diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.8.4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.8.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.8.4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.8.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.8.4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.8.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.8.4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.8.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index b8047bd93c..e8779e8854 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
 DIST linux-4.8.tar.xz 91966856 SHA256 3e9150065f193d3d94bcf46a1fe9f033c7ef7122ab71d75a7fb5a2f0c9a7e11a SHA512 a48a065f21e1c7c4de4cf8ca47b8b8d9a70f86b64e7cfa6e01be490f78895745b9c8790734b1d22182cf1f930fb87eaaa84e62ec8cc1f64ac4be9b949e7c0358 WHIRLPOOL 3888c8c07db0c069f827245d4d7306087f78f7d03e8240eb1fcd13622cd5dbe1c17cd8ed7dc11513f77f3efd5dbd84e2b48e82bdb9b9bfd2242fd62ae32812d5
-DIST patch-4.8.4.xz 39264 SHA256 86e246b19253ee3aa971403a5990376a5e33667122f7c8742cc0ee807f204403 SHA512 e4316472bb34e1fe8aa796f8a894781f3c4104b01c90598962a705b1cc35d860412dd1986571d4e59b797cf6b486f12c516668303aa8c82b6599ac30460f8de1 WHIRLPOOL ee3a0e44348247dc70e9e11bb53b2a2f29f87d65a83fd6ba9e5b10c1690240bd8258210582ef0085b7ca07a136bfa72564fb3e049fe2d2ba31b3fa0af9ad75b1
+DIST patch-4.8.6.xz 120040 SHA256 3ac0ea443ac8a7aa40f8d5ce8ec33b84abbad4dbfc567c7699df728c2c21df37 SHA512 8a3c9bbba1bb8fc49b073509320fedec085b5de0507826baced59a2acfd0bef9b3a79a2510ccffa6bf1e21098bb13efff028f87ea239b19047e9afa61c149558 WHIRLPOOL 6cc3ee3c53ca3cda622885b6cc0f4e5ec42567735550b7ed5d877f67e1456531440e599f91d3ac1814f818149348cf2385ebccc362fa8cef8de022ca684ac812
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0001-security-overlayfs-provide-copy-up-security-hook-for.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0001-security-overlayfs-provide-copy-up-security-hook-for.patch
index ffbafb143d..7a7b02ebec 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0001-security-overlayfs-provide-copy-up-security-hook-for.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0001-security-overlayfs-provide-copy-up-security-hook-for.patch
@@ -1,4 +1,4 @@
-From 01ae62a2adcadab9f862590f5e1e20ecee298bfa Mon Sep 17 00:00:00 2001
+From 1b6c9e0a97cb8a80a175f9f3c8826a611c5f7daf Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:57 -0400
 Subject: [PATCH 01/21] security, overlayfs: provide copy up security hook for
@@ -21,10 +21,10 @@ Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
  4 files changed, 40 insertions(+)
 
 diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
-index 43fdc27..e15bc8e 100644
+index abadbc3..60274d0 100644
 --- a/fs/overlayfs/copy_up.c
 +++ b/fs/overlayfs/copy_up.c
-@@ -248,6 +248,8 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
+@@ -258,6 +258,8 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
  	struct dentry *upper = NULL;
  	umode_t mode = stat->mode;
  	int err;
@@ -33,7 +33,7 @@ index 43fdc27..e15bc8e 100644
  
  	newdentry = ovl_lookup_temp(workdir, dentry);
  	err = PTR_ERR(newdentry);
-@@ -260,10 +262,23 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
+@@ -270,10 +272,23 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
  	if (IS_ERR(upper))
  		goto out1;
  
@@ -144,5 +144,5 @@ index 4838e7f..f2a7f27 100644
  		LIST_HEAD_INIT(security_hook_heads.file_permission),
  	.file_alloc_security =
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0002-selinux-Implementation-for-inode_copy_up-hook.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0002-selinux-Implementation-for-inode_copy_up-hook.patch
index 2f5aa5adc9..da561c0224 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0002-selinux-Implementation-for-inode_copy_up-hook.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0002-selinux-Implementation-for-inode_copy_up-hook.patch
@@ -1,4 +1,4 @@
-From 9b08810799d603c20cc8275fface66332a9fb805 Mon Sep 17 00:00:00 2001
+From 6c34e14b2fd724779555134eb22bc10d23aca8a7 Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:58 -0400
 Subject: [PATCH 02/21] selinux: Implementation for inode_copy_up() hook
@@ -58,5 +58,5 @@ index 13185a6..264ee90 100644
  	LSM_HOOK_INIT(file_permission, selinux_file_permission),
  	LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0003-security-overlayfs-Provide-security-hook-for-copy-up.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0003-security-overlayfs-Provide-security-hook-for-copy-up.patch
index 6d86b34388..dc1c01dbde 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0003-security-overlayfs-Provide-security-hook-for-copy-up.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0003-security-overlayfs-Provide-security-hook-for-copy-up.patch
@@ -1,4 +1,4 @@
-From 5d98f79e7ba90d24592f12037e8d531a5eaf172a Mon Sep 17 00:00:00 2001
+From e38edbd09e127629c86e1c9433c9fc064f052e0f Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:58 -0400
 Subject: [PATCH 03/21] security,overlayfs: Provide security hook for copy up
@@ -22,10 +22,10 @@ Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
  4 files changed, 31 insertions(+)
 
 diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
-index e15bc8e..db37a0e 100644
+index 60274d0..7216094 100644
 --- a/fs/overlayfs/copy_up.c
 +++ b/fs/overlayfs/copy_up.c
-@@ -105,6 +105,13 @@ retry:
+@@ -115,6 +115,13 @@ retry:
  			goto retry;
  		}
  
@@ -125,5 +125,5 @@ index f2a7f27..a9e2bb9 100644
  		LIST_HEAD_INIT(security_hook_heads.file_permission),
  	.file_alloc_security =
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0004-selinux-Implementation-for-inode_copy_up_xattr-hook.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0004-selinux-Implementation-for-inode_copy_up_xattr-hook.patch
index bb3d6d447f..bfe6c16f89 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0004-selinux-Implementation-for-inode_copy_up_xattr-hook.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0004-selinux-Implementation-for-inode_copy_up_xattr-hook.patch
@@ -1,4 +1,4 @@
-From a0347d2718f40eb2c14835d7c019905ac7c32758 Mon Sep 17 00:00:00 2001
+From ab804bd4ef10b58fadd124e6d8fb7ab98e4da0ea Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:58 -0400
 Subject: [PATCH 04/21] selinux: Implementation for inode_copy_up_xattr() hook
@@ -49,5 +49,5 @@ index 264ee90..d30d7b3 100644
  	LSM_HOOK_INIT(file_permission, selinux_file_permission),
  	LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0005-selinux-Pass-security-pointer-to-determine_inode_lab.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0005-selinux-Pass-security-pointer-to-determine_inode_lab.patch
index d59caf1325..c566346edf 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0005-selinux-Pass-security-pointer-to-determine_inode_lab.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0005-selinux-Pass-security-pointer-to-determine_inode_lab.patch
@@ -1,4 +1,4 @@
-From e60f8bb00a8034fe8231e6fa3d93bd2c730ed1ff Mon Sep 17 00:00:00 2001
+From 65a6cf8a60aad46cb5164bf89fa952761de162ef Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:59 -0400
 Subject: [PATCH 05/21] selinux: Pass security pointer to
@@ -69,5 +69,5 @@ index d30d7b3..2bf0d00 100644
  		inode_mode_to_security_class(inode->i_mode),
  		&newsid);
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0006-security-overlayfs-Provide-hook-to-correctly-label-n.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0006-security-overlayfs-Provide-hook-to-correctly-label-n.patch
index 29bc31a19e..ea9fcd7aef 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0006-security-overlayfs-Provide-hook-to-correctly-label-n.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0006-security-overlayfs-Provide-hook-to-correctly-label-n.patch
@@ -1,4 +1,4 @@
-From 5e8dead34a9154beea39cabede13c8e55f311805 Mon Sep 17 00:00:00 2001
+From 9f89a7b701a9b5625e0ea8c6099d8ea385b059e6 Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:59 -0400
 Subject: [PATCH 06/21] security, overlayfs: Provide hook to correctly label
@@ -28,10 +28,10 @@ Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
  4 files changed, 48 insertions(+)
 
 diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
-index 1560fdc..b0ffa1d 100644
+index 74e6964..adfaa21 100644
 --- a/fs/overlayfs/dir.c
 +++ b/fs/overlayfs/dir.c
-@@ -489,6 +489,15 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
+@@ -492,6 +492,15 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
  	if (override_cred) {
  		override_cred->fsuid = inode->i_uid;
  		override_cred->fsgid = inode->i_gid;
@@ -47,7 +47,7 @@ index 1560fdc..b0ffa1d 100644
  		put_cred(override_creds(override_cred));
  		put_cred(override_cred);
  
-@@ -499,6 +508,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
+@@ -502,6 +511,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
  			err = ovl_create_over_whiteout(dentry, inode, stat,
  							link, hardlink);
  	}
@@ -155,5 +155,5 @@ index a9e2bb9..69614f1 100644
  	.path_unlink =	LIST_HEAD_INIT(security_hook_heads.path_unlink),
  	.path_mkdir =	LIST_HEAD_INIT(security_hook_heads.path_mkdir),
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0007-selinux-Implement-dentry_create_files_as-hook.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0007-selinux-Implement-dentry_create_files_as-hook.patch
index dff7a5e103..aea74fac7e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0007-selinux-Implement-dentry_create_files_as-hook.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0007-selinux-Implement-dentry_create_files_as-hook.patch
@@ -1,4 +1,4 @@
-From c723b3fb6de4b0b142013ed5bebcbdf976107299 Mon Sep 17 00:00:00 2001
+From 495c11c49aaa9edf681f94d3f5534e81565b8e13 Mon Sep 17 00:00:00 2001
 From: Vivek Goyal <vgoyal@redhat.com>
 Date: Tue, 19 Jul 2016 14:34:59 -0400
 Subject: [PATCH 07/21] selinux: Implement dentry_create_files_as() hook
@@ -56,5 +56,5 @@ index 2bf0d00..603b600 100644
  	LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
  	LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0008-Add-secure_modules-call.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0008-Add-secure_modules-call.patch
index 32f5c32d8d..f59eee3e84 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0008-Add-secure_modules-call.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0008-Add-secure_modules-call.patch
@@ -1,4 +1,4 @@
-From 1cd00f30db2874ff6ba082b7d4773771613dcc1a Mon Sep 17 00:00:00 2001
+From e83babb814a144fa070a2eba1a18e00f58605dbe Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 08/21] Add secure_modules() call
@@ -59,5 +59,5 @@ index 529efae..0332fdd 100644
 +}
 +EXPORT_SYMBOL(secure_modules);
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0009-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0009-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
index b28e6923f0..85b9b077ff 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0009-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0009-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@@ -1,4 +1,4 @@
-From 00523071ddbb241d7ea6461c4205d9c4c2a4cbaa Mon Sep 17 00:00:00 2001
+From 14f640cf354fdc1b4eb7bf679667e78dbf53cf9f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 09/21] PCI: Lock down BAR access when module security is
@@ -114,5 +114,5 @@ index b91c4da..98f5637 100644
  
  	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0010-x86-Lock-down-IO-port-access-when-module-security-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0010-x86-Lock-down-IO-port-access-when-module-security-is.patch
index a7bccb7664..6415d31d91 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0010-x86-Lock-down-IO-port-access-when-module-security-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0010-x86-Lock-down-IO-port-access-when-module-security-is.patch
@@ -1,4 +1,4 @@
-From ab086c5a3fd75bf557a8a189d4801d2497949ba4 Mon Sep 17 00:00:00 2001
+From 3864e4d1deaca1f82571999e3b7257bc1a51eea0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 10/21] x86: Lock down IO port access when module security is
@@ -68,5 +68,5 @@ index a33163d..48a2897 100644
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0011-ACPI-Limit-access-to-custom_method.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0011-ACPI-Limit-access-to-custom_method.patch
index 0c9330aadd..1ac2b1c684 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0011-ACPI-Limit-access-to-custom_method.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0011-ACPI-Limit-access-to-custom_method.patch
@@ -1,4 +1,4 @@
-From 71e6ac2de7db1db61cb41e82af2b748bc133c630 Mon Sep 17 00:00:00 2001
+From 0e417eae4551f7fd3de3b54406c9400eca162f28 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 11/21] ACPI: Limit access to custom_method
@@ -27,5 +27,5 @@ index c68e724..4277938 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0012-asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0012-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
index 5b1f2f6eee..baf58369b4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0012-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0012-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
@@ -1,4 +1,4 @@
-From afe41933049853e1024f919fb79ef1a98d9364e8 Mon Sep 17 00:00:00 2001
+From ffa8097faeb299c73fc633dc851b86b1d3d032bf Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 12/21] asus-wmi: Restrict debugfs interface when module
@@ -50,5 +50,5 @@ index 7c093a0..21fd6b8 100644
  				     1, asus->debug.method_id,
  				     &input, &output);
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0013-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0013-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
index fa8f6a7b4a..bfef6a6e80 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0013-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0013-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
@@ -1,4 +1,4 @@
-From 36ce102963662a97cf8554e56d24e63456ab0829 Mon Sep 17 00:00:00 2001
+From 4b3bc1185096049ccd7f907d7fba1df72a5cfc7d Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 13/21] Restrict /dev/mem and /dev/kmem when module loading is
@@ -38,5 +38,5 @@ index 48a2897..08a7bff 100644
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0014-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0014-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
index 68b3e8a9f6..b1c77efd95 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0014-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0014-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
@@ -1,4 +1,4 @@
-From 173431ce413924b0c0ca77168802bf5380bdfacb Mon Sep 17 00:00:00 2001
+From fbe8ec927d07eb8c808c87f2e81922e4fe3606d9 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 14/21] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -35,5 +35,5 @@ index 4305ee9..fa1bcf0 100644
  #endif
  
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0015-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0015-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index 055a60d909..d27a755c3b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0015-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0015-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,4 +1,4 @@
-From df56d6b915cef75ffbe434dd0d83fd5f4964ae8a Mon Sep 17 00:00:00 2001
+From 733db6a0adb01dfdd9a43bd25b79a54861d07132 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
 Subject: [PATCH 15/21] kexec: Disable at runtime if the kernel enforces module
@@ -35,5 +35,5 @@ index 980936a..a0e4cb3 100644
  
  	/*
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0016-x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0016-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
index 23dab08bfb..534134cc49 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0016-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0016-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -1,4 +1,4 @@
-From 2f322ec08c923f034453153a6bdb40d3b6268313 Mon Sep 17 00:00:00 2001
+From e291d646614778be232acfa3ce84a94595396e1f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 16/21] x86: Restrict MSR access when module loading is
@@ -40,5 +40,5 @@ index 7f3550a..963ba40 100644
  			err = -EFAULT;
  			break;
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0017-Add-option-to-automatically-enforce-module-signature.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0017-Add-option-to-automatically-enforce-module-signature.patch
index d3d7d91a36..413f17b1ea 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0017-Add-option-to-automatically-enforce-module-signature.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0017-Add-option-to-automatically-enforce-module-signature.patch
@@ -1,4 +1,4 @@
-From 5d8a7800ba8d0c7295d8c88858291ebdbf95e063 Mon Sep 17 00:00:00 2001
+From 6cdf93dbb2dd02156f15dd25a1ae7d0c8ca6ef06 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 17/21] Add option to automatically enforce module signatures
@@ -181,5 +181,5 @@ index 0332fdd..3f1ea6b 100644
  {
  #ifdef CONFIG_MODULE_SIG
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0018-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0018-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
index 3b6ba56ff9..92a6c35ca8 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0018-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0018-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
@@ -1,4 +1,4 @@
-From 00efe9ab7a15b6c5bf4e62ba35f0bbf7c23f167f Mon Sep 17 00:00:00 2001
+From 6fbafeba27256bc1dd6b0b87332c451fba50ccb7 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 18/21] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@@ -26,5 +26,5 @@ index ba2c734..a5d6b58 100644
  	---help---
  	  UEFI Secure Boot provides a mechanism for ensuring that the
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0019-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0019-efi-Add-EFI_SECURE_BOOT-bit.patch
index b861d9f9e8..e63364ef8e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0019-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0019-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,4 +1,4 @@
-From 77c8564969225bbe01c379386e2b655e7bd58297 Mon Sep 17 00:00:00 2001
+From ba861cfb3dd80f28c707802fe670881d2b9660ab Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
 Subject: [PATCH 19/21] efi: Add EFI_SECURE_BOOT bit
@@ -39,5 +39,5 @@ index 0148a30..4b62b48 100644
  #ifdef CONFIG_EFI
  /*
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0020-hibernate-Disable-in-a-signed-modules-environment.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0020-hibernate-Disable-in-a-signed-modules-environment.patch
index 5d4bf4623e..a6ef174028 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0020-hibernate-Disable-in-a-signed-modules-environment.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0020-hibernate-Disable-in-a-signed-modules-environment.patch
@@ -1,4 +1,4 @@
-From 549485baca40509902572c0a02addd5e3d4d43b3 Mon Sep 17 00:00:00 2001
+From e1d88a8f0462830dff8c6c6a6234c26b04a5c3ce Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
 Subject: [PATCH 20/21] hibernate: Disable in a signed modules environment
@@ -35,5 +35,5 @@ index 33c79b6..d1420be 100644
  
  /**
 -- 
-2.7.3
+2.10.2
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 54d94fea33..6e0088c6c3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,4 +1,4 @@
-From 54bfa1c43bb2e21168611dba8898abfaa858b7b9 Mon Sep 17 00:00:00 2001
+From c8d539f1373079f6488a97bf0e5d9f6d09d785f8 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
 Subject: [PATCH 21/21] kbuild: derive relative path for KBUILD_SRC from CURDIR
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 82a36ab..8415a1f 100644
+index b249529..7b4791b 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -147,7 +147,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
@@ -26,5 +26,5 @@ index 82a36ab..8415a1f 100644
  
  # Leave processing to above invocation of make
 -- 
-2.7.3
+2.10.2