From f60435de0abf70c74933b838b9d2eeeb694035a1 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 20 Mar 2017 11:09:16 -0700
Subject: [PATCH] sys-kernel/coreos-sources: bump to 4.10.4

---
 ...-kernel-4.10.1-r2.ebuild => coreos-kernel-4.10.4.ebuild} | 0
 ...odules-4.10.1-r2.ebuild => coreos-modules-4.10.4.ebuild} | 0
 .../coreos-overlay/sys-kernel/coreos-sources/Manifest       | 2 +-
 ...s-sources-4.10.1.ebuild => coreos-sources-4.10.4.ebuild} | 0
 .../files/4.10/z0001-Add-secure_modules-call.patch          | 6 +++---
 ...I-Lock-down-BAR-access-when-module-security-is-ena.patch | 2 +-
 ...6-Lock-down-IO-port-access-when-module-security-is.patch | 2 +-
 .../4.10/z0004-ACPI-Limit-access-to-custom_method.patch     | 2 +-
 ...us-wmi-Restrict-debugfs-interface-when-module-load.patch | 2 +-
 ...strict-dev-mem-and-dev-kmem-when-module-loading-is.patch | 2 +-
 ...pi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch | 2 +-
 ...xec-Disable-at-runtime-if-the-kernel-enforces-modu.patch | 2 +-
 ...6-Restrict-MSR-access-when-module-loading-is-restr.patch | 2 +-
 ...d-option-to-automatically-enforce-module-signature.patch | 6 +++---
 ...efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch | 2 +-
 .../files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch      | 2 +-
 ...-hibernate-Disable-in-a-signed-modules-environment.patch | 2 +-
 ...uild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch | 4 ++--
 .../files/4.10/z0015-Add-arm64-coreos-verity-hash.patch     | 2 +-
 ...linux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch | 2 +-
 20 files changed, 22 insertions(+), 22 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.10.1-r2.ebuild => coreos-kernel-4.10.4.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-4.10.1-r2.ebuild => coreos-modules-4.10.4.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.10.1.ebuild => coreos-sources-4.10.4.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.1-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.1-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.1-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.1-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index e963594a34..2b34a70baf 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
 DIST linux-4.10.tar.xz 94231404 SHA256 3c95d9f049bd085e5c346d2c77f063b8425f191460fcd3ae9fe7e94e0477dc4b SHA512 c3690125a8402df638095bd98a613fcf1a257b81de7611c84711d315cd11e2634ab4636302b3742aedf1e3ba9ce0fea53fe8c7d48e37865d8ee5db3565220d90 WHIRLPOOL 86d021bae2dbfc4ef80c22d9e886bed4fbd9476473a2851d7beaf8ed0c7f7fbc1fa0da230eb9e763eb231b7c164c17b2a73fd336ab233543f57be280d6173738
-DIST patch-4.10.1.xz 7408 SHA256 da560125aa350f76f0e4a5b9373a0d0a1c27ccefe3b7bd9231724f3a3c4ebb9e SHA512 7d36d210eade03df91dd3bbaa9cb9bdad0a2c60e21a7b6c1be36f7610d4329b6b517517ba8d971458a2e1bc219e639dacccc8ffe6b12b8954c3ba19bf527f239 WHIRLPOOL 5cb630fd5200810a17def47983e237ce819fa2e456949a8812d859a6d7918a89cb5411c567a956d48f887da86587bcc96589a248fc3c2dda426ba46e79ff9a92
+DIST patch-4.10.4.xz 106756 SHA256 68e935fbe1c3faaf186824a44b79a26f1ab85f04a1dade2e5bce5f8c2941624d SHA512 a0631f3ee744984d9388d8e9ad98e7238d9305d94082db784b28080d9bae4f2c0cca84e4510ccfa562f5246ce1ed98c78cf41edc5a3b3bcc862ed62a1f2c8516 WHIRLPOOL a610e5d6e39fd07e8bf4e0056af7450cc6d0820c26e09052e8943ebdb8bfcdf89342f404ddc07ff2fddcada4504483ecd0688fb405549f189d6c387b3b553b48
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch
index e72e81787c..0f0ef64ff1 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch
@@ -1,4 +1,4 @@
-From 9b1968abf672666c280f169ab647045126e9b0eb Mon Sep 17 00:00:00 2001
+From b2abd80b69de4ea94e7d003a13160df562392c3a Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/16] Add secure_modules() call
@@ -41,10 +41,10 @@ index cc7cba2..da4bd57 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 3d8f126..9a565d5 100644
+index 1cd2bf3..3161532 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4299,3 +4299,13 @@ void module_layout(struct module *mod,
+@@ -4300,3 +4300,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
index 1c6437ffb5..1b3d7acf18 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@@ -1,4 +1,4 @@
-From 32e8475783408e51382fdf0fc553fc2a10142ad9 Mon Sep 17 00:00:00 2001
+From ea565b4c32c1078914c2dd9903d2aebf67bab0ee Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 02/16] PCI: Lock down BAR access when module security is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
index 206f87b7c4..4cbc5cac9f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch
@@ -1,4 +1,4 @@
-From 2685201a8e66bb2564eeeb4f36ea6f8ce7475332 Mon Sep 17 00:00:00 2001
+From 247ab2f0f22a52cc9b87a9e6dbd3c523cb02fd7c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 03/16] x86: Lock down IO port access when module security is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch
index 79e373ecee..76ea787bd9 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch
@@ -1,4 +1,4 @@
-From c559ff3e2459791d4eadb74f97b90f0c405878a2 Mon Sep 17 00:00:00 2001
+From 5eeb29907f925210621bd752aeca7f4826456ab3 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/16] ACPI: Limit access to custom_method
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
index 00ed63a011..de5fa94ebc 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch
@@ -1,4 +1,4 @@
-From 7b20c90ea8edb8dc28509e8764d17ca0bd32e580 Mon Sep 17 00:00:00 2001
+From 30c3afa1c37c6c0adbd7cb4766d96ff2f8a3c3d2 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/16] asus-wmi: Restrict debugfs interface when module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
index a03fb2172c..a7d0b93306 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
@@ -1,4 +1,4 @@
-From 5e92bc30d58f30a81381f7a2ec3ce1c40219458c Mon Sep 17 00:00:00 2001
+From c8a67b57068f99a212023507ffeea874ba658b4e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 06/16] Restrict /dev/mem and /dev/kmem when module loading is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
index f9aec4c188..6f49efa41e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
@@ -1,4 +1,4 @@
-From d252fd62fdc0f220272a34c10fed77fac91c2ac3 Mon Sep 17 00:00:00 2001
+From 5359936a69b86d5fc0893eeac402f39db3d1364a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/16] acpi: Ignore acpi_rsdp kernel parameter when module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index b23444ee3a..ddf359a72b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,4 +1,4 @@
-From 3ce57e1da8ea751fb9894d5eff1f0fc78085d2c2 Mon Sep 17 00:00:00 2001
+From f7278e3a4ee1e978444966382f09fd59e8a760bd Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
 Subject: [PATCH 08/16] kexec: Disable at runtime if the kernel enforces module
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
index 0928af6566..a5aa6274bf 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -1,4 +1,4 @@
-From fad5a47afe39f99f98627c57caf5caf6d798b0e0 Mon Sep 17 00:00:00 2001
+From e447d16529ac075611efff2a5b08a965b89f178a Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 09/16] x86: Restrict MSR access when module loading is
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch
index 5be3be4a4a..bfcaf20e98 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch
@@ -1,4 +1,4 @@
-From ed8ec0c970a5286f458976a736248c5401c8e7c2 Mon Sep 17 00:00:00 2001
+From 82c969da1e430f362b44bae864bf2da8e2d3b503 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 10/16] Add option to automatically enforce module signatures
@@ -163,10 +163,10 @@ index da4bd57..25d88bb 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 9a565d5..421ee82 100644
+index 3161532..19fe883 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4300,6 +4300,13 @@ void module_layout(struct module *mod,
+@@ -4301,6 +4301,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
index 05acb430ce..f82583a4f0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
@@ -1,4 +1,4 @@
-From 4d76d7bdd971932c8eeb5450cc05780117418ccb Mon Sep 17 00:00:00 2001
+From 91d4b04458c069b34b0ac00b0810ea430c3af757 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 11/16] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch
index f6af1b4b87..ce6a9d7a58 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,4 +1,4 @@
-From 8c7098b081b4c8e315f7da037ce387950c645896 Mon Sep 17 00:00:00 2001
+From fe4593724b038638a71e277cb2df62750a069af8 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
 Subject: [PATCH 12/16] efi: Add EFI_SECURE_BOOT bit
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch
index 4a7579e587..f375cbd77c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch
@@ -1,4 +1,4 @@
-From 3537c77a73bc43b30f917c2bdfff450d38b3b868 Mon Sep 17 00:00:00 2001
+From 69d98ac51018ec84515a087873082f139072fc94 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
 Subject: [PATCH 13/16] hibernate: Disable in a signed modules environment
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 5d63345942..6d656a033d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,4 +1,4 @@
-From bb7b57706aabc44ddaa880d97c6e582e2bf95a50 Mon Sep 17 00:00:00 2001
+From ad97f1904d0ba6ce252a0af5c1601eb376e004d1 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
 Subject: [PATCH 14/16] kbuild: derive relative path for KBUILD_SRC from CURDIR
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 09eccff..e09b6d2 100644
+index 8df819e..65abe81 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -147,7 +147,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch
index b06b8fec7e..9c2d6daed2 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch
@@ -1,4 +1,4 @@
-From 300f9b0f53ace2681ab9c36642a7df8c5c9d9837 Mon Sep 17 00:00:00 2001
+From 3014e6df9afba9273b942cbb85c912ccb58bcbd3 Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
 Subject: [PATCH 15/16] Add arm64 coreos verity hash
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch
index 76879e9cc9..1de703fd8d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch
@@ -1,4 +1,4 @@
-From 857d181d29b80708661978d16a492ee64f9fe2ca Mon Sep 17 00:00:00 2001
+From 41afe48e7ce028e30d5da92c574a4663924281fd Mon Sep 17 00:00:00 2001
 From: Stephen Smalley <sds@tycho.nsa.gov>
 Date: Mon, 9 Jan 2017 10:07:31 -0500
 Subject: [PATCH 16/16] selinux: allow context mounts on tmpfs, ramfs, devpts