /* called from RCU mode, don't block */
  #define MAY_NOT_BLOCK		0x00000080
@@ -45,7 +45,7 @@ index ae68100..fb6e94b 100644
  /*
   * flags in file.f_mode.  Note that FMODE_READ and FMODE_WRITE must correspond
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index a44cca7..f5ca93c 100644
+index c3f94dd..37f438c 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -2967,6 +2967,15 @@ static int selinux_inode_permission(struct inode *inode, int mask)
@@ -65,5 +65,5 @@ index a44cca7..f5ca93c 100644
  
  	/* No permission to check.  Existence test. */
 -- 
-2.7.3
+2.8.2