From 69cad287f422849c9a1645ea97d49898049ee708 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 2 Mar 2016 19:37:34 -0800 Subject: [PATCH] sys-kernel/coreos-sources: fix patch ordering Our local patches get applied together with the upstream patch-$maj.$min.$pl.patch ordered lexicographically. By starting with 0's we're applying the local patches first, which breaks when their contents touch the same files. A simple way to fix this is to prefix our patches with a "z", so they're applied after the upstream patch. --- .../coreos-sources-4.4.3.ebuild | 48 +++++++++++-------- ...ch => z0001-Add-secure_modules-call.patch} | 0 ...-access-when-module-security-is-ena.patch} | 0 ...port-access-when-module-security-is.patch} | 0 ...-ACPI-Limit-access-to-custom_method.patch} | 0 ...-debugfs-interface-when-module-load.patch} | 0 ...and-dev-kmem-when-module-loading-is.patch} | 0 ...rsdp-kernel-parameter-when-module-l.patch} | 0 ...runtime-if-the-kernel-enforces-modu.patch} | 0 ...access-when-module-loading-is-restr.patch} | 0 ...omatically-enforce-module-signature.patch} | 0 ...CURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch} | 0 ...> z0012-efi-Add-EFI_SECURE_BOOT-bit.patch} | 0 ...ble-in-a-signed-modules-environment.patch} | 0 ...copy-up-security-hooks-for-unioned-.patch} | 0 ...verlayfs-Use-copy-up-security-hooks.patch} | 0 ...16-SELinux-Stub-in-copy-up-handling.patch} | 0 ...ux-Handle-opening-of-a-unioned-file.patch} | 0 ...inst-union-label-for-file-operation.patch} | 0 ...ative-path-for-KBUILD_SRC-from-CURD.patch} | 0 ...e-permissions-on-lower-inodes-on-ov.patch} | 0 ...-memory-access-in-TPM-eventlog-code.patch} | 0 22 files changed, 27 insertions(+), 21 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0001-Add-secure_modules-call.patch => z0001-Add-secure_modules-call.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch => z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0003-x86-Lock-down-IO-port-access-when-module-security-is.patch => z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0004-ACPI-Limit-access-to-custom_method.patch => z0004-ACPI-Limit-access-to-custom_method.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch => z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch => z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch => z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch => z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch => z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0010-Add-option-to-automatically-enforce-module-signature.patch => z0010-Add-option-to-automatically-enforce-module-signature.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch => z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0012-efi-Add-EFI_SECURE_BOOT-bit.patch => z0012-efi-Add-EFI_SECURE_BOOT-bit.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0013-hibernate-Disable-in-a-signed-modules-environment.patch => z0013-hibernate-Disable-in-a-signed-modules-environment.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch => z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0015-Overlayfs-Use-copy-up-security-hooks.patch => z0015-Overlayfs-Use-copy-up-security-hooks.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0016-SELinux-Stub-in-copy-up-handling.patch => z0016-SELinux-Stub-in-copy-up-handling.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0017-SELinux-Handle-opening-of-a-unioned-file.patch => z0017-SELinux-Handle-opening-of-a-unioned-file.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0018-SELinux-Check-against-union-label-for-file-operation.patch => z0018-SELinux-Check-against-union-label-for-file-operation.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch => z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch => z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/{0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch => z0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.4.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.4.3.ebuild index f5f9b3e31b..b31615da8a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.4.3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.4.3.ebuild @@ -14,27 +14,33 @@ KEYWORDS="amd64 arm64" IUSE="" PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}" + +# XXX: Note we must prefix the patch filenames with "z" to ensure they are +# applied _after_ a potential patch-${KV}.patch file, present when building a +# patchlevel revision. We mustn't apply our patches first, it fails when the +# local patches overlap with the upstream patch. + # in $PATCH_DIR: ls -1 | sed -e 's/^/\t${PATCH_DIR}\//g' -e 's/$/ \\/g' UNIPATCH_LIST=" - ${PATCH_DIR}/0001-Add-secure_modules-call.patch \ - ${PATCH_DIR}/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \ - ${PATCH_DIR}/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \ - ${PATCH_DIR}/0004-ACPI-Limit-access-to-custom_method.patch \ - ${PATCH_DIR}/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \ - ${PATCH_DIR}/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \ - ${PATCH_DIR}/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \ - ${PATCH_DIR}/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \ - ${PATCH_DIR}/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \ - ${PATCH_DIR}/0010-Add-option-to-automatically-enforce-module-signature.patch \ - ${PATCH_DIR}/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \ - ${PATCH_DIR}/0012-efi-Add-EFI_SECURE_BOOT-bit.patch \ - ${PATCH_DIR}/0013-hibernate-Disable-in-a-signed-modules-environment.patch \ - ${PATCH_DIR}/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \ - ${PATCH_DIR}/0015-Overlayfs-Use-copy-up-security-hooks.patch \ - ${PATCH_DIR}/0016-SELinux-Stub-in-copy-up-handling.patch \ - ${PATCH_DIR}/0017-SELinux-Handle-opening-of-a-unioned-file.patch \ - ${PATCH_DIR}/0018-SELinux-Check-against-union-label-for-file-operation.patch \ - ${PATCH_DIR}/0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \ - ${PATCH_DIR}/0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \ - ${PATCH_DIR}/0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch \ + ${PATCH_DIR}/z0001-Add-secure_modules-call.patch \ + ${PATCH_DIR}/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \ + ${PATCH_DIR}/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \ + ${PATCH_DIR}/z0004-ACPI-Limit-access-to-custom_method.patch \ + ${PATCH_DIR}/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \ + ${PATCH_DIR}/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \ + ${PATCH_DIR}/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \ + ${PATCH_DIR}/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \ + ${PATCH_DIR}/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \ + ${PATCH_DIR}/z0010-Add-option-to-automatically-enforce-module-signature.patch \ + ${PATCH_DIR}/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \ + ${PATCH_DIR}/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch \ + ${PATCH_DIR}/z0013-hibernate-Disable-in-a-signed-modules-environment.patch \ + ${PATCH_DIR}/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \ + ${PATCH_DIR}/z0015-Overlayfs-Use-copy-up-security-hooks.patch \ + ${PATCH_DIR}/z0016-SELinux-Stub-in-copy-up-handling.patch \ + ${PATCH_DIR}/z0017-SELinux-Handle-opening-of-a-unioned-file.patch \ + ${PATCH_DIR}/z0018-SELinux-Check-against-union-label-for-file-operation.patch \ + ${PATCH_DIR}/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \ + ${PATCH_DIR}/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \ + ${PATCH_DIR}/z0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0001-Add-secure_modules-call.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0001-Add-secure_modules-call.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0001-Add-secure_modules-call.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0001-Add-secure_modules-call.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0004-ACPI-Limit-access-to-custom_method.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0004-ACPI-Limit-access-to-custom_method.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0004-ACPI-Limit-access-to-custom_method.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0004-ACPI-Limit-access-to-custom_method.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0010-Add-option-to-automatically-enforce-module-signature.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0010-Add-option-to-automatically-enforce-module-signature.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0010-Add-option-to-automatically-enforce-module-signature.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0010-Add-option-to-automatically-enforce-module-signature.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0012-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0012-efi-Add-EFI_SECURE_BOOT-bit.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0013-hibernate-Disable-in-a-signed-modules-environment.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0013-hibernate-Disable-in-a-signed-modules-environment.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0013-hibernate-Disable-in-a-signed-modules-environment.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0013-hibernate-Disable-in-a-signed-modules-environment.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0015-Overlayfs-Use-copy-up-security-hooks.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0015-Overlayfs-Use-copy-up-security-hooks.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0015-Overlayfs-Use-copy-up-security-hooks.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0015-Overlayfs-Use-copy-up-security-hooks.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0016-SELinux-Stub-in-copy-up-handling.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0016-SELinux-Stub-in-copy-up-handling.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0016-SELinux-Stub-in-copy-up-handling.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0016-SELinux-Stub-in-copy-up-handling.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0017-SELinux-Handle-opening-of-a-unioned-file.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0017-SELinux-Handle-opening-of-a-unioned-file.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0017-SELinux-Handle-opening-of-a-unioned-file.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0017-SELinux-Handle-opening-of-a-unioned-file.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0018-SELinux-Check-against-union-label-for-file-operation.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0018-SELinux-Check-against-union-label-for-file-operation.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0018-SELinux-Check-against-union-label-for-file-operation.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0018-SELinux-Check-against-union-label-for-file-operation.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.4/z0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch