From 5e745e2af599e045cbf3bdab0f8ee6798a51cb0d Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 16 Dec 2015 10:24:49 -0800
Subject: [PATCH] sys-kernel/coreos-kernel: bump to 4.3.3

---
 ...0-r3.ebuild => coreos-kernel-4.3.3.ebuild} |  2 +-
 ...-r1.ebuild => coreos-sources-4.3.3.ebuild} |  3 +-
 .../4.3/0001-Add-secure_modules-call.patch    |  2 +-
 ...R-access-when-module-security-is-ena.patch |  2 +-
 ...-port-access-when-module-security-is.patch |  2 +-
 ...4-ACPI-Limit-access-to-custom_method.patch |  2 +-
 ...t-debugfs-interface-when-module-load.patch |  2 +-
 ...-and-dev-kmem-when-module-loading-is.patch |  2 +-
 ..._rsdp-kernel-parameter-when-module-l.patch |  2 +-
 ...-runtime-if-the-kernel-enforces-modu.patch |  2 +-
 ...-access-when-module-loading-is-restr.patch |  2 +-
 ...tomatically-enforce-module-signature.patch |  4 +-
 ...ECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch |  2 +-
 .../0012-efi-Add-EFI_SECURE_BOOT-bit.patch    |  4 +-
 ...able-in-a-signed-modules-environment.patch |  2 +-
 ...-copy-up-security-hooks-for-unioned-.patch |  2 +-
 ...Overlayfs-Use-copy-up-security-hooks.patch |  2 +-
 ...016-SELinux-Stub-in-copy-up-handling.patch |  2 +-
 ...nux-Handle-opening-of-a-unioned-file.patch |  2 +-
 ...ainst-union-label-for-file-operation.patch |  2 +-
 ...s-wl18xx-Add-missing-MODULE_FIRMWARE.patch |  2 +-
 ...e-a-minimal-buffer-in-ovl_copy_xattr.patch |  2 +-
 ...ative-path-for-KBUILD_SRC-from-CURD.patch} |  8 ++--
 ...dev-fix-return-code-of-fdb_dump-stub.patch | 38 -------------------
 24 files changed, 28 insertions(+), 67 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.3.0-r3.ebuild => coreos-kernel-4.3.3.ebuild} (86%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.3.0-r1.ebuild => coreos-sources-4.3.3.ebuild} (93%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/{0022-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch => 0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch} (84%)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-net-switchdev-fix-return-code-of-fdb_dump-stub.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.0-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.3.ebuild
similarity index 86%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.0-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.3.ebuild
index 4cdc6203e3..ad6f2587f5 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.0-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.3.3.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=5
-COREOS_SOURCE_REVISION="-r1"
+COREOS_SOURCE_REVISION=""
 inherit coreos-kernel
 
 DESCRIPTION="CoreOS Linux kernel"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.3.ebuild
similarity index 93%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.0-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.3.ebuild
index 9c93e60e5d..7b6648c80d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.0-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.3.3.ebuild
@@ -36,7 +36,6 @@ UNIPATCH_LIST="
         ${PATCH_DIR}/0018-SELinux-Check-against-union-label-for-file-operation.patch \
         ${PATCH_DIR}/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch \
         ${PATCH_DIR}/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch \
-        ${PATCH_DIR}/0021-net-switchdev-fix-return-code-of-fdb_dump-stub.patch \
-        ${PATCH_DIR}/0022-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
+        ${PATCH_DIR}/0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
 "
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0001-Add-secure_modules-call.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0001-Add-secure_modules-call.patch
index 72b6f9cbe6..6d7cedba28 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0001-Add-secure_modules-call.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0001-Add-secure_modules-call.patch
@@ -1,4 +1,4 @@
-From f4b4e6d9d747199355a1af3d19b9c6e3883c6f69 Mon Sep 17 00:00:00 2001
+From 58ac4936ef210d203f9b1b1314c6f08f9df34cdc Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/21] Add secure_modules() call
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
index 194e5b1901..1c55c6d5d1 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@@ -1,4 +1,4 @@
-From e1479978a5b79f053368c011304e528355b43757 Mon Sep 17 00:00:00 2001
+From e2dbd4f7aa5913b660e251f5b657e4e4d47a44d7 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 02/21] PCI: Lock down BAR access when module security is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
index 0cf17894e4..f873eb31b9 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
@@ -1,4 +1,4 @@
-From b5bb0f89eb70f479b63a188025b607eb221ff68e Mon Sep 17 00:00:00 2001
+From 122b2c146762195197cf60b98e0a4cbf9da8c8f1 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 03/21] x86: Lock down IO port access when module security is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0004-ACPI-Limit-access-to-custom_method.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0004-ACPI-Limit-access-to-custom_method.patch
index 5b58bb95ca..4a2d7a15f9 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0004-ACPI-Limit-access-to-custom_method.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0004-ACPI-Limit-access-to-custom_method.patch
@@ -1,4 +1,4 @@
-From b56b0339f5f4fa7cc1ed00b9c6f21e811595ae9f Mon Sep 17 00:00:00 2001
+From fd2f3d4e41bfab8c0fcb854aba457a663dad0848 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/21] ACPI: Limit access to custom_method
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
index bdc3935aa6..7b4e1d4967 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
@@ -1,4 +1,4 @@
-From 09ffe104e8f518b7085638480a098f63ca36a346 Mon Sep 17 00:00:00 2001
+From 2eeca20d2e55fb2d328b4cf7a7ce21422476ecaf Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/21] asus-wmi: Restrict debugfs interface when module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
index d0f94fa4a7..8061704b95 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
@@ -1,4 +1,4 @@
-From 3215ee6063f06b407d5f96a7ea3f47b7eb301353 Mon Sep 17 00:00:00 2001
+From 5ccba0f780b05a21f25c89be27153e00395ed8f2 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 06/21] Restrict /dev/mem and /dev/kmem when module loading is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
index 40b05a7240..e3b405ef06 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
@@ -1,4 +1,4 @@
-From 9822ba15eaa928b83bfc8faef740b55b82b309b9 Mon Sep 17 00:00:00 2001
+From 32a959e27631d17f0a7804cc08a145cac50cf00f Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/21] acpi: Ignore acpi_rsdp kernel parameter when module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index bbd4950c60..0e072f33fd 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,4 +1,4 @@
-From 8b75d9cbe2df89e63af7914534b63717024328fb Mon Sep 17 00:00:00 2001
+From 50bd32982e4a967cf77f1020c191f6d5d3f0c941 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
 Subject: [PATCH 08/21] kexec: Disable at runtime if the kernel enforces module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
index b110a37e4b..fd42d09d28 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -1,4 +1,4 @@
-From c21e00285f2b1c8d860bdc0095e05c73309634a1 Mon Sep 17 00:00:00 2001
+From c22062005f9c42f27299a5d09bcc8be0b3f465e5 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 09/21] x86: Restrict MSR access when module loading is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0010-Add-option-to-automatically-enforce-module-signature.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0010-Add-option-to-automatically-enforce-module-signature.patch
index 71e6524886..7f6ae68bf0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0010-Add-option-to-automatically-enforce-module-signature.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0010-Add-option-to-automatically-enforce-module-signature.patch
@@ -1,4 +1,4 @@
-From 354ecea4775bda0643a9b2ef5d45e67e046ddb9a Mon Sep 17 00:00:00 2001
+From e26f71a6701bb47d43247ace523d967d471fc2f0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 10/21] Add option to automatically enforce module signatures
@@ -130,7 +130,7 @@ index 3292543..b61f853 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index a3cccbf..bddbfa7 100644
+index 37c8ea8..eddb9aa 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
 @@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
index c7a30506d3..0de757cfbf 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
@@ -1,4 +1,4 @@
-From 6277cf00738caf83ca65147c4b0af06c3ed8a00a Mon Sep 17 00:00:00 2001
+From 9ee65888bd6c5e88a589090583a5cffebaf4dcab Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 11/21] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0012-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0012-efi-Add-EFI_SECURE_BOOT-bit.patch
index 6cda3d2db1..fd87b68e6f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0012-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0012-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,4 +1,4 @@
-From 589d649aad69a64dfc8802211dd5eeab11e29ba4 Mon Sep 17 00:00:00 2001
+From 445832078f9062e87f67480b19107a69e34c071e Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
 Subject: [PATCH 12/21] efi: Add EFI_SECURE_BOOT bit
@@ -13,7 +13,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index bddbfa7..2015f84 100644
+index eddb9aa..49be9a2 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
 @@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0013-hibernate-Disable-in-a-signed-modules-environment.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0013-hibernate-Disable-in-a-signed-modules-environment.patch
index c2ac018c4f..eb11b9e3ca 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0013-hibernate-Disable-in-a-signed-modules-environment.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0013-hibernate-Disable-in-a-signed-modules-environment.patch
@@ -1,4 +1,4 @@
-From b6233fa67ca06ab2f0d63e3871162598ae6bf0dd Mon Sep 17 00:00:00 2001
+From 7c42fe9368c8a9a56edc949f77eea9214e297448 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
 Subject: [PATCH 13/21] hibernate: Disable in a signed modules environment
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch
index 4c30b2dfa5..7c290058e6 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch
@@ -1,4 +1,4 @@
-From 3298b3864380851ecb8551c560d7dbce3f45c78a Mon Sep 17 00:00:00 2001
+From 3b1392d4ea14b7724a2166d79c9b505809715d0e Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:31 +0100
 Subject: [PATCH 14/21] Security: Provide copy-up security hooks for unioned
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0015-Overlayfs-Use-copy-up-security-hooks.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0015-Overlayfs-Use-copy-up-security-hooks.patch
index 6f5b826f99..65e3a34075 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0015-Overlayfs-Use-copy-up-security-hooks.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0015-Overlayfs-Use-copy-up-security-hooks.patch
@@ -1,4 +1,4 @@
-From 3d01bf723f845693c95d3e7fe556cd13b1f41796 Mon Sep 17 00:00:00 2001
+From 0b21929c1e4e111d33ac3271bc638bf6bdab3885 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:31 +0100
 Subject: [PATCH 15/21] Overlayfs: Use copy-up security hooks
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0016-SELinux-Stub-in-copy-up-handling.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0016-SELinux-Stub-in-copy-up-handling.patch
index 9582cfdc60..7119fde4ea 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0016-SELinux-Stub-in-copy-up-handling.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0016-SELinux-Stub-in-copy-up-handling.patch
@@ -1,4 +1,4 @@
-From 7e806ccf4d8426a9247aaf5b1652f6e8c15658a4 Mon Sep 17 00:00:00 2001
+From 2961980326ed02cc918c7d19e54704bd0bf34aa9 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
 Subject: [PATCH 16/21] SELinux: Stub in copy-up handling
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0017-SELinux-Handle-opening-of-a-unioned-file.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0017-SELinux-Handle-opening-of-a-unioned-file.patch
index d49686672a..acfa385a58 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0017-SELinux-Handle-opening-of-a-unioned-file.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0017-SELinux-Handle-opening-of-a-unioned-file.patch
@@ -1,4 +1,4 @@
-From 9cd5cbccade9b18c7ef250eca17396bafafd59c6 Mon Sep 17 00:00:00 2001
+From 05a4a6e58b029d892c9ea5d561ca4c57c07c380a Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
 Subject: [PATCH 17/21] SELinux: Handle opening of a unioned file
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0018-SELinux-Check-against-union-label-for-file-operation.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0018-SELinux-Check-against-union-label-for-file-operation.patch
index 76e8b0ceac..b821f75214 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0018-SELinux-Check-against-union-label-for-file-operation.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0018-SELinux-Check-against-union-label-for-file-operation.patch
@@ -1,4 +1,4 @@
-From c64b14da9495c0bcecd0d48e9fcde1898b6623b6 Mon Sep 17 00:00:00 2001
+From a83ff91c3c60b97c9fe67774c5d16cda5bca51ea Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 16 Jun 2015 14:14:32 +0100
 Subject: [PATCH 18/21] SELinux: Check against union label for file operations
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch
index af61a5f842..0f8d6ac214 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch
@@ -1,4 +1,4 @@
-From c82a8afba2f38c29c95db14f4b73fed0bd9ebbf4 Mon Sep 17 00:00:00 2001
+From 8aabcd5265fa49c0d04a69803f215924501a8f1c Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Wed, 2 Sep 2015 16:08:30 -0700
 Subject: [PATCH 19/21] net/wireless/wl18xx: Add missing MODULE_FIRMWARE
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch
index de010ef4e9..6134792131 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch
@@ -1,4 +1,4 @@
-From 8fdb5e7ddc542c21fd28922fe9aa59581b67c895 Mon Sep 17 00:00:00 2001
+From a82edeacb552264a4ab7b8470bbbb3b39622fea0 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Mon, 19 Oct 2015 17:53:12 -0700
 Subject: [PATCH 20/21] overlayfs: use a minimal buffer in ovl_copy_xattr
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0022-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
similarity index 84%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0022-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 4474091a94..c5d840aa76 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0022-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,7 +1,7 @@
-From 3348a15e9733c3ffb56ad7f9e9729a919f61eee9 Mon Sep 17 00:00:00 2001
+From 4457d5192a097a4cc002d3d7941f973bf65fa258 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 22/22] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 21/21] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index d5b3739..f64d968 100644
+index 2070d16..f825807 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
@@ -26,5 +26,5 @@ index d5b3739..f64d968 100644
  
  # Leave processing to above invocation of make
 -- 
-2.4.6
+2.4.10
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-net-switchdev-fix-return-code-of-fdb_dump-stub.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-net-switchdev-fix-return-code-of-fdb_dump-stub.patch
deleted file mode 100644
index 4003399978..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.3/0021-net-switchdev-fix-return-code-of-fdb_dump-stub.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From adab4d12ddd30b27b1d620cb73f9ac31c189c386 Mon Sep 17 00:00:00 2001
-From: Dragos Tatulea <dragos@endocode.com>
-Date: Mon, 16 Nov 2015 10:52:48 +0100
-Subject: [PATCH 21/21] net: switchdev: fix return code of fdb_dump stub
-
-rtnl_fdb_dump always expects an index to be returned by the ndo_fdb_dump op,
-but when CONFIG_NET_SWITCHDEV is off, it returns an error.
-
-Fix that by returning the given unmodified idx.
-
-A similar fix was 0890cf6cb6ab ("switchdev: fix return value of
-switchdev_port_fdb_dump in case of error") but for the CONFIG_NET_SWITCHDEV=y
-case.
-
-Fixes: 45d4122ca7cd ("switchdev: add support for fdb add/del/dump via switchdev_port_obj ops.")
-Signed-off-by: Dragos Tatulea <dragos@endocode.com>
-Acked-by: Jiri Pirko <jiri@mellanox.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- include/net/switchdev.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/include/net/switchdev.h b/include/net/switchdev.h
-index 319baab..731c40e 100644
---- a/include/net/switchdev.h
-+++ b/include/net/switchdev.h
-@@ -272,7 +272,7 @@ static inline int switchdev_port_fdb_dump(struct sk_buff *skb,
- 					  struct net_device *filter_dev,
- 					  int idx)
- {
--	return -EOPNOTSUPP;
-+       return idx;
- }
- 
- static inline void switchdev_port_fwd_mark_set(struct net_device *dev,
--- 
-2.4.10
-