Revert "linux: Disable LSM for /dev/io port access"

This reverts commit 5b966f1b0a.
2026-04-12 04:05:53 +02:00 · 2022-04-21 19:29:32 +00:00
parent 5b966f1b0a
commit 5bd8fc1273
2 changed files with 0 additions and 33 deletions
--- a/lfs/linux
+++ b/lfs/linux
@@ -143,9 +143,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch

-	# Unfortunately, /dev/io access is needed for firmware flashing; patch out LSM part in ioport.c
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
-
 ifeq "$(BUILD_ARCH)" "armv6l"
 	# Apply Arm-multiarch kernel patches.
 	cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
--- a/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
+++ b/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
@@ -1,30 +0,0 @@
--- linux-5.15.32.orig/arch/x86/kernel/ioport.c	2022-04-19 12:54:46.468477540 +0000
-+++ linux-5.15.32/arch/x86/kernel/ioport.c	2022-04-19 12:56:21.423185714 +0000
-@@ -4,7 +4,6 @@
-  * by Linus. 32/64 bits code unification by Miguel Botón.
-  */
- #include <linux/capability.h>
-#include <linux/security.h>
- #include <linux/syscalls.h>
- #include <linux/bitmap.h>
- #include <linux/ioport.h>
-@@ -70,8 +69,7 @@
- 
- 	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
- 		return -EINVAL;
-	if (turn_on && (!capable(CAP_SYS_RAWIO) ||
-			security_locked_down(LOCKDOWN_IOPORT)))
-+	if (turn_on && (!capable(CAP_SYS_RAWIO)))
- 		return -EPERM;
- 
- 	/*
-@@ -186,8 +184,7 @@
- 
- 	/* Trying to gain more privileges? */
- 	if (level > old) {
-		if (!capable(CAP_SYS_RAWIO) ||
-		    security_locked_down(LOCKDOWN_IOPORT))
-+		if (!capable(CAP_SYS_RAWIO))
- 			return -EPERM;
- 	}
-