Moved to tree, fixes bug 376175

Package-Manager: portage-2.2.0_alpha51/cvs/Linux x86_64

7 files changed, 657 insertions, 0 deletions

diff --git a/sys-fs/aufs3/ChangeLog b/sys-fs/aufs3/ChangeLog
new file mode 100644
index 000000000000..65393413cf42
--- /dev/null
+++ b/sys-fs/aufs3/ChangeLog
@@ -0,0 +1,34 @@
+# ChangeLog for sys-fs/aufs3
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/aufs3/ChangeLog,v 1.1 2011/08/28 09:48:57 jlec Exp $
+
+  28 Aug 2011; Justin Lecher <jlec@gentoo.org> +files/aufs3-base-0.patch,
+  +files/aufs3-standalone-0.patch, +aufs3-3_p20110815.ebuild, +files/pax.patch,
+  +metadata.xml:
+  Moved to tree, fixes bug 376175
+
+  27 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild:
+  Make CONFIG check for EXPORTFS matadory for USE=nfs
+
+  19 Aug 2011; Justin Lecher <jlec@gentoo.org> files/aufs3-standalone-0.patch,
+  -files/aufs3-base-1.patch, -files/aufs3-standalone-1.patch,
+  aufs3-3_p20110815.ebuild:
+  Cleaned some USE=doc problems
+
+  18 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild:
+  Corrected to new kernel versioning scheme
+
+  16 Aug 2011; Justin Lecher <jlec@gentoo.org> files/aufs3-standalone-1.patch:
+  Fix missing upstream export of symbols
+
+  15 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild,
+  metadata.xml:
+  Changed USE hardened to pax_kernel, #375811
+
+*aufs3-3_p20110815 (15 Aug 2011)
+
+  15 Aug 2011; Justin Lecher <jlec@gentoo.org> +files/aufs3-base-0.patch,
+  +files/aufs3-standalone-0.patch, +files/aufs3-base-1.patch,
+  +files/aufs3-standalone-1.patch, +aufs3-3_p20110815.ebuild, +metadata.xml:
+  Initial commit
+
diff --git a/sys-fs/aufs3/Manifest b/sys-fs/aufs3/Manifest
new file mode 100644
index 000000000000..7ded7ddbcfe6
--- /dev/null
+++ b/sys-fs/aufs3/Manifest
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+AUX aufs3-base-0.patch 2711 RMD160 bf3995e925b25d97c02673dfad596ea35ee4f0f5 SHA1 f193efb6a1f44a0bb5630974e6b209877097970d SHA256 4d6e669f9bebc301d0acf3e0dedaaff84aaa19ef7633da3c11cc3430d232ce86
+AUX aufs3-standalone-0.patch 7665 RMD160 ebaf20b9222331ff7563fdda085d138552646de6 SHA1 0ad9823aad93e0181cb37a4cad917e1548733148 SHA256 df1f868eb7e1d951b47948d3340a1c85bd40771b3e5a0b02f8c607f1804588ae
+AUX pax.patch 4821 RMD160 9576b969b6c5d893b40c76e4bb297a34bcbf13e9 SHA1 bd06819d7b01959a8ed5756c78d29255923287c6 SHA256 c82946d79fd3826803aacf5533aa398c8c7e7516a0c8c88a56aa75e27af3c7ad
+DIST aufs3-3_p20110815.tar.xz 391672 RMD160 f99b997401f1d983cb46ceb355445b94e6103c56 SHA1 f1d91e872cc75ee8bb76f6f4a08ddbe3c3a9c6b8 SHA256 e7d71097ba949c9a42b726f0e13ada8bed41f3630a4749f46a0eb7823851e337
+EBUILD aufs3-3_p20110815.ebuild 3924 RMD160 3b62654d7c66a13a9b3c2a8ed7b0ab57d9d6699d SHA1 d1293e727a590619a42706cf6d63975681f14116 SHA256 1b83d7bc7f5a2779ddb0de7bcd19c9daae64278af9106cb41949be4c5bab51c0
+MISC ChangeLog 1371 RMD160 aea86089d0c5f6cd446f6c4fb5c4d3089fa9abe7 SHA1 d6f5891fb925aecf1b2b8459281d5d883205e902 SHA256 6ae8b5ffc41398f8938826d396b93db47db053a4fed3ad4b450dc1fb4911ea0f
+MISC metadata.xml 780 RMD160 e1b1a1d3b13662fb3339a784ba2150885cae00b8 SHA1 f23e98a543c3fb8476fbbcc34acad0ba7cbcd802 SHA256 34b1504639fe149e6accdaf19e23c20899c2ebd420ef47e6ffc875633c56769e
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (GNU/Linux)
+
+iEYEAREKAAYFAk5aDxMACgkQgAnW8HDreRaFswCgyjGGCbnJaw30EvvnOcGe7N4C
+WcwAoJLrYlbFjimq9u92NtShqbltbpsI
+=ZYmN
+-----END PGP SIGNATURE-----
diff --git a/sys-fs/aufs3/aufs3-3_p20110815.ebuild b/sys-fs/aufs3/aufs3-3_p20110815.ebuild
new file mode 100644
index 000000000000..e8ffbc6c3ac6
--- /dev/null
+++ b/sys-fs/aufs3/aufs3-3_p20110815.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/aufs3/aufs3-3_p20110815.ebuild,v 1.1 2011/08/28 09:48:57 jlec Exp $
+
+EAPI=4
+
+inherit linux-mod multilib toolchain-funcs
+
+AUFS_VERSION="${PV%%_p*}"
+
+DESCRIPTION="An entirely re-designed and re-implemented Unionfs"
+HOMEPAGE="http://aufs.sourceforge.net/"
+SRC_URI="http://dev.gentoo.org/~jlec/distfiles/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc fuse pax_kernel hfs inotify kernel-patch nfs ramfs"
+
+DEPEND="dev-vcs/git"
+RDEPEND="
+	!sys-fs/aufs
+	!sys-fs/aufs2"
+
+S="${WORKDIR}"/${PN}-standalone
+
+MODULE_NAMES="aufs(misc:${S})"
+
+pkg_setup() {
+	CONFIG_CHECK="${CONFIG_CHECK} ~EXPERIMENTAL"
+	use inotify && CONFIG_CHECK="${CONFIG_CHECK} ~FSNOTIFY"
+	use nfs && CONFIG_CHECK="${CONFIG_CHECK} EXPORTFS"
+	use fuse && CONFIG_CHECK="${CONFIG_CHECK} ~FUSE_FS"
+	use hfs && CONFIG_CHECK="${CONFIG_CHECK} ~HFSPLUS_FS"
+
+	# this is needed so merging a binpkg ${PN} is possible w/out a kernel unpacked on the system
+	[ -n "$PKG_SETUP_HAS_BEEN_RAN" ] && return
+
+	get_version
+	kernel_is lt 3 0 0 && die "kernel too old, Please use sys-fs/aufs2"
+	kernel_is gt 3 0 99 && die "kernel too new"
+
+	linux-mod_pkg_setup
+	if ! ( patch -p1 --dry-run --force -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-standalone-${KV_MINOR}.patch >/dev/null && \
+		patch -p1 --dry-run --force -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-base-${KV_MINOR}.patch >/dev/null ); then
+		if use kernel-patch; then
+			cd ${KV_DIR}
+			ewarn "Patching your kernel..."
+			patch --no-backup-if-mismatch --force -p1 -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-standalone-${KV_MINOR}.patch >/dev/null
+			patch --no-backup-if-mismatch --force -p1 -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-base-${KV_MINOR}.patch >/dev/null
+			epatch "${FILESDIR}"/${PN}-{base,standalone}-${KV_MINOR}.patch
+			ewarn "You need to compile your kernel with the applied patch"
+			ewarn "to be able to load and use the aufs kernel module"
+		else
+			eerror "You need to apply a patch to your kernel to compile and run the ${PN} module"
+			eerror "Either enable the kernel-patch useflag to do it with this ebuild"
+			eerror "or apply ${FILESDIR}/${PN}-base-${KV_MINOR}.patch and"
+			eerror "${FILESDIR}/${PN}-standalone-${KV_MINOR}.patch by hand"
+			die "missing kernel patch, please apply it first"
+		fi
+	fi
+	export PKG_SETUP_HAS_BEEN_RAN=1
+}
+
+set_config() {
+	for option in $*; do
+		grep -q "^CONFIG_AUFS_${option} =" config.mk || die "${option} is not a valid config option"
+		sed "/^CONFIG_AUFS_${option}/s:=:= y:g" -i config.mk || die
+	done
+}
+
+src_prepare() {
+#	local branch=origin/${PN}-${KV_MINOR}
+	local branch=origin/${PN}.0
+	git checkout -q $branch || die
+
+	# All config options to off
+	sed "s:= y:=:g" -i config.mk || die
+
+	set_config RDU BRANCH_MAX_127 SBILIST
+
+	use debug && set_config DEBUG
+	use fuse && set_config BR_FUSE POLL
+	use hfs && set_config BR_HFSPLUS
+	use inotify && set_config HNOTIFY HFSNOTIFY
+	use nfs && set_config EXPORT
+	use nfs && use amd64 && set_config INO_T_64
+	use ramfs && set_config BR_RAMFS
+
+	use pax_kernel && epatch "${FILESDIR}"/pax.patch
+
+	sed -i "s:aufs.ko usr/include/linux/aufs_type.h:aufs.ko:g" Makefile || die
+	sed -i "s:__user::g" include/linux/aufs_type.h || die
+
+	cd "${WORKDIR}"/${PN/3}-util
+	git checkout -q origin/${PN}.0
+	sed -i "/LDFLAGS += -static -s/d" Makefile || die
+	sed -i -e "s:m 644 -s:m 644:g" -e "s:/usr/lib:/usr/$(get_libdir):g" libau/Makefile || die
+}
+
+src_compile() {
+	local ARCH=x86
+
+	emake CC=$(tc-getCC) CONFIG_AUFS_FS=m KDIR=${KV_DIR}
+
+	cd "${WORKDIR}"/${PN/3}-util
+	emake CC=$(tc-getCC) AR=$(tc-getAR) KDIR=${KV_DIR} C_INCLUDE_PATH="${S}"/include
+}
+
+src_install() {
+	linux-mod_src_install
+
+	insinto /usr/share/doc/${PF}
+
+	use doc && doins -r Documentation
+
+	dodoc README
+
+	cd "${WORKDIR}"/${PN/3}-util
+	emake DESTDIR="${D}" KDIR=${KV_DIR} install
+
+	newdoc README README-utils
+}
diff --git a/sys-fs/aufs3/files/aufs3-base-0.patch b/sys-fs/aufs3/files/aufs3-base-0.patch
new file mode 100644
index 000000000000..7fa7db4ee6c7
--- /dev/null
+++ b/sys-fs/aufs3/files/aufs3-base-0.patch
@@ -0,0 +1,70 @@
+aufs3.0 base patch
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 14ab8d3..eb4aef1 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1697,7 +1697,7 @@ static struct dentry *__lookup_hash(struct qstr *name,
+  * needs parent already locked. Doesn't follow mounts.
+  * SMP-safe.
+  */
+-static struct dentry *lookup_hash(struct nameidata *nd)
++struct dentry *lookup_hash(struct nameidata *nd)
+ {
+ 	return __lookup_hash(&nd->last, nd->path.dentry, nd);
+ }
+diff --git a/fs/splice.c b/fs/splice.c
+index aa866d3..19afec6 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1085,8 +1085,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
+ /*
+  * Attempt to initiate a splice from pipe to file.
+  */
+-static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+-			   loff_t *ppos, size_t len, unsigned int flags)
++long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
++		    loff_t *ppos, size_t len, unsigned int flags)
+ {
+ 	ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
+ 				loff_t *, size_t, unsigned int);
+@@ -1113,9 +1113,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ /*
+  * Attempt to initiate a splice from a file to a pipe.
+  */
+-static long do_splice_to(struct file *in, loff_t *ppos,
+-			 struct pipe_inode_info *pipe, size_t len,
+-			 unsigned int flags)
++long do_splice_to(struct file *in, loff_t *ppos,
++		  struct pipe_inode_info *pipe, size_t len,
++		  unsigned int flags)
+ {
+ 	ssize_t (*splice_read)(struct file *, loff_t *,
+ 			       struct pipe_inode_info *, size_t, unsigned int);
+diff --git a/include/linux/namei.h b/include/linux/namei.h
+index eba45ea..21ed6c9 100644
+--- a/include/linux/namei.h
++++ b/include/linux/namei.h
+@@ -82,6 +82,7 @@ extern int vfs_path_lookup(struct dentry *, struct vfsmount *,
+ extern struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
+ 		int (*open)(struct inode *, struct file *));
+ 
++extern struct dentry *lookup_hash(struct nameidata *nd);
+ extern struct dentry *lookup_one_len(const char *, struct dentry *, int);
+ 
+ extern int follow_down_one(struct path *);
+diff --git a/include/linux/splice.h b/include/linux/splice.h
+index 997c3b4..be9a153 100644
+--- a/include/linux/splice.h
++++ b/include/linux/splice.h
+@@ -89,4 +89,10 @@ extern int splice_grow_spd(struct pipe_inode_info *, struct splice_pipe_desc *);
+ extern void splice_shrink_spd(struct pipe_inode_info *,
+ 				struct splice_pipe_desc *);
+ 
++extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
++			   loff_t *ppos, size_t len, unsigned int flags);
++extern long do_splice_to(struct file *in, loff_t *ppos,
++			 struct pipe_inode_info *pipe, size_t len,
++			 unsigned int flags);
++
+ #endif
diff --git a/sys-fs/aufs3/files/aufs3-standalone-0.patch b/sys-fs/aufs3/files/aufs3-standalone-0.patch
new file mode 100644
index 000000000000..1c406c07e9b7
--- /dev/null
+++ b/sys-fs/aufs3/files/aufs3-standalone-0.patch
@@ -0,0 +1,257 @@
+aufs3.0 standalone patch
+
+diff --git a/fs/file_table.c b/fs/file_table.c
+index 01e4c1e..0e800e2 100644
+--- a/fs/file_table.c
++++ b/fs/file_table.c
+@@ -443,6 +443,8 @@ void file_sb_list_del(struct file *file)
+ 	}
+ }
+ 
++EXPORT_SYMBOL(file_sb_list_del);
++
+ #ifdef CONFIG_SMP
+ 
+ /*
+diff --git a/fs/inode.c b/fs/inode.c
+index 43566d1..4291eae 100644
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -69,6 +69,7 @@ static DEFINE_SPINLOCK(inode_lru_lock);
+ 
+ __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_sb_list_lock);
+ __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_wb_list_lock);
++EXPORT_SYMBOL(inode_sb_list_lock);
+ 
+ /*
+  * iprune_sem provides exclusion between the icache shrinking and the
+diff --git a/fs/namei.c b/fs/namei.c
+index eb4aef1..66d04c6 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -365,6 +365,7 @@ int deny_write_access(struct file * file)
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL(deny_write_access);
+ 
+ /**
+  * path_get - get a reference to a path
+@@ -1701,6 +1702,7 @@ struct dentry *lookup_hash(struct nameidata *nd)
+ {
+ 	return __lookup_hash(&nd->last, nd->path.dentry, nd);
+ }
++EXPORT_SYMBOL(lookup_hash);
+ 
+ /**
+  * lookup_one_len - filesystem helper to lookup single pathname component
+diff --git a/fs/namespace.c b/fs/namespace.c
+index fe59bd1..7d3843f 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1508,6 +1508,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
+ 	}
+ 	return 0;
+ }
++EXPORT_SYMBOL(iterate_mounts);
+ 
+ static void cleanup_group_ids(struct vfsmount *mnt, struct vfsmount *end)
+ {
+diff --git a/fs/notify/group.c b/fs/notify/group.c
+index d309f38..f0e9568 100644
+--- a/fs/notify/group.c
++++ b/fs/notify/group.c
+@@ -22,6 +22,7 @@
+ #include <linux/srcu.h>
+ #include <linux/rculist.h>
+ #include <linux/wait.h>
++#include <linux/module.h>
+ 
+ #include <linux/fsnotify_backend.h>
+ #include "fsnotify.h"
+@@ -70,6 +71,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
+ 	if (atomic_dec_and_test(&group->refcnt))
+ 		fsnotify_destroy_group(group);
+ }
++EXPORT_SYMBOL(fsnotify_put_group);
+ 
+ /*
+  * Create a new fsnotify_group and hold a reference for the group returned.
+@@ -102,3 +104,4 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
+ 
+ 	return group;
+ }
++EXPORT_SYMBOL(fsnotify_alloc_group);
+diff --git a/fs/notify/mark.c b/fs/notify/mark.c
+index 252ab1f..2199b9b 100644
+--- a/fs/notify/mark.c
++++ b/fs/notify/mark.c
+@@ -112,6 +112,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
+ 	if (atomic_dec_and_test(&mark->refcnt))
+ 		mark->free_mark(mark);
+ }
++EXPORT_SYMBOL(fsnotify_put_mark);
+ 
+ /*
+  * Any time a mark is getting freed we end up here.
+@@ -189,6 +190,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark)
+ 	if (unlikely(atomic_dec_and_test(&group->num_marks)))
+ 		fsnotify_final_destroy_group(group);
+ }
++EXPORT_SYMBOL(fsnotify_destroy_mark);
+ 
+ void fsnotify_set_mark_mask_locked(struct fsnotify_mark *mark, __u32 mask)
+ {
+@@ -276,6 +278,7 @@ err:
+ 
+ 	return ret;
+ }
++EXPORT_SYMBOL(fsnotify_add_mark);
+ 
+ /*
+  * clear any marks in a group in which mark->flags & flags is true
+@@ -331,6 +334,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
+ 	atomic_set(&mark->refcnt, 1);
+ 	mark->free_mark = free_mark;
+ }
++EXPORT_SYMBOL(fsnotify_init_mark);
+ 
+ static int fsnotify_mark_destroy(void *ignored)
+ {
+diff --git a/fs/open.c b/fs/open.c
+index b52cf01..c1b341c 100644
+--- a/fs/open.c
++++ b/fs/open.c
+@@ -60,6 +60,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
+ 	mutex_unlock(&dentry->d_inode->i_mutex);
+ 	return ret;
+ }
++EXPORT_SYMBOL(do_truncate);
+ 
+ static long do_sys_truncate(const char __user *pathname, loff_t length)
+ {
+diff --git a/fs/splice.c b/fs/splice.c
+index 19afec6..11f07f8 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1109,6 +1109,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ 
+ 	return splice_write(pipe, out, ppos, len, flags);
+ }
++EXPORT_SYMBOL(do_splice_from);
+ 
+ /*
+  * Attempt to initiate a splice from a file to a pipe.
+@@ -1135,6 +1136,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
+ 
+ 	return splice_read(in, ppos, pipe, len, flags);
+ }
++EXPORT_SYMBOL(do_splice_to);
+ 
+ /**
+  * splice_direct_to_actor - splices data directly between two non-pipes
+diff --git a/security/commoncap.c b/security/commoncap.c
+index f20e984..d39acd9 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -976,3 +976,4 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
+ 	}
+ 	return ret;
+ }
++EXPORT_SYMBOL(cap_file_mmap);
+diff --git a/security/device_cgroup.c b/security/device_cgroup.c
+index 1be6826..215278c 100644
+--- a/security/device_cgroup.c
++++ b/security/device_cgroup.c
+@@ -508,6 +508,7 @@ found:
+ 
+ 	return -EPERM;
+ }
++EXPORT_SYMBOL(__devcgroup_inode_permission);
+ 
+ int devcgroup_inode_mknod(int mode, dev_t dev)
+ {
+diff --git a/security/security.c b/security/security.c
+index 4ba6d4c..9f64bb8 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -373,6 +373,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
+ 		return 0;
+ 	return security_ops->path_rmdir(dir, dentry);
+ }
++EXPORT_SYMBOL(security_path_rmdir);
+ 
+ int security_path_unlink(struct path *dir, struct dentry *dentry)
+ {
+@@ -389,6 +390,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
+ 		return 0;
+ 	return security_ops->path_symlink(dir, dentry, old_name);
+ }
++EXPORT_SYMBOL(security_path_symlink);
+ 
+ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+ 		       struct dentry *new_dentry)
+@@ -397,6 +399,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+ 		return 0;
+ 	return security_ops->path_link(old_dentry, new_dir, new_dentry);
+ }
++EXPORT_SYMBOL(security_path_link);
+ 
+ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
+ 			 struct path *new_dir, struct dentry *new_dentry)
+@@ -415,6 +418,7 @@ int security_path_truncate(struct path *path)
+ 		return 0;
+ 	return security_ops->path_truncate(path);
+ }
++EXPORT_SYMBOL(security_path_truncate);
+ 
+ int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ 			mode_t mode)
+@@ -423,6 +427,7 @@ int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ 		return 0;
+ 	return security_ops->path_chmod(dentry, mnt, mode);
+ }
++EXPORT_SYMBOL(security_path_chmod);
+ 
+ int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+ {
+@@ -430,6 +435,7 @@ int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+ 		return 0;
+ 	return security_ops->path_chown(path, uid, gid);
+ }
++EXPORT_SYMBOL(security_path_chown);
+ 
+ int security_path_chroot(struct path *path)
+ {
+@@ -506,6 +512,7 @@ int security_inode_readlink(struct dentry *dentry)
+ 		return 0;
+ 	return security_ops->inode_readlink(dentry);
+ }
++EXPORT_SYMBOL(security_inode_readlink);
+ 
+ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
+ {
+@@ -520,6 +527,7 @@ int security_inode_permission(struct inode *inode, int mask)
+ 		return 0;
+ 	return security_ops->inode_permission(inode, mask, 0);
+ }
++EXPORT_SYMBOL(security_inode_permission);
+ 
+ int security_inode_exec_permission(struct inode *inode, unsigned int flags)
+ {
+@@ -626,6 +634,7 @@ int security_file_permission(struct file *file, int mask)
+ 
+ 	return fsnotify_perm(file, mask);
+ }
++EXPORT_SYMBOL(security_file_permission);
+ 
+ int security_file_alloc(struct file *file)
+ {
+@@ -653,6 +662,7 @@ int security_file_mmap(struct file *file, unsigned long reqprot,
+ 		return ret;
+ 	return ima_file_mmap(file, prot);
+ }
++EXPORT_SYMBOL(security_file_mmap);
+ 
+ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
+ 			    unsigned long prot)
diff --git a/sys-fs/aufs3/files/pax.patch b/sys-fs/aufs3/files/pax.patch
new file mode 100644
index 000000000000..df53004daddb
--- /dev/null
+++ b/sys-fs/aufs3/files/pax.patch
@@ -0,0 +1,135 @@
+commit 584bf002ec62a333840b87193b93ee5a521063f7
+Author: J. R. Okajima <hooanon05@yahoo.co.jp>
+Date:   Thu May 27 11:28:41 2010 +0900
+
+    aufs: dynop supports grsec/pax patch
+    
+    The grsec/pax patches make member of struct brabra_operation 'const.'
+    I don't understand why they need these 'const'. They modifies some of
+    structures, but other structures.
+    What do they want to protect from what?
+    
+    The keyword 'const' is essentially a feature of C language and it never
+    modifes the behaviour of software. It just prohibits the assignment (or
+    modification) to a variable which is expected not to be modified.
+    In other word, it is a feature for programmers and doesn't enhance the
+    security level. Actually programmers can bypass 'const' easily by
+    indirect assignment as this patch does.
+    
+    Also the grsec/pax patches modifies some assignments to the member
+    of struct brabra_operation in mainline kernel, but they don't make the
+    confirmation fot that. For example, they replaced these assignments by
+    declaring a structure statically.
+    
+    -	/* inherit and extend fuse_dev_operations */
+    -	cuse_channel_fops		= fuse_dev_operations;
+    -	cuse_channel_fops.owner		= THIS_MODULE;
+    -	cuse_channel_fops.open		= cuse_channel_open;
+    -	cuse_channel_fops.release	= cuse_channel_release;
+    
+    +static const struct file_operations cuse_channel_fops = {
+    +	.owner		= THIS_MODULE,
+    +	.llseek		= no_llseek,
+    +	.read		= do_sync_read,
+    +	.aio_read	= fuse_dev_read,
+    +	.write		= do_sync_write,
+    +	.aio_write	= fuse_dev_write,
+    +	.poll		= fuse_dev_poll,
+    +	.open		= cuse_channel_open,
+    +	.release	= cuse_channel_release,
+    +	.fasync		= fuse_dev_fasync,
+    +};
+    
+    By this modification, there exists major possible future problem I am
+    afraid. _If_ fuse_dev_operations is modified, then this code needs to
+    follow the change. But it is hard to detect such modification since
+    there is no trick to do so. Generally it is recommended to put code such
+    like this.
+    
+    ----------------------------------------------------------------------
+    int n;
+    	n++;
+    	BUG_ON(super.member != derive.member);
+    } while (0);
+    
+    n++; /* owner */
+    MakeSure(fuse_dev_operations, cuse_channel_fops, llseek);
+    MakeSure(fuse_dev_operations, cuse_channel_fops, read);
+    	:::
+    BUG_ON(n != sizeof(cuse_channel_fops)/sizeof(cuse_channel_fops.owner));
+    ----------------------------------------------------------------------
+    
+    This piece of code ensures two things.
+    - cuse_channel_fops correctly inherits fuse_dev_operations, eg. all
+      members are equivalent except the overrided ones.
+    - if some members are added or deleted from struct file_operations, it
+      should be detected by a debugging feature, the variable 'n'.
+    
+    Without such trick, I am afraid the simple modification is a regression.
+    
+    Signed-off-by: J. R. Okajima <hooanon05@yahoo.co.jp>
+
+diff --git a/fs/aufs/dynop.c b/fs/aufs/dynop.c
+index 12ea894..109d3bb 100644
+--- a/fs/aufs/dynop.c
++++ b/fs/aufs/dynop.c
+@@ -146,11 +146,22 @@ void au_dy_put(struct au_dykey *key)
+ #define DyDbgInc(cnt)		do {} while (0)
+ #endif
+ 
++#define AuGrsecPaxPtr(func, dst, src) do {		\
++	union {						\
++		const void *o;				\
++		char **p;				\
++	} u;						\
++	BUILD_BUG_ON(sizeof(u.o) != sizeof(&dst.func));	\
++	BUILD_BUG_ON(sizeof(*u.p) != sizeof(src.func));	\
++	u.o = (void *)&dst.func;			\
++	*u.p = (void *)src.func;			\
++} while (0)
++
+ #define DySet(func, dst, src, h_op, h_sb) do {				\
+ 	DyDbgInc(cnt);							\
+ 	if (h_op->func) {						\
+ 		if (src.func)						\
+-			dst.func = src.func;				\
++			AuGrsecPaxPtr(func, dst, src);			\
+ 		else							\
+ 			AuDbg("%s %s\n", au_sbtype(h_sb), #func);	\
+ 	}								\
+@@ -159,7 +170,7 @@ void au_dy_put(struct au_dykey *key)
+ #define DySetForce(func, dst, src) do {		\
+ 	AuDebugOn(!src.func);			\
+ 	DyDbgInc(cnt);				\
+-	dst.func = src.func;			\
++	AuGrsecPaxPtr(func, dst, src);		\
+ } while (0)
+ 
+ #define DySetAop(func) \
+@@ -297,14 +308,21 @@ out:
+  */
+ static void dy_adx(struct au_dyaop *dyaop, int do_dx)
+ {
++	union {
++		void *direct_IO, *get_xip_mem;
++	} grsec_pax_dummy = {
++		.get_xip_mem = NULL
++	};
++
+ 	if (!do_dx) {
+-		dyaop->da_op.direct_IO = NULL;
+-		dyaop->da_op.get_xip_mem = NULL;
++		AuGrsecPaxPtr(direct_IO, dyaop->da_op, grsec_pax_dummy);
++		AuGrsecPaxPtr(get_xip_mem, dyaop->da_op, grsec_pax_dummy);
+ 	} else {
+-		dyaop->da_op.direct_IO = aufs_aop.direct_IO;
+-		dyaop->da_op.get_xip_mem = aufs_aop.get_xip_mem;
++		AuGrsecPaxPtr(direct_IO, dyaop->da_op, aufs_aop);
++		AuGrsecPaxPtr(get_xip_mem, dyaop->da_op, aufs_aop);
+ 		if (!dyaop->da_get_xip_mem)
+-			dyaop->da_op.get_xip_mem = NULL;
++			AuGrsecPaxPtr(get_xip_mem, dyaop->da_op,
++				      grsec_pax_dummy);
+ 	}
+ }
+ 
diff --git a/sys-fs/aufs3/metadata.xml b/sys-fs/aufs3/metadata.xml
new file mode 100644
index 000000000000..5916c9f01a77
--- /dev/null
+++ b/sys-fs/aufs3/metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>no-herd</herd>
+	<maintainer>
+		<email>jlec@gentoo.org</email>
+	</maintainer>
+	<maintainer>
+		<email>tommy@gentoo.org</email>
+	</maintainer>
+	<use>
+		<flag name="debug">Enable additional debugging support</flag>
+		<flag name="hfs">Enable hfs support</flag>
+		<flag name="fuse">Enable fuse support</flag>
+		<flag name="inotify">Enable inotify support</flag>
+		<flag name="kernel-patch">Patch the current kernel for aufs2 support</flag>
+		<flag name="nfs">Enable support for nfs export</flag>
+		<flag name="pax_kernel">Apply patch needed for pax enabled kernels</flag>
+		<flag name="ramfs">Enable initramfs/rootfs support</flag>
+	</use>
+</pkgmetadata>