(メッセージはありません)
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 3.7-rc3. | |
1 | +This is TOMOYO Linux patch for kernel 3.7-rc4. | |
2 | 2 | |
3 | -Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.7-rc3.tar.bz2 | |
3 | +Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.7-rc4.tar.bz2 | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 107 ++++++++++++++++++++++++++++++++++++++++------ |
29 | 29 | 24 files changed, 235 insertions(+), 37 deletions(-) |
30 | 30 | |
31 | ---- linux-3.7-rc3.orig/fs/exec.c | |
32 | -+++ linux-3.7-rc3/fs/exec.c | |
31 | +--- linux-3.7-rc4.orig/fs/exec.c | |
32 | ++++ linux-3.7-rc4/fs/exec.c | |
33 | 33 | @@ -1524,7 +1524,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.7-rc3.orig/fs/open.c | |
43 | -+++ linux-3.7-rc3/fs/open.c | |
42 | +--- linux-3.7-rc4.orig/fs/open.c | |
43 | ++++ linux-3.7-rc4/fs/open.c | |
44 | 44 | @@ -1024,6 +1024,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.7-rc3.orig/fs/proc/version.c | |
54 | -+++ linux-3.7-rc3/fs/proc/version.c | |
53 | +--- linux-3.7-rc4.orig/fs/proc/version.c | |
54 | ++++ linux-3.7-rc4/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.7-rc3 2012/10/29\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.7-rc4 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.7-rc3.orig/include/linux/init_task.h | |
67 | -+++ linux-3.7-rc3/include/linux/init_task.h | |
66 | +--- linux-3.7-rc4.orig/include/linux/init_task.h | |
67 | ++++ linux-3.7-rc4/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.7-rc3.orig/include/linux/sched.h | |
92 | -+++ linux-3.7-rc3/include/linux/sched.h | |
91 | +--- linux-3.7-rc4.orig/include/linux/sched.h | |
92 | ++++ linux-3.7-rc4/include/linux/sched.h | |
93 | 93 | @@ -4,6 +4,8 @@ |
94 | 94 | #include <uapi/linux/sched.h> |
95 | 95 |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.7-rc3.orig/include/linux/security.h | |
114 | -+++ linux-3.7-rc3/include/linux/security.h | |
113 | +--- linux-3.7-rc4.orig/include/linux/security.h | |
114 | ++++ linux-3.7-rc4/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.7-rc3.orig/include/net/ip.h | |
317 | -+++ linux-3.7-rc3/include/net/ip.h | |
316 | +--- linux-3.7-rc4.orig/include/net/ip.h | |
317 | ++++ linux-3.7-rc4/include/net/ip.h | |
318 | 318 | @@ -203,6 +203,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.7-rc3.orig/kernel/fork.c | |
328 | -+++ linux-3.7-rc3/kernel/fork.c | |
327 | +--- linux-3.7-rc4.orig/kernel/fork.c | |
328 | ++++ linux-3.7-rc4/kernel/fork.c | |
329 | 329 | @@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.7-rc3.orig/kernel/kexec.c | |
356 | -+++ linux-3.7-rc3/kernel/kexec.c | |
355 | +--- linux-3.7-rc4.orig/kernel/kexec.c | |
356 | ++++ linux-3.7-rc4/kernel/kexec.c | |
357 | 357 | @@ -37,6 +37,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* |
373 | 373 | * Verify we have a legal set of flags |
374 | ---- linux-3.7-rc3.orig/kernel/module.c | |
375 | -+++ linux-3.7-rc3/kernel/module.c | |
374 | +--- linux-3.7-rc4.orig/kernel/module.c | |
375 | ++++ linux-3.7-rc4/kernel/module.c | |
376 | 376 | @@ -60,6 +60,7 @@ |
377 | 377 | #include <linux/bsearch.h> |
378 | 378 | #include <linux/fips.h> |
@@ -399,8 +399,8 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.7-rc3.orig/kernel/ptrace.c | |
403 | -+++ linux-3.7-rc3/kernel/ptrace.c | |
402 | +--- linux-3.7-rc4.orig/kernel/ptrace.c | |
403 | ++++ linux-3.7-rc4/kernel/ptrace.c | |
404 | 404 | @@ -860,6 +860,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.7-rc3.orig/kernel/sched/core.c | |
429 | -+++ linux-3.7-rc3/kernel/sched/core.c | |
428 | +--- linux-3.7-rc4.orig/kernel/sched/core.c | |
429 | ++++ linux-3.7-rc4/kernel/sched/core.c | |
430 | 430 | @@ -3578,6 +3578,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.7-rc3.orig/kernel/signal.c | |
440 | -+++ linux-3.7-rc3/kernel/signal.c | |
439 | +--- linux-3.7-rc4.orig/kernel/signal.c | |
440 | ++++ linux-3.7-rc4/kernel/signal.c | |
441 | 441 | @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.7-rc3.orig/kernel/sys.c | |
487 | -+++ linux-3.7-rc3/kernel/sys.c | |
486 | +--- linux-3.7-rc4.orig/kernel/sys.c | |
487 | ++++ linux-3.7-rc4/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.7-rc3.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.7-rc3/kernel/time/ntp.c | |
526 | +--- linux-3.7-rc4.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.7-rc4/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.7-rc3.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.7-rc3/net/ipv4/raw.c | |
561 | +--- linux-3.7-rc4.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.7-rc4/net/ipv4/raw.c | |
563 | 563 | @@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.7-rc3.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.7-rc3/net/ipv4/udp.c | |
574 | +--- linux-3.7-rc4.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.7-rc4/net/ipv4/udp.c | |
576 | 576 | @@ -1193,6 +1193,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.7-rc3.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.7-rc3/net/ipv6/raw.c | |
587 | +--- linux-3.7-rc4.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.7-rc4/net/ipv6/raw.c | |
589 | 589 | @@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.7-rc3.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.7-rc3/net/ipv6/udp.c | |
600 | +--- linux-3.7-rc4.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.7-rc4/net/ipv6/udp.c | |
602 | 602 | @@ -363,6 +363,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.7-rc3.orig/net/socket.c | |
614 | -+++ linux-3.7-rc3/net/socket.c | |
613 | +--- linux-3.7-rc4.orig/net/socket.c | |
614 | ++++ linux-3.7-rc4/net/socket.c | |
615 | 615 | @@ -1640,6 +1640,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.7-rc3.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.7-rc3/net/unix/af_unix.c | |
626 | +--- linux-3.7-rc4.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.7-rc4/net/unix/af_unix.c | |
628 | 628 | @@ -1803,6 +1803,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.7-rc3.orig/security/Kconfig | |
640 | -+++ linux-3.7-rc3/security/Kconfig | |
639 | +--- linux-3.7-rc4.orig/security/Kconfig | |
640 | ++++ linux-3.7-rc4/security/Kconfig | |
641 | 641 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.7-rc3.orig/security/Makefile | |
650 | -+++ linux-3.7-rc3/security/Makefile | |
649 | +--- linux-3.7-rc4.orig/security/Makefile | |
650 | ++++ linux-3.7-rc4/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.7-rc3.orig/security/security.c | |
659 | -+++ linux-3.7-rc3/security/security.c | |
658 | +--- linux-3.7-rc4.orig/security/security.c | |
659 | ++++ linux-3.7-rc4/security/security.c | |
660 | 660 | @@ -202,7 +202,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -38,9 +38,9 @@ | ||
38 | 38 | security/Makefile | 3 +++ |
39 | 39 | 34 files changed, 205 insertions(+), 3 deletions(-) |
40 | 40 | |
41 | ---- linux-2.6.32-44.98.orig/fs/compat.c | |
42 | -+++ linux-2.6.32-44.98/fs/compat.c | |
43 | -@@ -1528,7 +1528,7 @@ int compat_do_execve(char * filename, | |
41 | +--- linux-2.6.32-45.99.orig/fs/compat.c | |
42 | ++++ linux-2.6.32-45.99/fs/compat.c | |
43 | +@@ -1534,7 +1534,7 @@ int compat_do_execve(char * filename, | |
44 | 44 | if (retval < 0) |
45 | 45 | goto out; |
46 | 46 |
@@ -49,8 +49,8 @@ | ||
49 | 49 | if (retval < 0) |
50 | 50 | goto out; |
51 | 51 | |
52 | ---- linux-2.6.32-44.98.orig/fs/compat_ioctl.c | |
53 | -+++ linux-2.6.32-44.98/fs/compat_ioctl.c | |
52 | +--- linux-2.6.32-45.99.orig/fs/compat_ioctl.c | |
53 | ++++ linux-2.6.32-45.99/fs/compat_ioctl.c | |
54 | 54 | @@ -114,6 +114,7 @@ |
55 | 55 | #ifdef CONFIG_SPARC |
56 | 56 | #include <asm/fbio.h> |
@@ -68,8 +68,8 @@ | ||
68 | 68 | if (error) |
69 | 69 | goto out_fput; |
70 | 70 | |
71 | ---- linux-2.6.32-44.98.orig/fs/exec.c | |
72 | -+++ linux-2.6.32-44.98/fs/exec.c | |
71 | +--- linux-2.6.32-45.99.orig/fs/exec.c | |
72 | ++++ linux-2.6.32-45.99/fs/exec.c | |
73 | 73 | @@ -1417,7 +1417,7 @@ int do_execve(char * filename, |
74 | 74 | goto out; |
75 | 75 |
@@ -79,8 +79,8 @@ | ||
79 | 79 | if (retval < 0) |
80 | 80 | goto out; |
81 | 81 | |
82 | ---- linux-2.6.32-44.98.orig/fs/fcntl.c | |
83 | -+++ linux-2.6.32-44.98/fs/fcntl.c | |
82 | +--- linux-2.6.32-45.99.orig/fs/fcntl.c | |
83 | ++++ linux-2.6.32-45.99/fs/fcntl.c | |
84 | 84 | @@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd, |
85 | 85 | goto out; |
86 | 86 |
@@ -99,8 +99,8 @@ | ||
99 | 99 | if (err) { |
100 | 100 | fput(filp); |
101 | 101 | return err; |
102 | ---- linux-2.6.32-44.98.orig/fs/ioctl.c | |
103 | -+++ linux-2.6.32-44.98/fs/ioctl.c | |
102 | +--- linux-2.6.32-45.99.orig/fs/ioctl.c | |
103 | ++++ linux-2.6.32-45.99/fs/ioctl.c | |
104 | 104 | @@ -618,6 +618,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd, |
105 | 105 | goto out; |
106 | 106 |
@@ -110,8 +110,8 @@ | ||
110 | 110 | if (error) |
111 | 111 | goto out_fput; |
112 | 112 | |
113 | ---- linux-2.6.32-44.98.orig/fs/namei.c | |
114 | -+++ linux-2.6.32-44.98/fs/namei.c | |
113 | +--- linux-2.6.32-45.99.orig/fs/namei.c | |
114 | ++++ linux-2.6.32-45.99/fs/namei.c | |
115 | 115 | @@ -1572,6 +1572,11 @@ int may_open(struct path *path, int acc_ |
116 | 116 | goto err_out; |
117 | 117 | } |
@@ -219,8 +219,8 @@ | ||
219 | 219 | if (error) |
220 | 220 | goto exit6; |
221 | 221 | error = vfs_rename(old_dir->d_inode, old_dentry, |
222 | ---- linux-2.6.32-44.98.orig/fs/namespace.c | |
223 | -+++ linux-2.6.32-44.98/fs/namespace.c | |
222 | +--- linux-2.6.32-45.99.orig/fs/namespace.c | |
223 | ++++ linux-2.6.32-45.99/fs/namespace.c | |
224 | 224 | @@ -1031,6 +1031,8 @@ static int do_umount(struct vfsmount *mn |
225 | 225 | LIST_HEAD(umount_list); |
226 | 226 |
@@ -257,8 +257,8 @@ | ||
257 | 257 | if (error) { |
258 | 258 | path_put(&old); |
259 | 259 | goto out1; |
260 | ---- linux-2.6.32-44.98.orig/fs/open.c | |
261 | -+++ linux-2.6.32-44.98/fs/open.c | |
260 | +--- linux-2.6.32-45.99.orig/fs/open.c | |
261 | ++++ linux-2.6.32-45.99/fs/open.c | |
262 | 262 | @@ -279,6 +279,8 @@ static long do_sys_truncate(const char _ |
263 | 263 | error = locks_verify_truncate(inode, NULL, length); |
264 | 264 | if (!error) |
@@ -323,8 +323,8 @@ | ||
323 | 323 | if (capable(CAP_SYS_TTY_CONFIG)) { |
324 | 324 | tty_vhangup_self(); |
325 | 325 | return 0; |
326 | ---- linux-2.6.32-44.98.orig/fs/proc/version.c | |
327 | -+++ linux-2.6.32-44.98/fs/proc/version.c | |
326 | +--- linux-2.6.32-45.99.orig/fs/proc/version.c | |
327 | ++++ linux-2.6.32-45.99/fs/proc/version.c | |
328 | 328 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
329 | 329 | return 0; |
330 | 330 | } |
@@ -332,12 +332,12 @@ | ||
332 | 332 | + |
333 | 333 | +static int __init ccs_show_version(void) |
334 | 334 | +{ |
335 | -+ printk(KERN_INFO "Hook version: 2.6.32-44.98 2012/10/13\n"); | |
335 | ++ printk(KERN_INFO "Hook version: 2.6.32-45.99 2012/11/10\n"); | |
336 | 336 | + return 0; |
337 | 337 | +} |
338 | 338 | +module_init(ccs_show_version); |
339 | ---- linux-2.6.32-44.98.orig/fs/stat.c | |
340 | -+++ linux-2.6.32-44.98/fs/stat.c | |
339 | +--- linux-2.6.32-45.99.orig/fs/stat.c | |
340 | ++++ linux-2.6.32-45.99/fs/stat.c | |
341 | 341 | @@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st |
342 | 342 | int retval; |
343 | 343 |
@@ -347,8 +347,8 @@ | ||
347 | 347 | if (retval) |
348 | 348 | return retval; |
349 | 349 | |
350 | ---- linux-2.6.32-44.98.orig/include/linux/init_task.h | |
351 | -+++ linux-2.6.32-44.98/include/linux/init_task.h | |
350 | +--- linux-2.6.32-45.99.orig/include/linux/init_task.h | |
351 | ++++ linux-2.6.32-45.99/include/linux/init_task.h | |
352 | 352 | @@ -115,6 +115,14 @@ extern struct cred init_cred; |
353 | 353 | # define INIT_PERF_EVENTS(tsk) |
354 | 354 | #endif |
@@ -372,8 +372,8 @@ | ||
372 | 372 | } |
373 | 373 | |
374 | 374 | |
375 | ---- linux-2.6.32-44.98.orig/include/linux/sched.h | |
376 | -+++ linux-2.6.32-44.98/include/linux/sched.h | |
375 | +--- linux-2.6.32-45.99.orig/include/linux/sched.h | |
376 | ++++ linux-2.6.32-45.99/include/linux/sched.h | |
377 | 377 | @@ -43,6 +43,8 @@ |
378 | 378 | |
379 | 379 | #ifdef __KERNEL__ |
@@ -394,8 +394,8 @@ | ||
394 | 394 | }; |
395 | 395 | |
396 | 396 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
397 | ---- linux-2.6.32-44.98.orig/include/linux/security.h | |
398 | -+++ linux-2.6.32-44.98/include/linux/security.h | |
397 | +--- linux-2.6.32-45.99.orig/include/linux/security.h | |
398 | ++++ linux-2.6.32-45.99/include/linux/security.h | |
399 | 399 | @@ -35,6 +35,7 @@ |
400 | 400 | #include <linux/xfrm.h> |
401 | 401 | #include <linux/gfp.h> |
@@ -404,8 +404,8 @@ | ||
404 | 404 | |
405 | 405 | /* Maximum number of letters for an LSM name string */ |
406 | 406 | #define SECURITY_NAME_MAX 10 |
407 | ---- linux-2.6.32-44.98.orig/kernel/compat.c | |
408 | -+++ linux-2.6.32-44.98/kernel/compat.c | |
407 | +--- linux-2.6.32-45.99.orig/kernel/compat.c | |
408 | ++++ linux-2.6.32-45.99/kernel/compat.c | |
409 | 409 | @@ -924,6 +924,8 @@ asmlinkage long compat_sys_stime(compat_ |
410 | 410 | err = security_settime(&tv, NULL); |
411 | 411 | if (err) |
@@ -415,9 +415,9 @@ | ||
415 | 415 | |
416 | 416 | do_settimeofday(&tv); |
417 | 417 | return 0; |
418 | ---- linux-2.6.32-44.98.orig/kernel/fork.c | |
419 | -+++ linux-2.6.32-44.98/kernel/fork.c | |
420 | -@@ -165,6 +165,7 @@ void __put_task_struct(struct task_struc | |
418 | +--- linux-2.6.32-45.99.orig/kernel/fork.c | |
419 | ++++ linux-2.6.32-45.99/kernel/fork.c | |
420 | +@@ -166,6 +166,7 @@ void __put_task_struct(struct task_struc | |
421 | 421 | exit_creds(tsk); |
422 | 422 | delayacct_tsk_free(tsk); |
423 | 423 |
@@ -425,7 +425,7 @@ | ||
425 | 425 | if (!profile_handoff_task(tsk)) |
426 | 426 | free_task(tsk); |
427 | 427 | } |
428 | -@@ -1138,6 +1139,9 @@ static struct task_struct *copy_process( | |
428 | +@@ -1141,6 +1142,9 @@ static struct task_struct *copy_process( | |
429 | 429 | |
430 | 430 | if ((retval = audit_alloc(p))) |
431 | 431 | goto bad_fork_cleanup_policy; |
@@ -435,7 +435,7 @@ | ||
435 | 435 | /* copy all the process information */ |
436 | 436 | if ((retval = copy_semundo(clone_flags, p))) |
437 | 437 | goto bad_fork_cleanup_audit; |
438 | -@@ -1319,6 +1323,7 @@ bad_fork_cleanup_semundo: | |
438 | +@@ -1322,6 +1326,7 @@ bad_fork_cleanup_semundo: | |
439 | 439 | exit_sem(p); |
440 | 440 | bad_fork_cleanup_audit: |
441 | 441 | audit_free(p); |
@@ -443,8 +443,8 @@ | ||
443 | 443 | bad_fork_cleanup_policy: |
444 | 444 | perf_event_free_task(p); |
445 | 445 | #ifdef CONFIG_NUMA |
446 | ---- linux-2.6.32-44.98.orig/kernel/kexec.c | |
447 | -+++ linux-2.6.32-44.98/kernel/kexec.c | |
446 | +--- linux-2.6.32-45.99.orig/kernel/kexec.c | |
447 | ++++ linux-2.6.32-45.99/kernel/kexec.c | |
448 | 448 | @@ -37,6 +37,7 @@ |
449 | 449 | #include <asm/io.h> |
450 | 450 | #include <asm/system.h> |
@@ -462,8 +462,8 @@ | ||
462 | 462 | |
463 | 463 | /* |
464 | 464 | * Verify we have a legal set of flags |
465 | ---- linux-2.6.32-44.98.orig/kernel/module.c | |
466 | -+++ linux-2.6.32-44.98/kernel/module.c | |
465 | +--- linux-2.6.32-45.99.orig/kernel/module.c | |
466 | ++++ linux-2.6.32-45.99/kernel/module.c | |
467 | 467 | @@ -55,6 +55,7 @@ |
468 | 468 | #include <linux/async.h> |
469 | 469 | #include <linux/percpu.h> |
@@ -490,8 +490,8 @@ | ||
490 | 490 | |
491 | 491 | /* Only one module load at a time, please */ |
492 | 492 | if (mutex_lock_interruptible(&module_mutex) != 0) |
493 | ---- linux-2.6.32-44.98.orig/kernel/ptrace.c | |
494 | -+++ linux-2.6.32-44.98/kernel/ptrace.c | |
493 | +--- linux-2.6.32-45.99.orig/kernel/ptrace.c | |
494 | ++++ linux-2.6.32-45.99/kernel/ptrace.c | |
495 | 495 | @@ -603,6 +603,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
496 | 496 | { |
497 | 497 | struct task_struct *child; |
@@ -516,8 +516,8 @@ | ||
516 | 516 | |
517 | 517 | /* |
518 | 518 | * This lock_kernel fixes a subtle race with suid exec |
519 | ---- linux-2.6.32-44.98.orig/kernel/sched.c | |
520 | -+++ linux-2.6.32-44.98/kernel/sched.c | |
519 | +--- linux-2.6.32-45.99.orig/kernel/sched.c | |
520 | ++++ linux-2.6.32-45.99/kernel/sched.c | |
521 | 521 | @@ -6401,6 +6401,8 @@ int can_nice(const struct task_struct *p |
522 | 522 | SYSCALL_DEFINE1(nice, int, increment) |
523 | 523 | { |
@@ -527,8 +527,8 @@ | ||
527 | 527 | |
528 | 528 | /* |
529 | 529 | * Setpriority might change our priority at the same moment. |
530 | ---- linux-2.6.32-44.98.orig/kernel/signal.c | |
531 | -+++ linux-2.6.32-44.98/kernel/signal.c | |
530 | +--- linux-2.6.32-45.99.orig/kernel/signal.c | |
531 | ++++ linux-2.6.32-45.99/kernel/signal.c | |
532 | 532 | @@ -2258,6 +2258,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
533 | 533 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
534 | 534 | { |
@@ -574,8 +574,8 @@ | ||
574 | 574 | |
575 | 575 | return do_send_specific(tgid, pid, sig, info); |
576 | 576 | } |
577 | ---- linux-2.6.32-44.98.orig/kernel/sys.c | |
578 | -+++ linux-2.6.32-44.98/kernel/sys.c | |
577 | +--- linux-2.6.32-45.99.orig/kernel/sys.c | |
578 | ++++ linux-2.6.32-45.99/kernel/sys.c | |
579 | 579 | @@ -155,6 +155,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
580 | 580 | |
581 | 581 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -614,8 +614,8 @@ | ||
614 | 614 | |
615 | 615 | down_write(&uts_sem); |
616 | 616 | errno = -EFAULT; |
617 | ---- linux-2.6.32-44.98.orig/kernel/sysctl.c | |
618 | -+++ linux-2.6.32-44.98/kernel/sysctl.c | |
617 | +--- linux-2.6.32-45.99.orig/kernel/sysctl.c | |
618 | ++++ linux-2.6.32-45.99/kernel/sysctl.c | |
619 | 619 | @@ -1853,6 +1853,9 @@ int do_sysctl(int __user *name, int nlen |
620 | 620 | |
621 | 621 | for (head = sysctl_head_next(NULL); head; |
@@ -626,8 +626,8 @@ | ||
626 | 626 | error = parse_table(name, nlen, oldval, oldlenp, |
627 | 627 | newval, newlen, |
628 | 628 | head->root, head->ctl_table); |
629 | ---- linux-2.6.32-44.98.orig/kernel/time.c | |
630 | -+++ linux-2.6.32-44.98/kernel/time.c | |
629 | +--- linux-2.6.32-45.99.orig/kernel/time.c | |
630 | ++++ linux-2.6.32-45.99/kernel/time.c | |
631 | 631 | @@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *, |
632 | 632 | err = security_settime(&tv, NULL); |
633 | 633 | if (err) |
@@ -646,8 +646,8 @@ | ||
646 | 646 | |
647 | 647 | if (tz) { |
648 | 648 | /* SMP safe, global irq locking makes it work. */ |
649 | ---- linux-2.6.32-44.98.orig/kernel/time/ntp.c | |
650 | -+++ linux-2.6.32-44.98/kernel/time/ntp.c | |
649 | +--- linux-2.6.32-45.99.orig/kernel/time/ntp.c | |
650 | ++++ linux-2.6.32-45.99/kernel/time/ntp.c | |
651 | 651 | @@ -14,6 +14,7 @@ |
652 | 652 | #include <linux/timex.h> |
653 | 653 | #include <linux/time.h> |
@@ -656,7 +656,7 @@ | ||
656 | 656 | |
657 | 657 | /* |
658 | 658 | * NTP timekeeping variables: |
659 | -@@ -419,10 +420,15 @@ int do_adjtimex(struct timex *txc) | |
659 | +@@ -423,10 +424,15 @@ int do_adjtimex(struct timex *txc) | |
660 | 660 | if (!(txc->modes & ADJ_OFFSET_READONLY) && |
661 | 661 | !capable(CAP_SYS_TIME)) |
662 | 662 | return -EPERM; |
@@ -672,8 +672,8 @@ | ||
672 | 672 | |
673 | 673 | /* |
674 | 674 | * if the quartz is off by more than 10% then |
675 | ---- linux-2.6.32-44.98.orig/net/ipv4/inet_connection_sock.c | |
676 | -+++ linux-2.6.32-44.98/net/ipv4/inet_connection_sock.c | |
675 | +--- linux-2.6.32-45.99.orig/net/ipv4/inet_connection_sock.c | |
676 | ++++ linux-2.6.32-45.99/net/ipv4/inet_connection_sock.c | |
677 | 677 | @@ -23,6 +23,7 @@ |
678 | 678 | #include <net/route.h> |
679 | 679 | #include <net/tcp_states.h> |
@@ -691,8 +691,8 @@ | ||
691 | 691 | inet_bind_bucket_for_each(tb, node, &head->chain) |
692 | 692 | if (ib_net(tb) == net && tb->port == rover) { |
693 | 693 | if (tb->fastreuse > 0 && |
694 | ---- linux-2.6.32-44.98.orig/net/ipv4/inet_hashtables.c | |
695 | -+++ linux-2.6.32-44.98/net/ipv4/inet_hashtables.c | |
694 | +--- linux-2.6.32-45.99.orig/net/ipv4/inet_hashtables.c | |
695 | ++++ linux-2.6.32-45.99/net/ipv4/inet_hashtables.c | |
696 | 696 | @@ -23,6 +23,7 @@ |
697 | 697 | #include <net/inet_hashtables.h> |
698 | 698 | #include <net/secure_seq.h> |
@@ -710,8 +710,8 @@ | ||
710 | 710 | head = &hinfo->bhash[inet_bhashfn(net, port, |
711 | 711 | hinfo->bhash_size)]; |
712 | 712 | spin_lock(&head->lock); |
713 | ---- linux-2.6.32-44.98.orig/net/ipv4/raw.c | |
714 | -+++ linux-2.6.32-44.98/net/ipv4/raw.c | |
713 | +--- linux-2.6.32-45.99.orig/net/ipv4/raw.c | |
714 | ++++ linux-2.6.32-45.99/net/ipv4/raw.c | |
715 | 715 | @@ -77,6 +77,7 @@ |
716 | 716 | #include <linux/seq_file.h> |
717 | 717 | #include <linux/netfilter.h> |
@@ -731,8 +731,8 @@ | ||
731 | 731 | |
732 | 732 | copied = skb->len; |
733 | 733 | if (len < copied) { |
734 | ---- linux-2.6.32-44.98.orig/net/ipv4/udp.c | |
735 | -+++ linux-2.6.32-44.98/net/ipv4/udp.c | |
734 | +--- linux-2.6.32-45.99.orig/net/ipv4/udp.c | |
735 | ++++ linux-2.6.32-45.99/net/ipv4/udp.c | |
736 | 736 | @@ -105,6 +105,7 @@ |
737 | 737 | #include <net/checksum.h> |
738 | 738 | #include <net/xfrm.h> |
@@ -762,8 +762,8 @@ | ||
762 | 762 | |
763 | 763 | ulen = skb->len - sizeof(struct udphdr); |
764 | 764 | copied = len; |
765 | ---- linux-2.6.32-44.98.orig/net/ipv6/raw.c | |
766 | -+++ linux-2.6.32-44.98/net/ipv6/raw.c | |
765 | +--- linux-2.6.32-45.99.orig/net/ipv6/raw.c | |
766 | ++++ linux-2.6.32-45.99/net/ipv6/raw.c | |
767 | 767 | @@ -59,6 +59,7 @@ |
768 | 768 | |
769 | 769 | #include <linux/proc_fs.h> |
@@ -783,8 +783,8 @@ | ||
783 | 783 | |
784 | 784 | copied = skb->len; |
785 | 785 | if (copied > len) { |
786 | ---- linux-2.6.32-44.98.orig/net/ipv6/udp.c | |
787 | -+++ linux-2.6.32-44.98/net/ipv6/udp.c | |
786 | +--- linux-2.6.32-45.99.orig/net/ipv6/udp.c | |
787 | ++++ linux-2.6.32-45.99/net/ipv6/udp.c | |
788 | 788 | @@ -48,6 +48,7 @@ |
789 | 789 | #include <linux/proc_fs.h> |
790 | 790 | #include <linux/seq_file.h> |
@@ -804,8 +804,8 @@ | ||
804 | 804 | |
805 | 805 | ulen = skb->len - sizeof(struct udphdr); |
806 | 806 | copied = len; |
807 | ---- linux-2.6.32-44.98.orig/net/socket.c | |
808 | -+++ linux-2.6.32-44.98/net/socket.c | |
807 | +--- linux-2.6.32-45.99.orig/net/socket.c | |
808 | ++++ linux-2.6.32-45.99/net/socket.c | |
809 | 809 | @@ -567,6 +567,8 @@ static inline int __sock_sendmsg(struct |
810 | 810 | si->size = size; |
811 | 811 |
@@ -866,8 +866,8 @@ | ||
866 | 866 | if (err) |
867 | 867 | goto out_put; |
868 | 868 | |
869 | ---- linux-2.6.32-44.98.orig/net/unix/af_unix.c | |
870 | -+++ linux-2.6.32-44.98/net/unix/af_unix.c | |
869 | +--- linux-2.6.32-45.99.orig/net/unix/af_unix.c | |
870 | ++++ linux-2.6.32-45.99/net/unix/af_unix.c | |
871 | 871 | @@ -846,6 +846,9 @@ static int unix_bind(struct socket *sock |
872 | 872 | if (err) |
873 | 873 | goto out_mknod_dput; |
@@ -889,8 +889,8 @@ | ||
889 | 889 | if (msg->msg_name) |
890 | 890 | unix_copy_addr(msg, skb->sk); |
891 | 891 | |
892 | ---- linux-2.6.32-44.98.orig/security/Kconfig | |
893 | -+++ linux-2.6.32-44.98/security/Kconfig | |
892 | +--- linux-2.6.32-45.99.orig/security/Kconfig | |
893 | ++++ linux-2.6.32-45.99/security/Kconfig | |
894 | 894 | @@ -203,5 +203,7 @@ config DEFAULT_SECURITY |
895 | 895 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
896 | 896 | default "" if DEFAULT_SECURITY_DAC |
@@ -899,8 +899,8 @@ | ||
899 | 899 | + |
900 | 900 | endmenu |
901 | 901 | |
902 | ---- linux-2.6.32-44.98.orig/security/Makefile | |
903 | -+++ linux-2.6.32-44.98/security/Makefile | |
902 | +--- linux-2.6.32-45.99.orig/security/Makefile | |
903 | ++++ linux-2.6.32-45.99/security/Makefile | |
904 | 904 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
905 | 905 | # Object integrity file lists |
906 | 906 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for Fedora 17. |
2 | 2 | |
3 | -Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/17/SRPMS/kernel-3.6.3-1.fc17.src.rpm | |
3 | +Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/17/SRPMS/kernel-3.6.6-1.fc17.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,9 +28,9 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 250 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.6.3-1.fc17.orig/fs/exec.c | |
32 | -+++ linux-3.6.3-1.fc17/fs/exec.c | |
33 | -@@ -1550,7 +1550,7 @@ static int do_execve_common(const char * | |
31 | +--- linux-3.6.6-1.fc17.orig/fs/exec.c | |
32 | ++++ linux-3.6.6-1.fc17/fs/exec.c | |
33 | +@@ -1551,7 +1551,7 @@ static int do_execve_common(const char * | |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
36 | 36 |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.6.3-1.fc17.orig/fs/open.c | |
43 | -+++ linux-3.6.3-1.fc17/fs/open.c | |
42 | +--- linux-3.6.6-1.fc17.orig/fs/open.c | |
43 | ++++ linux-3.6.6-1.fc17/fs/open.c | |
44 | 44 | @@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.6.3-1.fc17.orig/fs/proc/version.c | |
54 | -+++ linux-3.6.3-1.fc17/fs/proc/version.c | |
53 | +--- linux-3.6.6-1.fc17.orig/fs/proc/version.c | |
54 | ++++ linux-3.6.6-1.fc17/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.6.3-1.fc17 2012/11/01\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.6.6-1.fc17 2012/11/10\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.6.3-1.fc17.orig/include/linux/init_task.h | |
67 | -+++ linux-3.6.3-1.fc17/include/linux/init_task.h | |
66 | +--- linux-3.6.6-1.fc17.orig/include/linux/init_task.h | |
67 | ++++ linux-3.6.6-1.fc17/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.6.3-1.fc17.orig/include/linux/sched.h | |
92 | -+++ linux-3.6.3-1.fc17/include/linux/sched.h | |
91 | +--- linux-3.6.6-1.fc17.orig/include/linux/sched.h | |
92 | ++++ linux-3.6.6-1.fc17/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -99,7 +99,7 @@ | ||
99 | 99 | struct sched_param { |
100 | 100 | int sched_priority; |
101 | 101 | }; |
102 | -@@ -1589,6 +1591,10 @@ struct task_struct { | |
102 | +@@ -1592,6 +1594,10 @@ struct task_struct { | |
103 | 103 | #ifdef CONFIG_UPROBES |
104 | 104 | struct uprobe_task *utask; |
105 | 105 | #endif |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.6.3-1.fc17.orig/include/linux/security.h | |
114 | -+++ linux-3.6.3-1.fc17/include/linux/security.h | |
113 | +--- linux-3.6.6-1.fc17.orig/include/linux/security.h | |
114 | ++++ linux-3.6.6-1.fc17/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.6.3-1.fc17.orig/include/net/ip.h | |
317 | -+++ linux-3.6.3-1.fc17/include/net/ip.h | |
316 | +--- linux-3.6.6-1.fc17.orig/include/net/ip.h | |
317 | ++++ linux-3.6.6-1.fc17/include/net/ip.h | |
318 | 318 | @@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.6.3-1.fc17.orig/kernel/fork.c | |
328 | -+++ linux-3.6.3-1.fc17/kernel/fork.c | |
327 | +--- linux-3.6.6-1.fc17.orig/kernel/fork.c | |
328 | ++++ linux-3.6.6-1.fc17/kernel/fork.c | |
329 | 329 | @@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -334,7 +334,7 @@ | ||
334 | 334 | if (!profile_handoff_task(tsk)) |
335 | 335 | free_task(tsk); |
336 | 336 | } |
337 | -@@ -1320,6 +1321,9 @@ static struct task_struct *copy_process( | |
337 | +@@ -1316,6 +1317,9 @@ static struct task_struct *copy_process( | |
338 | 338 | retval = audit_alloc(p); |
339 | 339 | if (retval) |
340 | 340 | goto bad_fork_cleanup_policy; |
@@ -344,7 +344,7 @@ | ||
344 | 344 | /* copy all the process information */ |
345 | 345 | retval = copy_semundo(clone_flags, p); |
346 | 346 | if (retval) |
347 | -@@ -1520,6 +1524,7 @@ bad_fork_cleanup_semundo: | |
347 | +@@ -1516,6 +1520,7 @@ bad_fork_cleanup_semundo: | |
348 | 348 | exit_sem(p); |
349 | 349 | bad_fork_cleanup_audit: |
350 | 350 | audit_free(p); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.6.3-1.fc17.orig/kernel/kexec.c | |
356 | -+++ linux-3.6.3-1.fc17/kernel/kexec.c | |
355 | +--- linux-3.6.6-1.fc17.orig/kernel/kexec.c | |
356 | ++++ linux-3.6.6-1.fc17/kernel/kexec.c | |
357 | 357 | @@ -38,6 +38,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* |
373 | 373 | * Verify we have a legal set of flags |
374 | ---- linux-3.6.3-1.fc17.orig/kernel/module.c | |
375 | -+++ linux-3.6.3-1.fc17/kernel/module.c | |
374 | +--- linux-3.6.6-1.fc17.orig/kernel/module.c | |
375 | ++++ linux-3.6.6-1.fc17/kernel/module.c | |
376 | 376 | @@ -58,6 +58,7 @@ |
377 | 377 | #include <linux/jump_label.h> |
378 | 378 | #include <linux/pfn.h> |
@@ -399,9 +399,9 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.6.3-1.fc17.orig/kernel/ptrace.c | |
403 | -+++ linux-3.6.3-1.fc17/kernel/ptrace.c | |
404 | -@@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
402 | +--- linux-3.6.6-1.fc17.orig/kernel/ptrace.c | |
403 | ++++ linux-3.6.6-1.fc17/kernel/ptrace.c | |
404 | +@@ -865,6 +865,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
407 | 407 | long ret; |
@@ -413,7 +413,7 @@ | ||
413 | 413 | |
414 | 414 | if (request == PTRACE_TRACEME) { |
415 | 415 | ret = ptrace_traceme(); |
416 | -@@ -1004,6 +1009,11 @@ asmlinkage long compat_sys_ptrace(compat | |
416 | +@@ -1010,6 +1015,11 @@ asmlinkage long compat_sys_ptrace(compat | |
417 | 417 | { |
418 | 418 | struct task_struct *child; |
419 | 419 | long ret; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.6.3-1.fc17.orig/kernel/sched/core.c | |
429 | -+++ linux-3.6.3-1.fc17/kernel/sched/core.c | |
428 | +--- linux-3.6.6-1.fc17.orig/kernel/sched/core.c | |
429 | ++++ linux-3.6.6-1.fc17/kernel/sched/core.c | |
430 | 430 | @@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.6.3-1.fc17.orig/kernel/signal.c | |
440 | -+++ linux-3.6.3-1.fc17/kernel/signal.c | |
439 | +--- linux-3.6.6-1.fc17.orig/kernel/signal.c | |
440 | ++++ linux-3.6.6-1.fc17/kernel/signal.c | |
441 | 441 | @@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.6.3-1.fc17.orig/kernel/sys.c | |
487 | -+++ linux-3.6.3-1.fc17/kernel/sys.c | |
486 | +--- linux-3.6.6-1.fc17.orig/kernel/sys.c | |
487 | ++++ linux-3.6.6-1.fc17/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.6.3-1.fc17.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.6.3-1.fc17/kernel/time/ntp.c | |
526 | +--- linux-3.6.6-1.fc17.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.6.6-1.fc17/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.6.3-1.fc17.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.6.3-1.fc17/net/ipv4/raw.c | |
561 | +--- linux-3.6.6-1.fc17.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.6.6-1.fc17/net/ipv4/raw.c | |
563 | 563 | @@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.6.3-1.fc17.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.6.3-1.fc17/net/ipv4/udp.c | |
574 | +--- linux-3.6.6-1.fc17.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.6.6-1.fc17/net/ipv4/udp.c | |
576 | 576 | @@ -1193,6 +1193,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.6.3-1.fc17.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.6.3-1.fc17/net/ipv6/raw.c | |
587 | +--- linux-3.6.6-1.fc17.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.6.6-1.fc17/net/ipv6/raw.c | |
589 | 589 | @@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.6.3-1.fc17.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.6.3-1.fc17/net/ipv6/udp.c | |
600 | +--- linux-3.6.6-1.fc17.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.6.6-1.fc17/net/ipv6/udp.c | |
602 | 602 | @@ -363,6 +363,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.6.3-1.fc17.orig/net/socket.c | |
614 | -+++ linux-3.6.3-1.fc17/net/socket.c | |
613 | +--- linux-3.6.6-1.fc17.orig/net/socket.c | |
614 | ++++ linux-3.6.6-1.fc17/net/socket.c | |
615 | 615 | @@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.6.3-1.fc17.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.6.3-1.fc17/net/unix/af_unix.c | |
626 | +--- linux-3.6.6-1.fc17.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.6.6-1.fc17/net/unix/af_unix.c | |
628 | 628 | @@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.6.3-1.fc17.orig/security/Kconfig | |
640 | -+++ linux-3.6.3-1.fc17/security/Kconfig | |
639 | +--- linux-3.6.6-1.fc17.orig/security/Kconfig | |
640 | ++++ linux-3.6.6-1.fc17/security/Kconfig | |
641 | 641 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.6.3-1.fc17.orig/security/Makefile | |
650 | -+++ linux-3.6.3-1.fc17/security/Makefile | |
649 | +--- linux-3.6.6-1.fc17.orig/security/Makefile | |
650 | ++++ linux-3.6.6-1.fc17/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.6.3-1.fc17.orig/security/security.c | |
659 | -+++ linux-3.6.3-1.fc17/security/security.c | |
658 | +--- linux-3.6.6-1.fc17.orig/security/security.c | |
659 | ++++ linux-3.6.6-1.fc17/security/security.c | |
660 | 660 | @@ -190,7 +190,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for VineLinux 6.1. |
2 | 2 | |
3 | -Source code for this patch is http://updates.vinelinux.org/Vine-6.1/updates/SRPMS/kernel-3.0.46-1vl6.src.rpm | |
3 | +Source code for this patch is http://updates.vinelinux.org/Vine-6.1/updates/SRPMS/kernel-3.0.50-1vl6.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 247 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.0.46-1vl6.orig/fs/exec.c | |
32 | -+++ linux-3.0.46-1vl6/fs/exec.c | |
31 | +--- linux-3.0.50-1vl6.orig/fs/exec.c | |
32 | ++++ linux-3.0.50-1vl6/fs/exec.c | |
33 | 33 | @@ -1495,7 +1495,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.0.46-1vl6.orig/fs/open.c | |
43 | -+++ linux-3.0.46-1vl6/fs/open.c | |
42 | +--- linux-3.0.50-1vl6.orig/fs/open.c | |
43 | ++++ linux-3.0.50-1vl6/fs/open.c | |
44 | 44 | @@ -1125,6 +1125,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.0.46-1vl6.orig/fs/proc/version.c | |
54 | -+++ linux-3.0.46-1vl6/fs/proc/version.c | |
53 | +--- linux-3.0.50-1vl6.orig/fs/proc/version.c | |
54 | ++++ linux-3.0.50-1vl6/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.0.46-1vl6 2012/10/27\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.0.50-1vl6 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.0.46-1vl6.orig/include/linux/init_task.h | |
67 | -+++ linux-3.0.46-1vl6/include/linux/init_task.h | |
66 | +--- linux-3.0.50-1vl6.orig/include/linux/init_task.h | |
67 | ++++ linux-3.0.50-1vl6/include/linux/init_task.h | |
68 | 68 | @@ -142,6 +142,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_PERF_EVENTS(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.0.46-1vl6.orig/include/linux/sched.h | |
92 | -+++ linux-3.0.46-1vl6/include/linux/sched.h | |
91 | +--- linux-3.0.50-1vl6.orig/include/linux/sched.h | |
92 | ++++ linux-3.0.50-1vl6/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.0.46-1vl6.orig/include/linux/security.h | |
114 | -+++ linux-3.0.46-1vl6/include/linux/security.h | |
113 | +--- linux-3.0.50-1vl6.orig/include/linux/security.h | |
114 | ++++ linux-3.0.50-1vl6/include/linux/security.h | |
115 | 115 | @@ -37,6 +37,7 @@ |
116 | 116 | #include <linux/xfrm.h> |
117 | 117 | #include <linux/slab.h> |
@@ -310,8 +310,8 @@ | ||
310 | 310 | } |
311 | 311 | #endif /* CONFIG_SECURITY_PATH */ |
312 | 312 | |
313 | ---- linux-3.0.46-1vl6.orig/include/net/ip.h | |
314 | -+++ linux-3.0.46-1vl6/include/net/ip.h | |
313 | +--- linux-3.0.50-1vl6.orig/include/net/ip.h | |
314 | ++++ linux-3.0.50-1vl6/include/net/ip.h | |
315 | 315 | @@ -216,6 +216,8 @@ extern void inet_get_local_port_range(in |
316 | 316 | extern unsigned long *sysctl_local_reserved_ports; |
317 | 317 | static inline int inet_is_reserved_local_port(int port) |
@@ -321,8 +321,8 @@ | ||
321 | 321 | return test_bit(port, sysctl_local_reserved_ports); |
322 | 322 | } |
323 | 323 | |
324 | ---- linux-3.0.46-1vl6.orig/kernel/fork.c | |
325 | -+++ linux-3.0.46-1vl6/kernel/fork.c | |
324 | +--- linux-3.0.50-1vl6.orig/kernel/fork.c | |
325 | ++++ linux-3.0.50-1vl6/kernel/fork.c | |
326 | 326 | @@ -197,6 +197,7 @@ void __put_task_struct(struct task_struc |
327 | 327 | delayacct_tsk_free(tsk); |
328 | 328 | put_signal_struct(tsk->signal); |
@@ -349,8 +349,8 @@ | ||
349 | 349 | bad_fork_cleanup_policy: |
350 | 350 | perf_event_free_task(p); |
351 | 351 | #ifdef CONFIG_NUMA |
352 | ---- linux-3.0.46-1vl6.orig/kernel/kexec.c | |
353 | -+++ linux-3.0.46-1vl6/kernel/kexec.c | |
352 | +--- linux-3.0.50-1vl6.orig/kernel/kexec.c | |
353 | ++++ linux-3.0.50-1vl6/kernel/kexec.c | |
354 | 354 | @@ -40,6 +40,7 @@ |
355 | 355 | #include <asm/io.h> |
356 | 356 | #include <asm/system.h> |
@@ -368,8 +368,8 @@ | ||
368 | 368 | |
369 | 369 | /* |
370 | 370 | * Verify we have a legal set of flags |
371 | ---- linux-3.0.46-1vl6.orig/kernel/module.c | |
372 | -+++ linux-3.0.46-1vl6/kernel/module.c | |
371 | +--- linux-3.0.50-1vl6.orig/kernel/module.c | |
372 | ++++ linux-3.0.50-1vl6/kernel/module.c | |
373 | 373 | @@ -58,6 +58,7 @@ |
374 | 374 | #include <linux/jump_label.h> |
375 | 375 | #include <linux/pfn.h> |
@@ -387,7 +387,7 @@ | ||
387 | 387 | |
388 | 388 | if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) |
389 | 389 | return -EFAULT; |
390 | -@@ -2888,6 +2891,8 @@ SYSCALL_DEFINE3(init_module, void __user | |
390 | +@@ -2892,6 +2895,8 @@ SYSCALL_DEFINE3(init_module, void __user | |
391 | 391 | /* Must have permission */ |
392 | 392 | if (!capable(CAP_SYS_MODULE) || modules_disabled) |
393 | 393 | return -EPERM; |
@@ -396,8 +396,8 @@ | ||
396 | 396 | |
397 | 397 | /* Do all the hard work */ |
398 | 398 | mod = load_module(umod, len, uargs); |
399 | ---- linux-3.0.46-1vl6.orig/kernel/ptrace.c | |
400 | -+++ linux-3.0.46-1vl6/kernel/ptrace.c | |
399 | +--- linux-3.0.50-1vl6.orig/kernel/ptrace.c | |
400 | ++++ linux-3.0.50-1vl6/kernel/ptrace.c | |
401 | 401 | @@ -747,6 +747,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
402 | 402 | { |
403 | 403 | struct task_struct *child; |
@@ -422,8 +422,8 @@ | ||
422 | 422 | |
423 | 423 | if (request == PTRACE_TRACEME) { |
424 | 424 | ret = ptrace_traceme(); |
425 | ---- linux-3.0.46-1vl6.orig/kernel/sched.c | |
426 | -+++ linux-3.0.46-1vl6/kernel/sched.c | |
425 | +--- linux-3.0.50-1vl6.orig/kernel/sched.c | |
426 | ++++ linux-3.0.50-1vl6/kernel/sched.c | |
427 | 427 | @@ -4932,6 +4932,8 @@ int can_nice(const struct task_struct *p |
428 | 428 | SYSCALL_DEFINE1(nice, int, increment) |
429 | 429 | { |
@@ -433,8 +433,8 @@ | ||
433 | 433 | |
434 | 434 | /* |
435 | 435 | * Setpriority might change our priority at the same moment. |
436 | ---- linux-3.0.46-1vl6.orig/kernel/signal.c | |
437 | -+++ linux-3.0.46-1vl6/kernel/signal.c | |
436 | +--- linux-3.0.50-1vl6.orig/kernel/signal.c | |
437 | ++++ linux-3.0.50-1vl6/kernel/signal.c | |
438 | 438 | @@ -2620,6 +2620,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
439 | 439 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
440 | 440 | { |
@@ -480,8 +480,8 @@ | ||
480 | 480 | |
481 | 481 | return do_send_specific(tgid, pid, sig, info); |
482 | 482 | } |
483 | ---- linux-3.0.46-1vl6.orig/kernel/sys.c | |
484 | -+++ linux-3.0.46-1vl6/kernel/sys.c | |
483 | +--- linux-3.0.50-1vl6.orig/kernel/sys.c | |
484 | ++++ linux-3.0.50-1vl6/kernel/sys.c | |
485 | 485 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
486 | 486 | |
487 | 487 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -502,7 +502,7 @@ | ||
502 | 502 | |
503 | 503 | /* Instead of trying to make the power_off code look like |
504 | 504 | * halt when pm_power_off is not set do it the easy way. |
505 | -@@ -1241,6 +1247,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
505 | +@@ -1243,6 +1249,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
506 | 506 | |
507 | 507 | if (len < 0 || len > __NEW_UTS_LEN) |
508 | 508 | return -EINVAL; |
@@ -511,7 +511,7 @@ | ||
511 | 511 | down_write(&uts_sem); |
512 | 512 | errno = -EFAULT; |
513 | 513 | if (!copy_from_user(tmp, name, len)) { |
514 | -@@ -1290,6 +1298,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
514 | +@@ -1292,6 +1300,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
515 | 515 | return -EPERM; |
516 | 516 | if (len < 0 || len > __NEW_UTS_LEN) |
517 | 517 | return -EINVAL; |
@@ -520,8 +520,8 @@ | ||
520 | 520 | |
521 | 521 | down_write(&uts_sem); |
522 | 522 | errno = -EFAULT; |
523 | ---- linux-3.0.46-1vl6.orig/kernel/time/ntp.c | |
524 | -+++ linux-3.0.46-1vl6/kernel/time/ntp.c | |
523 | +--- linux-3.0.50-1vl6.orig/kernel/time/ntp.c | |
524 | ++++ linux-3.0.50-1vl6/kernel/time/ntp.c | |
525 | 525 | @@ -15,6 +15,7 @@ |
526 | 526 | #include <linux/time.h> |
527 | 527 | #include <linux/mm.h> |
@@ -555,8 +555,8 @@ | ||
555 | 555 | if (!(txc->modes & ADJ_NANO)) |
556 | 556 | delta.tv_nsec *= 1000; |
557 | 557 | result = timekeeping_inject_offset(&delta); |
558 | ---- linux-3.0.46-1vl6.orig/net/ipv4/raw.c | |
559 | -+++ linux-3.0.46-1vl6/net/ipv4/raw.c | |
558 | +--- linux-3.0.50-1vl6.orig/net/ipv4/raw.c | |
559 | ++++ linux-3.0.50-1vl6/net/ipv4/raw.c | |
560 | 560 | @@ -695,6 +695,10 @@ static int raw_recvmsg(struct kiocb *ioc |
561 | 561 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
562 | 562 | if (!skb) |
@@ -568,8 +568,8 @@ | ||
568 | 568 | |
569 | 569 | copied = skb->len; |
570 | 570 | if (len < copied) { |
571 | ---- linux-3.0.46-1vl6.orig/net/ipv4/udp.c | |
572 | -+++ linux-3.0.46-1vl6/net/ipv4/udp.c | |
571 | +--- linux-3.0.50-1vl6.orig/net/ipv4/udp.c | |
572 | ++++ linux-3.0.50-1vl6/net/ipv4/udp.c | |
573 | 573 | @@ -1183,6 +1183,10 @@ try_again: |
574 | 574 | &peeked, &err); |
575 | 575 | if (!skb) |
@@ -581,8 +581,8 @@ | ||
581 | 581 | |
582 | 582 | ulen = skb->len - sizeof(struct udphdr); |
583 | 583 | if (len > ulen) |
584 | ---- linux-3.0.46-1vl6.orig/net/ipv6/raw.c | |
585 | -+++ linux-3.0.46-1vl6/net/ipv6/raw.c | |
584 | +--- linux-3.0.50-1vl6.orig/net/ipv6/raw.c | |
585 | ++++ linux-3.0.50-1vl6/net/ipv6/raw.c | |
586 | 586 | @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i |
587 | 587 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
588 | 588 | if (!skb) |
@@ -594,8 +594,8 @@ | ||
594 | 594 | |
595 | 595 | copied = skb->len; |
596 | 596 | if (copied > len) { |
597 | ---- linux-3.0.46-1vl6.orig/net/ipv6/udp.c | |
598 | -+++ linux-3.0.46-1vl6/net/ipv6/udp.c | |
597 | +--- linux-3.0.50-1vl6.orig/net/ipv6/udp.c | |
598 | ++++ linux-3.0.50-1vl6/net/ipv6/udp.c | |
599 | 599 | @@ -361,6 +361,10 @@ try_again: |
600 | 600 | &peeked, &err); |
601 | 601 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len - sizeof(struct udphdr); |
609 | 609 | if (len > ulen) |
610 | ---- linux-3.0.46-1vl6.orig/net/socket.c | |
611 | -+++ linux-3.0.46-1vl6/net/socket.c | |
610 | +--- linux-3.0.50-1vl6.orig/net/socket.c | |
611 | ++++ linux-3.0.50-1vl6/net/socket.c | |
612 | 612 | @@ -1530,6 +1530,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
613 | 613 | if (err < 0) |
614 | 614 | goto out_fd; |
@@ -620,8 +620,8 @@ | ||
620 | 620 | if (upeer_sockaddr) { |
621 | 621 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
622 | 622 | &len, 2) < 0) { |
623 | ---- linux-3.0.46-1vl6.orig/net/unix/af_unix.c | |
624 | -+++ linux-3.0.46-1vl6/net/unix/af_unix.c | |
623 | +--- linux-3.0.50-1vl6.orig/net/unix/af_unix.c | |
624 | ++++ linux-3.0.50-1vl6/net/unix/af_unix.c | |
625 | 625 | @@ -1762,6 +1762,10 @@ static int unix_dgram_recvmsg(struct kio |
626 | 626 | wake_up_interruptible_sync_poll(&u->peer_wait, |
627 | 627 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -633,8 +633,8 @@ | ||
633 | 633 | if (msg->msg_name) |
634 | 634 | unix_copy_addr(msg, skb->sk); |
635 | 635 | |
636 | ---- linux-3.0.46-1vl6.orig/security/Kconfig | |
637 | -+++ linux-3.0.46-1vl6/security/Kconfig | |
636 | +--- linux-3.0.50-1vl6.orig/security/Kconfig | |
637 | ++++ linux-3.0.50-1vl6/security/Kconfig | |
638 | 638 | @@ -225,5 +225,7 @@ config DEFAULT_SECURITY |
639 | 639 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
640 | 640 | default "" if DEFAULT_SECURITY_DAC |
@@ -643,8 +643,8 @@ | ||
643 | 643 | + |
644 | 644 | endmenu |
645 | 645 | |
646 | ---- linux-3.0.46-1vl6.orig/security/Makefile | |
647 | -+++ linux-3.0.46-1vl6/security/Makefile | |
646 | +--- linux-3.0.50-1vl6.orig/security/Makefile | |
647 | ++++ linux-3.0.50-1vl6/security/Makefile | |
648 | 648 | @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
649 | 649 | # Object integrity file lists |
650 | 650 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -652,8 +652,8 @@ | ||
652 | 652 | + |
653 | 653 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
654 | 654 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
655 | ---- linux-3.0.46-1vl6.orig/security/security.c | |
656 | -+++ linux-3.0.46-1vl6/security/security.c | |
655 | +--- linux-3.0.50-1vl6.orig/security/security.c | |
656 | ++++ linux-3.0.50-1vl6/security/security.c | |
657 | 657 | @@ -202,7 +202,10 @@ int security_syslog(int type) |
658 | 658 | |
659 | 659 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 3.0.50. | |
1 | +This is TOMOYO Linux patch for kernel 3.0.51. | |
2 | 2 | |
3 | -Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.50.tar.bz2 | |
3 | +Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.51.tar.bz2 | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 247 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.0.50.orig/fs/exec.c | |
32 | -+++ linux-3.0.50/fs/exec.c | |
31 | +--- linux-3.0.51.orig/fs/exec.c | |
32 | ++++ linux-3.0.51/fs/exec.c | |
33 | 33 | @@ -1495,7 +1495,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.0.50.orig/fs/open.c | |
43 | -+++ linux-3.0.50/fs/open.c | |
42 | +--- linux-3.0.51.orig/fs/open.c | |
43 | ++++ linux-3.0.51/fs/open.c | |
44 | 44 | @@ -1125,6 +1125,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.0.50.orig/fs/proc/version.c | |
54 | -+++ linux-3.0.50/fs/proc/version.c | |
53 | +--- linux-3.0.51.orig/fs/proc/version.c | |
54 | ++++ linux-3.0.51/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.0.50 2012/11/01\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.0.51 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.0.50.orig/include/linux/init_task.h | |
67 | -+++ linux-3.0.50/include/linux/init_task.h | |
66 | +--- linux-3.0.51.orig/include/linux/init_task.h | |
67 | ++++ linux-3.0.51/include/linux/init_task.h | |
68 | 68 | @@ -142,6 +142,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_PERF_EVENTS(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.0.50.orig/include/linux/sched.h | |
92 | -+++ linux-3.0.50/include/linux/sched.h | |
91 | +--- linux-3.0.51.orig/include/linux/sched.h | |
92 | ++++ linux-3.0.51/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.0.50.orig/include/linux/security.h | |
114 | -+++ linux-3.0.50/include/linux/security.h | |
113 | +--- linux-3.0.51.orig/include/linux/security.h | |
114 | ++++ linux-3.0.51/include/linux/security.h | |
115 | 115 | @@ -37,6 +37,7 @@ |
116 | 116 | #include <linux/xfrm.h> |
117 | 117 | #include <linux/slab.h> |
@@ -310,8 +310,8 @@ | ||
310 | 310 | } |
311 | 311 | #endif /* CONFIG_SECURITY_PATH */ |
312 | 312 | |
313 | ---- linux-3.0.50.orig/include/net/ip.h | |
314 | -+++ linux-3.0.50/include/net/ip.h | |
313 | +--- linux-3.0.51.orig/include/net/ip.h | |
314 | ++++ linux-3.0.51/include/net/ip.h | |
315 | 315 | @@ -216,6 +216,8 @@ extern void inet_get_local_port_range(in |
316 | 316 | extern unsigned long *sysctl_local_reserved_ports; |
317 | 317 | static inline int inet_is_reserved_local_port(int port) |
@@ -321,8 +321,8 @@ | ||
321 | 321 | return test_bit(port, sysctl_local_reserved_ports); |
322 | 322 | } |
323 | 323 | |
324 | ---- linux-3.0.50.orig/kernel/fork.c | |
325 | -+++ linux-3.0.50/kernel/fork.c | |
324 | +--- linux-3.0.51.orig/kernel/fork.c | |
325 | ++++ linux-3.0.51/kernel/fork.c | |
326 | 326 | @@ -197,6 +197,7 @@ void __put_task_struct(struct task_struc |
327 | 327 | delayacct_tsk_free(tsk); |
328 | 328 | put_signal_struct(tsk->signal); |
@@ -349,8 +349,8 @@ | ||
349 | 349 | bad_fork_cleanup_policy: |
350 | 350 | perf_event_free_task(p); |
351 | 351 | #ifdef CONFIG_NUMA |
352 | ---- linux-3.0.50.orig/kernel/kexec.c | |
353 | -+++ linux-3.0.50/kernel/kexec.c | |
352 | +--- linux-3.0.51.orig/kernel/kexec.c | |
353 | ++++ linux-3.0.51/kernel/kexec.c | |
354 | 354 | @@ -40,6 +40,7 @@ |
355 | 355 | #include <asm/io.h> |
356 | 356 | #include <asm/system.h> |
@@ -368,8 +368,8 @@ | ||
368 | 368 | |
369 | 369 | /* |
370 | 370 | * Verify we have a legal set of flags |
371 | ---- linux-3.0.50.orig/kernel/module.c | |
372 | -+++ linux-3.0.50/kernel/module.c | |
371 | +--- linux-3.0.51.orig/kernel/module.c | |
372 | ++++ linux-3.0.51/kernel/module.c | |
373 | 373 | @@ -58,6 +58,7 @@ |
374 | 374 | #include <linux/jump_label.h> |
375 | 375 | #include <linux/pfn.h> |
@@ -396,8 +396,8 @@ | ||
396 | 396 | |
397 | 397 | /* Do all the hard work */ |
398 | 398 | mod = load_module(umod, len, uargs); |
399 | ---- linux-3.0.50.orig/kernel/ptrace.c | |
400 | -+++ linux-3.0.50/kernel/ptrace.c | |
399 | +--- linux-3.0.51.orig/kernel/ptrace.c | |
400 | ++++ linux-3.0.51/kernel/ptrace.c | |
401 | 401 | @@ -747,6 +747,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
402 | 402 | { |
403 | 403 | struct task_struct *child; |
@@ -422,8 +422,8 @@ | ||
422 | 422 | |
423 | 423 | if (request == PTRACE_TRACEME) { |
424 | 424 | ret = ptrace_traceme(); |
425 | ---- linux-3.0.50.orig/kernel/sched.c | |
426 | -+++ linux-3.0.50/kernel/sched.c | |
425 | +--- linux-3.0.51.orig/kernel/sched.c | |
426 | ++++ linux-3.0.51/kernel/sched.c | |
427 | 427 | @@ -4932,6 +4932,8 @@ int can_nice(const struct task_struct *p |
428 | 428 | SYSCALL_DEFINE1(nice, int, increment) |
429 | 429 | { |
@@ -433,8 +433,8 @@ | ||
433 | 433 | |
434 | 434 | /* |
435 | 435 | * Setpriority might change our priority at the same moment. |
436 | ---- linux-3.0.50.orig/kernel/signal.c | |
437 | -+++ linux-3.0.50/kernel/signal.c | |
436 | +--- linux-3.0.51.orig/kernel/signal.c | |
437 | ++++ linux-3.0.51/kernel/signal.c | |
438 | 438 | @@ -2620,6 +2620,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
439 | 439 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
440 | 440 | { |
@@ -480,8 +480,8 @@ | ||
480 | 480 | |
481 | 481 | return do_send_specific(tgid, pid, sig, info); |
482 | 482 | } |
483 | ---- linux-3.0.50.orig/kernel/sys.c | |
484 | -+++ linux-3.0.50/kernel/sys.c | |
483 | +--- linux-3.0.51.orig/kernel/sys.c | |
484 | ++++ linux-3.0.51/kernel/sys.c | |
485 | 485 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
486 | 486 | |
487 | 487 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -520,8 +520,8 @@ | ||
520 | 520 | |
521 | 521 | down_write(&uts_sem); |
522 | 522 | errno = -EFAULT; |
523 | ---- linux-3.0.50.orig/kernel/time/ntp.c | |
524 | -+++ linux-3.0.50/kernel/time/ntp.c | |
523 | +--- linux-3.0.51.orig/kernel/time/ntp.c | |
524 | ++++ linux-3.0.51/kernel/time/ntp.c | |
525 | 525 | @@ -15,6 +15,7 @@ |
526 | 526 | #include <linux/time.h> |
527 | 527 | #include <linux/mm.h> |
@@ -555,8 +555,8 @@ | ||
555 | 555 | if (!(txc->modes & ADJ_NANO)) |
556 | 556 | delta.tv_nsec *= 1000; |
557 | 557 | result = timekeeping_inject_offset(&delta); |
558 | ---- linux-3.0.50.orig/net/ipv4/raw.c | |
559 | -+++ linux-3.0.50/net/ipv4/raw.c | |
558 | +--- linux-3.0.51.orig/net/ipv4/raw.c | |
559 | ++++ linux-3.0.51/net/ipv4/raw.c | |
560 | 560 | @@ -695,6 +695,10 @@ static int raw_recvmsg(struct kiocb *ioc |
561 | 561 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
562 | 562 | if (!skb) |
@@ -568,8 +568,8 @@ | ||
568 | 568 | |
569 | 569 | copied = skb->len; |
570 | 570 | if (len < copied) { |
571 | ---- linux-3.0.50.orig/net/ipv4/udp.c | |
572 | -+++ linux-3.0.50/net/ipv4/udp.c | |
571 | +--- linux-3.0.51.orig/net/ipv4/udp.c | |
572 | ++++ linux-3.0.51/net/ipv4/udp.c | |
573 | 573 | @@ -1183,6 +1183,10 @@ try_again: |
574 | 574 | &peeked, &err); |
575 | 575 | if (!skb) |
@@ -581,8 +581,8 @@ | ||
581 | 581 | |
582 | 582 | ulen = skb->len - sizeof(struct udphdr); |
583 | 583 | if (len > ulen) |
584 | ---- linux-3.0.50.orig/net/ipv6/raw.c | |
585 | -+++ linux-3.0.50/net/ipv6/raw.c | |
584 | +--- linux-3.0.51.orig/net/ipv6/raw.c | |
585 | ++++ linux-3.0.51/net/ipv6/raw.c | |
586 | 586 | @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i |
587 | 587 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
588 | 588 | if (!skb) |
@@ -594,8 +594,8 @@ | ||
594 | 594 | |
595 | 595 | copied = skb->len; |
596 | 596 | if (copied > len) { |
597 | ---- linux-3.0.50.orig/net/ipv6/udp.c | |
598 | -+++ linux-3.0.50/net/ipv6/udp.c | |
597 | +--- linux-3.0.51.orig/net/ipv6/udp.c | |
598 | ++++ linux-3.0.51/net/ipv6/udp.c | |
599 | 599 | @@ -361,6 +361,10 @@ try_again: |
600 | 600 | &peeked, &err); |
601 | 601 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len - sizeof(struct udphdr); |
609 | 609 | if (len > ulen) |
610 | ---- linux-3.0.50.orig/net/socket.c | |
611 | -+++ linux-3.0.50/net/socket.c | |
610 | +--- linux-3.0.51.orig/net/socket.c | |
611 | ++++ linux-3.0.51/net/socket.c | |
612 | 612 | @@ -1530,6 +1530,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
613 | 613 | if (err < 0) |
614 | 614 | goto out_fd; |
@@ -620,8 +620,8 @@ | ||
620 | 620 | if (upeer_sockaddr) { |
621 | 621 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
622 | 622 | &len, 2) < 0) { |
623 | ---- linux-3.0.50.orig/net/unix/af_unix.c | |
624 | -+++ linux-3.0.50/net/unix/af_unix.c | |
623 | +--- linux-3.0.51.orig/net/unix/af_unix.c | |
624 | ++++ linux-3.0.51/net/unix/af_unix.c | |
625 | 625 | @@ -1762,6 +1762,10 @@ static int unix_dgram_recvmsg(struct kio |
626 | 626 | wake_up_interruptible_sync_poll(&u->peer_wait, |
627 | 627 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -633,8 +633,8 @@ | ||
633 | 633 | if (msg->msg_name) |
634 | 634 | unix_copy_addr(msg, skb->sk); |
635 | 635 | |
636 | ---- linux-3.0.50.orig/security/Kconfig | |
637 | -+++ linux-3.0.50/security/Kconfig | |
636 | +--- linux-3.0.51.orig/security/Kconfig | |
637 | ++++ linux-3.0.51/security/Kconfig | |
638 | 638 | @@ -225,5 +225,7 @@ config DEFAULT_SECURITY |
639 | 639 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
640 | 640 | default "" if DEFAULT_SECURITY_DAC |
@@ -643,8 +643,8 @@ | ||
643 | 643 | + |
644 | 644 | endmenu |
645 | 645 | |
646 | ---- linux-3.0.50.orig/security/Makefile | |
647 | -+++ linux-3.0.50/security/Makefile | |
646 | +--- linux-3.0.51.orig/security/Makefile | |
647 | ++++ linux-3.0.51/security/Makefile | |
648 | 648 | @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
649 | 649 | # Object integrity file lists |
650 | 650 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -652,8 +652,8 @@ | ||
652 | 652 | + |
653 | 653 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
654 | 654 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
655 | ---- linux-3.0.50.orig/security/security.c | |
656 | -+++ linux-3.0.50/security/security.c | |
655 | +--- linux-3.0.51.orig/security/security.c | |
656 | ++++ linux-3.0.51/security/security.c | |
657 | 657 | @@ -202,7 +202,10 @@ int security_syslog(int type) |
658 | 658 | |
659 | 659 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 3.4.17. | |
1 | +This is TOMOYO Linux patch for kernel 3.4.18. | |
2 | 2 | |
3 | -Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.4.17.tar.bz2 | |
3 | +Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.4.18.tar.bz2 | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 250 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.4.17.orig/fs/exec.c | |
32 | -+++ linux-3.4.17/fs/exec.c | |
31 | +--- linux-3.4.18.orig/fs/exec.c | |
32 | ++++ linux-3.4.18/fs/exec.c | |
33 | 33 | @@ -1542,7 +1542,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.4.17.orig/fs/open.c | |
43 | -+++ linux-3.4.17/fs/open.c | |
42 | +--- linux-3.4.18.orig/fs/open.c | |
43 | ++++ linux-3.4.18/fs/open.c | |
44 | 44 | @@ -1107,6 +1107,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.4.17.orig/fs/proc/version.c | |
54 | -+++ linux-3.4.17/fs/proc/version.c | |
53 | +--- linux-3.4.18.orig/fs/proc/version.c | |
54 | ++++ linux-3.4.18/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.4.17 2012/11/01\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.4.18 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.4.17.orig/include/linux/init_task.h | |
67 | -+++ linux-3.4.17/include/linux/init_task.h | |
66 | +--- linux-3.4.18.orig/include/linux/init_task.h | |
67 | ++++ linux-3.4.18/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.4.17.orig/include/linux/sched.h | |
92 | -+++ linux-3.4.17/include/linux/sched.h | |
91 | +--- linux-3.4.18.orig/include/linux/sched.h | |
92 | ++++ linux-3.4.18/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.4.17.orig/include/linux/security.h | |
114 | -+++ linux-3.4.17/include/linux/security.h | |
113 | +--- linux-3.4.18.orig/include/linux/security.h | |
114 | ++++ linux-3.4.18/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.4.17.orig/include/net/ip.h | |
317 | -+++ linux-3.4.17/include/net/ip.h | |
316 | +--- linux-3.4.18.orig/include/net/ip.h | |
317 | ++++ linux-3.4.18/include/net/ip.h | |
318 | 318 | @@ -217,6 +217,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.4.17.orig/kernel/fork.c | |
328 | -+++ linux-3.4.17/kernel/fork.c | |
327 | +--- linux-3.4.18.orig/kernel/fork.c | |
328 | ++++ linux-3.4.18/kernel/fork.c | |
329 | 329 | @@ -199,6 +199,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.4.17.orig/kernel/kexec.c | |
356 | -+++ linux-3.4.17/kernel/kexec.c | |
355 | +--- linux-3.4.18.orig/kernel/kexec.c | |
356 | ++++ linux-3.4.18/kernel/kexec.c | |
357 | 357 | @@ -38,6 +38,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* |
373 | 373 | * Verify we have a legal set of flags |
374 | ---- linux-3.4.17.orig/kernel/module.c | |
375 | -+++ linux-3.4.17/kernel/module.c | |
374 | +--- linux-3.4.18.orig/kernel/module.c | |
375 | ++++ linux-3.4.18/kernel/module.c | |
376 | 376 | @@ -58,6 +58,7 @@ |
377 | 377 | #include <linux/jump_label.h> |
378 | 378 | #include <linux/pfn.h> |
@@ -399,8 +399,8 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.4.17.orig/kernel/ptrace.c | |
403 | -+++ linux-3.4.17/kernel/ptrace.c | |
402 | +--- linux-3.4.18.orig/kernel/ptrace.c | |
403 | ++++ linux-3.4.18/kernel/ptrace.c | |
404 | 404 | @@ -860,6 +860,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.4.17.orig/kernel/sched/core.c | |
429 | -+++ linux-3.4.17/kernel/sched/core.c | |
428 | +--- linux-3.4.18.orig/kernel/sched/core.c | |
429 | ++++ linux-3.4.18/kernel/sched/core.c | |
430 | 430 | @@ -4060,6 +4060,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.4.17.orig/kernel/signal.c | |
440 | -+++ linux-3.4.17/kernel/signal.c | |
439 | +--- linux-3.4.18.orig/kernel/signal.c | |
440 | ++++ linux-3.4.18/kernel/signal.c | |
441 | 441 | @@ -2823,6 +2823,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.4.17.orig/kernel/sys.c | |
487 | -+++ linux-3.4.17/kernel/sys.c | |
486 | +--- linux-3.4.18.orig/kernel/sys.c | |
487 | ++++ linux-3.4.18/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.4.17.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.4.17/kernel/time/ntp.c | |
526 | +--- linux-3.4.18.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.4.18/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.4.17.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.4.17/net/ipv4/raw.c | |
561 | +--- linux-3.4.18.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.4.18/net/ipv4/raw.c | |
563 | 563 | @@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.4.17.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.4.17/net/ipv4/udp.c | |
574 | +--- linux-3.4.18.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.4.18/net/ipv4/udp.c | |
576 | 576 | @@ -1187,6 +1187,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.4.17.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.4.17/net/ipv6/raw.c | |
587 | +--- linux-3.4.18.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.4.18/net/ipv6/raw.c | |
589 | 589 | @@ -469,6 +469,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.4.17.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.4.17/net/ipv6/udp.c | |
600 | +--- linux-3.4.18.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.4.18/net/ipv6/udp.c | |
602 | 602 | @@ -362,6 +362,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.4.17.orig/net/socket.c | |
614 | -+++ linux-3.4.17/net/socket.c | |
613 | +--- linux-3.4.18.orig/net/socket.c | |
614 | ++++ linux-3.4.18/net/socket.c | |
615 | 615 | @@ -1553,6 +1553,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.4.17.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.4.17/net/unix/af_unix.c | |
626 | +--- linux-3.4.18.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.4.18/net/unix/af_unix.c | |
628 | 628 | @@ -1794,6 +1794,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.4.17.orig/security/Kconfig | |
640 | -+++ linux-3.4.17/security/Kconfig | |
639 | +--- linux-3.4.18.orig/security/Kconfig | |
640 | ++++ linux-3.4.18/security/Kconfig | |
641 | 641 | @@ -233,5 +233,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.4.17.orig/security/Makefile | |
650 | -+++ linux-3.4.17/security/Makefile | |
649 | +--- linux-3.4.18.orig/security/Makefile | |
650 | ++++ linux-3.4.18/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.4.17.orig/security/security.c | |
659 | -+++ linux-3.4.17/security/security.c | |
658 | +--- linux-3.4.18.orig/security/security.c | |
659 | ++++ linux-3.4.18/security/security.c | |
660 | 660 | @@ -186,7 +186,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 3.6.5. | |
1 | +This is TOMOYO Linux patch for kernel 3.6.6. | |
2 | 2 | |
3 | -Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.5.tar.bz2 | |
3 | +Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.6.tar.bz2 | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 250 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.6.5.orig/fs/exec.c | |
32 | -+++ linux-3.6.5/fs/exec.c | |
31 | +--- linux-3.6.6.orig/fs/exec.c | |
32 | ++++ linux-3.6.6/fs/exec.c | |
33 | 33 | @@ -1551,7 +1551,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.6.5.orig/fs/open.c | |
43 | -+++ linux-3.6.5/fs/open.c | |
42 | +--- linux-3.6.6.orig/fs/open.c | |
43 | ++++ linux-3.6.6/fs/open.c | |
44 | 44 | @@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.6.5.orig/fs/proc/version.c | |
54 | -+++ linux-3.6.5/fs/proc/version.c | |
53 | +--- linux-3.6.6.orig/fs/proc/version.c | |
54 | ++++ linux-3.6.6/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.6.5 2012/11/01\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.6.6 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.6.5.orig/include/linux/init_task.h | |
67 | -+++ linux-3.6.5/include/linux/init_task.h | |
66 | +--- linux-3.6.6.orig/include/linux/init_task.h | |
67 | ++++ linux-3.6.6/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.6.5.orig/include/linux/sched.h | |
92 | -+++ linux-3.6.5/include/linux/sched.h | |
91 | +--- linux-3.6.6.orig/include/linux/sched.h | |
92 | ++++ linux-3.6.6/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.6.5.orig/include/linux/security.h | |
114 | -+++ linux-3.6.5/include/linux/security.h | |
113 | +--- linux-3.6.6.orig/include/linux/security.h | |
114 | ++++ linux-3.6.6/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.6.5.orig/include/net/ip.h | |
317 | -+++ linux-3.6.5/include/net/ip.h | |
316 | +--- linux-3.6.6.orig/include/net/ip.h | |
317 | ++++ linux-3.6.6/include/net/ip.h | |
318 | 318 | @@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.6.5.orig/kernel/fork.c | |
328 | -+++ linux-3.6.5/kernel/fork.c | |
327 | +--- linux-3.6.6.orig/kernel/fork.c | |
328 | ++++ linux-3.6.6/kernel/fork.c | |
329 | 329 | @@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.6.5.orig/kernel/kexec.c | |
356 | -+++ linux-3.6.5/kernel/kexec.c | |
355 | +--- linux-3.6.6.orig/kernel/kexec.c | |
356 | ++++ linux-3.6.6/kernel/kexec.c | |
357 | 357 | @@ -38,6 +38,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* |
373 | 373 | * Verify we have a legal set of flags |
374 | ---- linux-3.6.5.orig/kernel/module.c | |
375 | -+++ linux-3.6.5/kernel/module.c | |
374 | +--- linux-3.6.6.orig/kernel/module.c | |
375 | ++++ linux-3.6.6/kernel/module.c | |
376 | 376 | @@ -58,6 +58,7 @@ |
377 | 377 | #include <linux/jump_label.h> |
378 | 378 | #include <linux/pfn.h> |
@@ -399,8 +399,8 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.6.5.orig/kernel/ptrace.c | |
403 | -+++ linux-3.6.5/kernel/ptrace.c | |
402 | +--- linux-3.6.6.orig/kernel/ptrace.c | |
403 | ++++ linux-3.6.6/kernel/ptrace.c | |
404 | 404 | @@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.6.5.orig/kernel/sched/core.c | |
429 | -+++ linux-3.6.5/kernel/sched/core.c | |
428 | +--- linux-3.6.6.orig/kernel/sched/core.c | |
429 | ++++ linux-3.6.6/kernel/sched/core.c | |
430 | 430 | @@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.6.5.orig/kernel/signal.c | |
440 | -+++ linux-3.6.5/kernel/signal.c | |
439 | +--- linux-3.6.6.orig/kernel/signal.c | |
440 | ++++ linux-3.6.6/kernel/signal.c | |
441 | 441 | @@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.6.5.orig/kernel/sys.c | |
487 | -+++ linux-3.6.5/kernel/sys.c | |
486 | +--- linux-3.6.6.orig/kernel/sys.c | |
487 | ++++ linux-3.6.6/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.6.5.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.6.5/kernel/time/ntp.c | |
526 | +--- linux-3.6.6.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.6.6/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.6.5.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.6.5/net/ipv4/raw.c | |
561 | +--- linux-3.6.6.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.6.6/net/ipv4/raw.c | |
563 | 563 | @@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.6.5.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.6.5/net/ipv4/udp.c | |
574 | +--- linux-3.6.6.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.6.6/net/ipv4/udp.c | |
576 | 576 | @@ -1193,6 +1193,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.6.5.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.6.5/net/ipv6/raw.c | |
587 | +--- linux-3.6.6.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.6.6/net/ipv6/raw.c | |
589 | 589 | @@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.6.5.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.6.5/net/ipv6/udp.c | |
600 | +--- linux-3.6.6.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.6.6/net/ipv6/udp.c | |
602 | 602 | @@ -363,6 +363,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.6.5.orig/net/socket.c | |
614 | -+++ linux-3.6.5/net/socket.c | |
613 | +--- linux-3.6.6.orig/net/socket.c | |
614 | ++++ linux-3.6.6/net/socket.c | |
615 | 615 | @@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.6.5.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.6.5/net/unix/af_unix.c | |
626 | +--- linux-3.6.6.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.6.6/net/unix/af_unix.c | |
628 | 628 | @@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.6.5.orig/security/Kconfig | |
640 | -+++ linux-3.6.5/security/Kconfig | |
639 | +--- linux-3.6.6.orig/security/Kconfig | |
640 | ++++ linux-3.6.6/security/Kconfig | |
641 | 641 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.6.5.orig/security/Makefile | |
650 | -+++ linux-3.6.5/security/Makefile | |
649 | +--- linux-3.6.6.orig/security/Makefile | |
650 | ++++ linux-3.6.6/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.6.5.orig/security/security.c | |
659 | -+++ linux-3.6.5/security/security.c | |
658 | +--- linux-3.6.6.orig/security/security.c | |
659 | ++++ linux-3.6.6/security/security.c | |
660 | 660 | @@ -190,7 +190,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 129 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 246 insertions(+), 48 deletions(-) |
30 | 30 | |
31 | ---- linux-3.5.0-17.28.orig/fs/exec.c | |
32 | -+++ linux-3.5.0-17.28/fs/exec.c | |
31 | +--- linux-3.5.0-18.29.orig/fs/exec.c | |
32 | ++++ linux-3.5.0-18.29/fs/exec.c | |
33 | 33 | @@ -1554,7 +1554,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.5.0-17.28.orig/fs/open.c | |
43 | -+++ linux-3.5.0-17.28/fs/open.c | |
42 | +--- linux-3.5.0-18.29.orig/fs/open.c | |
43 | ++++ linux-3.5.0-18.29/fs/open.c | |
44 | 44 | @@ -1176,6 +1176,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.5.0-17.28.orig/fs/proc/version.c | |
54 | -+++ linux-3.5.0-17.28/fs/proc/version.c | |
53 | +--- linux-3.5.0-18.29.orig/fs/proc/version.c | |
54 | ++++ linux-3.5.0-18.29/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.5.0-17.28 2012/10/13\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.5.0-18.29 2012/11/08\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.5.0-17.28.orig/include/linux/init_task.h | |
67 | -+++ linux-3.5.0-17.28/include/linux/init_task.h | |
66 | +--- linux-3.5.0-18.29.orig/include/linux/init_task.h | |
67 | ++++ linux-3.5.0-18.29/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.5.0-17.28.orig/include/linux/sched.h | |
92 | -+++ linux-3.5.0-17.28/include/linux/sched.h | |
91 | +--- linux-3.5.0-18.29.orig/include/linux/sched.h | |
92 | ++++ linux-3.5.0-18.29/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.5.0-17.28.orig/include/linux/security.h | |
114 | -+++ linux-3.5.0-17.28/include/linux/security.h | |
113 | +--- linux-3.5.0-18.29.orig/include/linux/security.h | |
114 | ++++ linux-3.5.0-18.29/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.5.0-17.28.orig/include/net/ip.h | |
317 | -+++ linux-3.5.0-17.28/include/net/ip.h | |
316 | +--- linux-3.5.0-18.29.orig/include/net/ip.h | |
317 | ++++ linux-3.5.0-18.29/include/net/ip.h | |
318 | 318 | @@ -200,6 +200,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.5.0-17.28.orig/kernel/fork.c | |
328 | -+++ linux-3.5.0-17.28/kernel/fork.c | |
327 | +--- linux-3.5.0-18.29.orig/kernel/fork.c | |
328 | ++++ linux-3.5.0-18.29/kernel/fork.c | |
329 | 329 | @@ -237,6 +237,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.5.0-17.28.orig/kernel/kexec.c | |
356 | -+++ linux-3.5.0-17.28/kernel/kexec.c | |
355 | +--- linux-3.5.0-18.29.orig/kernel/kexec.c | |
356 | ++++ linux-3.5.0-18.29/kernel/kexec.c | |
357 | 357 | @@ -38,6 +38,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* Processes in containers must not be allowed to load a new |
373 | 373 | * kernel, even if they have CAP_SYS_BOOT */ |
374 | ---- linux-3.5.0-17.28.orig/kernel/module.c | |
375 | -+++ linux-3.5.0-17.28/kernel/module.c | |
374 | +--- linux-3.5.0-18.29.orig/kernel/module.c | |
375 | ++++ linux-3.5.0-18.29/kernel/module.c | |
376 | 376 | @@ -58,6 +58,7 @@ |
377 | 377 | #include <linux/jump_label.h> |
378 | 378 | #include <linux/pfn.h> |
@@ -399,8 +399,8 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.5.0-17.28.orig/kernel/ptrace.c | |
403 | -+++ linux-3.5.0-17.28/kernel/ptrace.c | |
402 | +--- linux-3.5.0-18.29.orig/kernel/ptrace.c | |
403 | ++++ linux-3.5.0-18.29/kernel/ptrace.c | |
404 | 404 | @@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.5.0-17.28.orig/kernel/sched/core.c | |
429 | -+++ linux-3.5.0-17.28/kernel/sched/core.c | |
428 | +--- linux-3.5.0-18.29.orig/kernel/sched/core.c | |
429 | ++++ linux-3.5.0-18.29/kernel/sched/core.c | |
430 | 430 | @@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.5.0-17.28.orig/kernel/signal.c | |
440 | -+++ linux-3.5.0-17.28/kernel/signal.c | |
439 | +--- linux-3.5.0-18.29.orig/kernel/signal.c | |
440 | ++++ linux-3.5.0-18.29/kernel/signal.c | |
441 | 441 | @@ -2841,6 +2841,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.5.0-17.28.orig/kernel/sys.c | |
487 | -+++ linux-3.5.0-17.28/kernel/sys.c | |
486 | +--- linux-3.5.0-18.29.orig/kernel/sys.c | |
487 | ++++ linux-3.5.0-18.29/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -496,7 +496,7 @@ | ||
496 | 496 | |
497 | 497 | /* normalize: avoid signed division (rounding problems) */ |
498 | 498 | error = -ESRCH; |
499 | -@@ -446,6 +450,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int | |
499 | +@@ -447,6 +451,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int | |
500 | 500 | magic2 != LINUX_REBOOT_MAGIC2B && |
501 | 501 | magic2 != LINUX_REBOOT_MAGIC2C)) |
502 | 502 | return -EINVAL; |
@@ -505,7 +505,7 @@ | ||
505 | 505 | |
506 | 506 | /* |
507 | 507 | * If pid namespaces are enabled and the current task is in a child |
508 | -@@ -1372,6 +1378,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
508 | +@@ -1373,6 +1379,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
509 | 509 | |
510 | 510 | if (len < 0 || len > __NEW_UTS_LEN) |
511 | 511 | return -EINVAL; |
@@ -514,7 +514,7 @@ | ||
514 | 514 | down_write(&uts_sem); |
515 | 515 | errno = -EFAULT; |
516 | 516 | if (!copy_from_user(tmp, name, len)) { |
517 | -@@ -1422,6 +1430,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
517 | +@@ -1423,6 +1431,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
518 | 518 | return -EPERM; |
519 | 519 | if (len < 0 || len > __NEW_UTS_LEN) |
520 | 520 | return -EINVAL; |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.5.0-17.28.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.5.0-17.28/kernel/time/ntp.c | |
526 | +--- linux-3.5.0-18.29.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.5.0-18.29/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,9 +558,9 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.5.0-17.28.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.5.0-17.28/net/ipv4/raw.c | |
563 | -@@ -697,6 +697,10 @@ static int raw_recvmsg(struct kiocb *ioc | |
561 | +--- linux-3.5.0-18.29.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.5.0-18.29/net/ipv4/raw.c | |
563 | +@@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc | |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
566 | 566 | goto out; |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.5.0-17.28.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.5.0-17.28/net/ipv4/udp.c | |
574 | +--- linux-3.5.0-18.29.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.5.0-18.29/net/ipv4/udp.c | |
576 | 576 | @@ -1188,6 +1188,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,9 +584,9 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.5.0-17.28.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.5.0-17.28/net/ipv6/raw.c | |
589 | -@@ -470,6 +470,10 @@ static int rawv6_recvmsg(struct kiocb *i | |
587 | +--- linux-3.5.0-18.29.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.5.0-18.29/net/ipv6/raw.c | |
589 | +@@ -469,6 +469,10 @@ static int rawv6_recvmsg(struct kiocb *i | |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
592 | 592 | goto out; |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.5.0-17.28.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.5.0-17.28/net/ipv6/udp.c | |
600 | +--- linux-3.5.0-18.29.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.5.0-18.29/net/ipv6/udp.c | |
602 | 602 | @@ -362,6 +362,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.5.0-17.28.orig/net/socket.c | |
614 | -+++ linux-3.5.0-17.28/net/socket.c | |
613 | +--- linux-3.5.0-18.29.orig/net/socket.c | |
614 | ++++ linux-3.5.0-18.29/net/socket.c | |
615 | 615 | @@ -1552,6 +1552,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.5.0-17.28.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.5.0-17.28/net/unix/af_unix.c | |
626 | +--- linux-3.5.0-18.29.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.5.0-18.29/net/unix/af_unix.c | |
628 | 628 | @@ -1804,6 +1804,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.5.0-17.28.orig/security/Kconfig | |
640 | -+++ linux-3.5.0-17.28/security/Kconfig | |
639 | +--- linux-3.5.0-18.29.orig/security/Kconfig | |
640 | ++++ linux-3.5.0-18.29/security/Kconfig | |
641 | 641 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.5.0-17.28.orig/security/Makefile | |
650 | -+++ linux-3.5.0-17.28/security/Makefile | |
649 | +--- linux-3.5.0-18.29.orig/security/Makefile | |
650 | ++++ linux-3.5.0-18.29/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.5.0-17.28.orig/security/security.c | |
659 | -+++ linux-3.5.0-17.28/security/security.c | |
658 | +--- linux-3.5.0-18.29.orig/security/security.c | |
659 | ++++ linux-3.5.0-18.29/security/security.c | |
660 | 660 | @@ -198,7 +198,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for CentOS 6.3. |
2 | 2 | |
3 | -Source code for this patch is http://vault.centos.org/6.3/updates/Source/SPackages/kernel-279.11.1.el6.src.rpm | |
3 | +Source code for this patch is http://vault.centos.org/6.3/updates/Source/SPackages/kernel-2.6.32-279.14.1.el6.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/compat.c | 2 +- |
6 | 6 | fs/compat_ioctl.c | 3 +++ |
@@ -37,8 +37,8 @@ | ||
37 | 37 | security/Makefile | 3 +++ |
38 | 38 | 33 files changed, 205 insertions(+), 2 deletions(-) |
39 | 39 | |
40 | ---- linux-2.6.32-279.11.1.el6.orig/fs/compat.c | |
41 | -+++ linux-2.6.32-279.11.1.el6/fs/compat.c | |
40 | +--- linux-2.6.32-279.14.1.el6.orig/fs/compat.c | |
41 | ++++ linux-2.6.32-279.14.1.el6/fs/compat.c | |
42 | 42 | @@ -1550,7 +1550,7 @@ int compat_do_execve(char * filename, |
43 | 43 | if (retval < 0) |
44 | 44 | goto out; |
@@ -48,8 +48,8 @@ | ||
48 | 48 | if (retval < 0) |
49 | 49 | goto out; |
50 | 50 | |
51 | ---- linux-2.6.32-279.11.1.el6.orig/fs/compat_ioctl.c | |
52 | -+++ linux-2.6.32-279.11.1.el6/fs/compat_ioctl.c | |
51 | +--- linux-2.6.32-279.14.1.el6.orig/fs/compat_ioctl.c | |
52 | ++++ linux-2.6.32-279.14.1.el6/fs/compat_ioctl.c | |
53 | 53 | @@ -114,6 +114,7 @@ |
54 | 54 | #ifdef CONFIG_SPARC |
55 | 55 | #include <asm/fbio.h> |
@@ -67,8 +67,8 @@ | ||
67 | 67 | if (error) |
68 | 68 | goto out_fput; |
69 | 69 | |
70 | ---- linux-2.6.32-279.11.1.el6.orig/fs/exec.c | |
71 | -+++ linux-2.6.32-279.11.1.el6/fs/exec.c | |
70 | +--- linux-2.6.32-279.14.1.el6.orig/fs/exec.c | |
71 | ++++ linux-2.6.32-279.14.1.el6/fs/exec.c | |
72 | 72 | @@ -1435,7 +1435,7 @@ int do_execve(char * filename, |
73 | 73 | goto out; |
74 | 74 |
@@ -78,8 +78,8 @@ | ||
78 | 78 | if (retval < 0) |
79 | 79 | goto out; |
80 | 80 | |
81 | ---- linux-2.6.32-279.11.1.el6.orig/fs/fcntl.c | |
82 | -+++ linux-2.6.32-279.11.1.el6/fs/fcntl.c | |
81 | +--- linux-2.6.32-279.14.1.el6.orig/fs/fcntl.c | |
82 | ++++ linux-2.6.32-279.14.1.el6/fs/fcntl.c | |
83 | 83 | @@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd, |
84 | 84 | goto out; |
85 | 85 |
@@ -98,8 +98,8 @@ | ||
98 | 98 | if (err) { |
99 | 99 | fput(filp); |
100 | 100 | return err; |
101 | ---- linux-2.6.32-279.11.1.el6.orig/fs/ioctl.c | |
102 | -+++ linux-2.6.32-279.11.1.el6/fs/ioctl.c | |
101 | +--- linux-2.6.32-279.14.1.el6.orig/fs/ioctl.c | |
102 | ++++ linux-2.6.32-279.14.1.el6/fs/ioctl.c | |
103 | 103 | @@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd, |
104 | 104 | goto out; |
105 | 105 |
@@ -109,8 +109,8 @@ | ||
109 | 109 | if (error) |
110 | 110 | goto out_fput; |
111 | 111 | |
112 | ---- linux-2.6.32-279.11.1.el6.orig/fs/namei.c | |
113 | -+++ linux-2.6.32-279.11.1.el6/fs/namei.c | |
112 | +--- linux-2.6.32-279.14.1.el6.orig/fs/namei.c | |
113 | ++++ linux-2.6.32-279.14.1.el6/fs/namei.c | |
114 | 114 | @@ -1741,6 +1741,11 @@ int may_open(struct path *path, int acc_ |
115 | 115 | if (flag & O_NOATIME && !is_owner_or_cap(inode)) |
116 | 116 | return -EPERM; |
@@ -198,8 +198,8 @@ | ||
198 | 198 | if (error) |
199 | 199 | goto exit6; |
200 | 200 | error = vfs_rename(old_dir->d_inode, old_dentry, |
201 | ---- linux-2.6.32-279.11.1.el6.orig/fs/namespace.c | |
202 | -+++ linux-2.6.32-279.11.1.el6/fs/namespace.c | |
201 | +--- linux-2.6.32-279.14.1.el6.orig/fs/namespace.c | |
202 | ++++ linux-2.6.32-279.14.1.el6/fs/namespace.c | |
203 | 203 | @@ -1053,6 +1053,8 @@ static int do_umount(struct vfsmount *mn |
204 | 204 | LIST_HEAD(umount_list); |
205 | 205 |
@@ -236,8 +236,8 @@ | ||
236 | 236 | if (error) { |
237 | 237 | path_put(&old); |
238 | 238 | goto out1; |
239 | ---- linux-2.6.32-279.11.1.el6.orig/fs/open.c | |
240 | -+++ linux-2.6.32-279.11.1.el6/fs/open.c | |
239 | +--- linux-2.6.32-279.14.1.el6.orig/fs/open.c | |
240 | ++++ linux-2.6.32-279.14.1.el6/fs/open.c | |
241 | 241 | @@ -113,6 +113,8 @@ static long do_sys_truncate(const char _ |
242 | 242 | error = locks_verify_truncate(inode, NULL, length); |
243 | 243 | if (!error) |
@@ -346,8 +346,8 @@ | ||
346 | 346 | if (capable(CAP_SYS_TTY_CONFIG)) { |
347 | 347 | tty_vhangup_self(); |
348 | 348 | return 0; |
349 | ---- linux-2.6.32-279.11.1.el6.orig/fs/proc/version.c | |
350 | -+++ linux-2.6.32-279.11.1.el6/fs/proc/version.c | |
349 | +--- linux-2.6.32-279.14.1.el6.orig/fs/proc/version.c | |
350 | ++++ linux-2.6.32-279.14.1.el6/fs/proc/version.c | |
351 | 351 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
352 | 352 | return 0; |
353 | 353 | } |
@@ -355,12 +355,12 @@ | ||
355 | 355 | + |
356 | 356 | +static int __init ccs_show_version(void) |
357 | 357 | +{ |
358 | -+ printk(KERN_INFO "Hook version: 2.6.32-279.11.1.el6 2012/10/17\n"); | |
358 | ++ printk(KERN_INFO "Hook version: 2.6.32-279.14.1.el6 2012/11/08\n"); | |
359 | 359 | + return 0; |
360 | 360 | +} |
361 | 361 | +module_init(ccs_show_version); |
362 | ---- linux-2.6.32-279.11.1.el6.orig/fs/stat.c | |
363 | -+++ linux-2.6.32-279.11.1.el6/fs/stat.c | |
362 | +--- linux-2.6.32-279.14.1.el6.orig/fs/stat.c | |
363 | ++++ linux-2.6.32-279.14.1.el6/fs/stat.c | |
364 | 364 | @@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st |
365 | 365 | int retval; |
366 | 366 |
@@ -370,8 +370,8 @@ | ||
370 | 370 | if (retval) |
371 | 371 | return retval; |
372 | 372 | |
373 | ---- linux-2.6.32-279.11.1.el6.orig/include/linux/init_task.h | |
374 | -+++ linux-2.6.32-279.11.1.el6/include/linux/init_task.h | |
373 | +--- linux-2.6.32-279.14.1.el6.orig/include/linux/init_task.h | |
374 | ++++ linux-2.6.32-279.14.1.el6/include/linux/init_task.h | |
375 | 375 | @@ -115,6 +115,14 @@ extern struct cred init_cred; |
376 | 376 | # define INIT_PERF_EVENTS(tsk) |
377 | 377 | #endif |
@@ -395,8 +395,8 @@ | ||
395 | 395 | } |
396 | 396 | |
397 | 397 | |
398 | ---- linux-2.6.32-279.11.1.el6.orig/include/linux/sched.h | |
399 | -+++ linux-2.6.32-279.11.1.el6/include/linux/sched.h | |
398 | +--- linux-2.6.32-279.14.1.el6.orig/include/linux/sched.h | |
399 | ++++ linux-2.6.32-279.14.1.el6/include/linux/sched.h | |
400 | 400 | @@ -43,6 +43,8 @@ |
401 | 401 | |
402 | 402 | #ifdef __KERNEL__ |
@@ -417,8 +417,8 @@ | ||
417 | 417 | }; |
418 | 418 | |
419 | 419 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
420 | ---- linux-2.6.32-279.11.1.el6.orig/include/linux/security.h | |
421 | -+++ linux-2.6.32-279.11.1.el6/include/linux/security.h | |
420 | +--- linux-2.6.32-279.14.1.el6.orig/include/linux/security.h | |
421 | ++++ linux-2.6.32-279.14.1.el6/include/linux/security.h | |
422 | 422 | @@ -35,6 +35,7 @@ |
423 | 423 | #include <linux/xfrm.h> |
424 | 424 | #include <linux/gfp.h> |
@@ -427,8 +427,8 @@ | ||
427 | 427 | |
428 | 428 | /* Maximum number of letters for an LSM name string */ |
429 | 429 | #define SECURITY_NAME_MAX 10 |
430 | ---- linux-2.6.32-279.11.1.el6.orig/include/net/ip.h | |
431 | -+++ linux-2.6.32-279.11.1.el6/include/net/ip.h | |
430 | +--- linux-2.6.32-279.14.1.el6.orig/include/net/ip.h | |
431 | ++++ linux-2.6.32-279.14.1.el6/include/net/ip.h | |
432 | 432 | @@ -30,6 +30,7 @@ |
433 | 433 | #include <net/inet_sock.h> |
434 | 434 | #include <net/snmp.h> |
@@ -446,8 +446,8 @@ | ||
446 | 446 | return test_bit(port, sysctl_local_reserved_ports); |
447 | 447 | } |
448 | 448 | |
449 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/compat.c | |
450 | -+++ linux-2.6.32-279.11.1.el6/kernel/compat.c | |
449 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/compat.c | |
450 | ++++ linux-2.6.32-279.14.1.el6/kernel/compat.c | |
451 | 451 | @@ -924,6 +924,8 @@ asmlinkage long compat_sys_stime(compat_ |
452 | 452 | err = security_settime(&tv, NULL); |
453 | 453 | if (err) |
@@ -457,8 +457,8 @@ | ||
457 | 457 | |
458 | 458 | do_settimeofday(&tv); |
459 | 459 | return 0; |
460 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/fork.c | |
461 | -+++ linux-2.6.32-279.11.1.el6/kernel/fork.c | |
460 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/fork.c | |
461 | ++++ linux-2.6.32-279.14.1.el6/kernel/fork.c | |
462 | 462 | @@ -169,6 +169,7 @@ void __put_task_struct(struct task_struc |
463 | 463 | exit_creds(tsk); |
464 | 464 | delayacct_tsk_free(tsk); |
@@ -485,8 +485,8 @@ | ||
485 | 485 | bad_fork_cleanup_policy: |
486 | 486 | perf_event_free_task(p); |
487 | 487 | #ifdef CONFIG_NUMA |
488 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/kexec.c | |
489 | -+++ linux-2.6.32-279.11.1.el6/kernel/kexec.c | |
488 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/kexec.c | |
489 | ++++ linux-2.6.32-279.14.1.el6/kernel/kexec.c | |
490 | 490 | @@ -40,6 +40,7 @@ |
491 | 491 | #include <asm/system.h> |
492 | 492 | #include <asm/sections.h> |
@@ -504,8 +504,8 @@ | ||
504 | 504 | |
505 | 505 | if (kexec_load_disabled) |
506 | 506 | return -EPERM; |
507 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/module.c | |
508 | -+++ linux-2.6.32-279.11.1.el6/kernel/module.c | |
507 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/module.c | |
508 | ++++ linux-2.6.32-279.14.1.el6/kernel/module.c | |
509 | 509 | @@ -56,6 +56,7 @@ |
510 | 510 | #include <linux/percpu.h> |
511 | 511 | #include <linux/kmemleak.h> |
@@ -532,8 +532,8 @@ | ||
532 | 532 | |
533 | 533 | /* Only one module load at a time, please */ |
534 | 534 | if (mutex_lock_interruptible(&module_mutex) != 0) |
535 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/ptrace.c | |
536 | -+++ linux-2.6.32-279.11.1.el6/kernel/ptrace.c | |
535 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/ptrace.c | |
536 | ++++ linux-2.6.32-279.14.1.el6/kernel/ptrace.c | |
537 | 537 | @@ -195,6 +195,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
538 | 538 | { |
539 | 539 | struct task_struct *child; |
@@ -558,8 +558,8 @@ | ||
558 | 558 | |
559 | 559 | /* |
560 | 560 | * This lock_kernel fixes a subtle race with suid exec |
561 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/sched.c | |
562 | -+++ linux-2.6.32-279.11.1.el6/kernel/sched.c | |
561 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/sched.c | |
562 | ++++ linux-2.6.32-279.14.1.el6/kernel/sched.c | |
563 | 563 | @@ -6672,6 +6672,8 @@ int can_nice(const struct task_struct *p |
564 | 564 | SYSCALL_DEFINE1(nice, int, increment) |
565 | 565 | { |
@@ -569,8 +569,8 @@ | ||
569 | 569 | |
570 | 570 | /* |
571 | 571 | * Setpriority might change our priority at the same moment. |
572 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/signal.c | |
573 | -+++ linux-2.6.32-279.11.1.el6/kernel/signal.c | |
572 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/signal.c | |
573 | ++++ linux-2.6.32-279.14.1.el6/kernel/signal.c | |
574 | 574 | @@ -2288,6 +2288,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
575 | 575 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
576 | 576 | { |
@@ -616,8 +616,8 @@ | ||
616 | 616 | |
617 | 617 | return do_send_specific(tgid, pid, sig, info); |
618 | 618 | } |
619 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/sys.c | |
620 | -+++ linux-2.6.32-279.11.1.el6/kernel/sys.c | |
619 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/sys.c | |
620 | ++++ linux-2.6.32-279.14.1.el6/kernel/sys.c | |
621 | 621 | @@ -157,6 +157,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
622 | 622 | |
623 | 623 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -656,8 +656,8 @@ | ||
656 | 656 | |
657 | 657 | down_write(&uts_sem); |
658 | 658 | errno = -EFAULT; |
659 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/sysctl.c | |
660 | -+++ linux-2.6.32-279.11.1.el6/kernel/sysctl.c | |
659 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/sysctl.c | |
660 | ++++ linux-2.6.32-279.14.1.el6/kernel/sysctl.c | |
661 | 661 | @@ -2035,6 +2035,9 @@ int do_sysctl(int __user *name, int nlen |
662 | 662 | |
663 | 663 | for (head = sysctl_head_next(NULL); head; |
@@ -668,8 +668,8 @@ | ||
668 | 668 | error = parse_table(name, nlen, oldval, oldlenp, |
669 | 669 | newval, newlen, |
670 | 670 | head->root, head->ctl_table); |
671 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/time.c | |
672 | -+++ linux-2.6.32-279.11.1.el6/kernel/time.c | |
671 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/time.c | |
672 | ++++ linux-2.6.32-279.14.1.el6/kernel/time.c | |
673 | 673 | @@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *, |
674 | 674 | err = security_settime(&tv, NULL); |
675 | 675 | if (err) |
@@ -688,8 +688,8 @@ | ||
688 | 688 | |
689 | 689 | if (tz) { |
690 | 690 | /* SMP safe, global irq locking makes it work. */ |
691 | ---- linux-2.6.32-279.11.1.el6.orig/kernel/time/ntp.c | |
692 | -+++ linux-2.6.32-279.11.1.el6/kernel/time/ntp.c | |
691 | +--- linux-2.6.32-279.14.1.el6.orig/kernel/time/ntp.c | |
692 | ++++ linux-2.6.32-279.14.1.el6/kernel/time/ntp.c | |
693 | 693 | @@ -14,6 +14,7 @@ |
694 | 694 | #include <linux/timex.h> |
695 | 695 | #include <linux/time.h> |
@@ -714,8 +714,8 @@ | ||
714 | 714 | |
715 | 715 | /* |
716 | 716 | * if the quartz is off by more than 10% then |
717 | ---- linux-2.6.32-279.11.1.el6.orig/net/ipv4/raw.c | |
718 | -+++ linux-2.6.32-279.11.1.el6/net/ipv4/raw.c | |
717 | +--- linux-2.6.32-279.14.1.el6.orig/net/ipv4/raw.c | |
718 | ++++ linux-2.6.32-279.14.1.el6/net/ipv4/raw.c | |
719 | 719 | @@ -77,6 +77,7 @@ |
720 | 720 | #include <linux/seq_file.h> |
721 | 721 | #include <linux/netfilter.h> |
@@ -735,8 +735,8 @@ | ||
735 | 735 | |
736 | 736 | copied = skb->len; |
737 | 737 | if (len < copied) { |
738 | ---- linux-2.6.32-279.11.1.el6.orig/net/ipv4/udp.c | |
739 | -+++ linux-2.6.32-279.11.1.el6/net/ipv4/udp.c | |
738 | +--- linux-2.6.32-279.14.1.el6.orig/net/ipv4/udp.c | |
739 | ++++ linux-2.6.32-279.14.1.el6/net/ipv4/udp.c | |
740 | 740 | @@ -106,6 +106,7 @@ |
741 | 741 | #include <net/xfrm.h> |
742 | 742 | #include <trace/events/udp.h> |
@@ -756,8 +756,8 @@ | ||
756 | 756 | |
757 | 757 | ulen = skb->len - sizeof(struct udphdr); |
758 | 758 | copied = len; |
759 | ---- linux-2.6.32-279.11.1.el6.orig/net/ipv6/raw.c | |
760 | -+++ linux-2.6.32-279.11.1.el6/net/ipv6/raw.c | |
759 | +--- linux-2.6.32-279.14.1.el6.orig/net/ipv6/raw.c | |
760 | ++++ linux-2.6.32-279.14.1.el6/net/ipv6/raw.c | |
761 | 761 | @@ -59,6 +59,7 @@ |
762 | 762 | |
763 | 763 | #include <linux/proc_fs.h> |
@@ -777,8 +777,8 @@ | ||
777 | 777 | |
778 | 778 | copied = skb->len; |
779 | 779 | if (copied > len) { |
780 | ---- linux-2.6.32-279.11.1.el6.orig/net/ipv6/udp.c | |
781 | -+++ linux-2.6.32-279.11.1.el6/net/ipv6/udp.c | |
780 | +--- linux-2.6.32-279.14.1.el6.orig/net/ipv6/udp.c | |
781 | ++++ linux-2.6.32-279.14.1.el6/net/ipv6/udp.c | |
782 | 782 | @@ -48,6 +48,7 @@ |
783 | 783 | #include <linux/proc_fs.h> |
784 | 784 | #include <linux/seq_file.h> |
@@ -798,8 +798,8 @@ | ||
798 | 798 | |
799 | 799 | ulen = skb->len - sizeof(struct udphdr); |
800 | 800 | copied = len; |
801 | ---- linux-2.6.32-279.11.1.el6.orig/net/socket.c | |
802 | -+++ linux-2.6.32-279.11.1.el6/net/socket.c | |
801 | +--- linux-2.6.32-279.14.1.el6.orig/net/socket.c | |
802 | ++++ linux-2.6.32-279.14.1.el6/net/socket.c | |
803 | 803 | @@ -570,6 +570,8 @@ static inline int __sock_sendmsg(struct |
804 | 804 | struct msghdr *msg, size_t size) |
805 | 805 | { |
@@ -860,8 +860,8 @@ | ||
860 | 860 | if (err) |
861 | 861 | goto out_put; |
862 | 862 | |
863 | ---- linux-2.6.32-279.11.1.el6.orig/net/unix/af_unix.c | |
864 | -+++ linux-2.6.32-279.11.1.el6/net/unix/af_unix.c | |
863 | +--- linux-2.6.32-279.14.1.el6.orig/net/unix/af_unix.c | |
864 | ++++ linux-2.6.32-279.14.1.el6/net/unix/af_unix.c | |
865 | 865 | @@ -838,6 +838,9 @@ static int unix_bind(struct socket *sock |
866 | 866 | if (err) |
867 | 867 | goto out_mknod_dput; |
@@ -883,8 +883,8 @@ | ||
883 | 883 | if (msg->msg_name) |
884 | 884 | unix_copy_addr(msg, skb->sk); |
885 | 885 | |
886 | ---- linux-2.6.32-279.11.1.el6.orig/security/Kconfig | |
887 | -+++ linux-2.6.32-279.11.1.el6/security/Kconfig | |
886 | +--- linux-2.6.32-279.14.1.el6.orig/security/Kconfig | |
887 | ++++ linux-2.6.32-279.14.1.el6/security/Kconfig | |
888 | 888 | @@ -177,5 +177,7 @@ source security/tomoyo/Kconfig |
889 | 889 | |
890 | 890 | source security/integrity/ima/Kconfig |
@@ -893,8 +893,8 @@ | ||
893 | 893 | + |
894 | 894 | endmenu |
895 | 895 | |
896 | ---- linux-2.6.32-279.11.1.el6.orig/security/Makefile | |
897 | -+++ linux-2.6.32-279.11.1.el6/security/Makefile | |
896 | +--- linux-2.6.32-279.14.1.el6.orig/security/Makefile | |
897 | ++++ linux-2.6.32-279.14.1.el6/security/Makefile | |
898 | 898 | @@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
899 | 899 | # Object integrity file lists |
900 | 900 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for Fedora 16. |
2 | 2 | |
3 | -Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/16/SRPMS/kernel-3.6.2-1.fc16.src.rpm | |
3 | +Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/16/SRPMS/kernel-3.6.6-1.fc16.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,9 +28,9 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 250 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.6.2-1.fc16.orig/fs/exec.c | |
32 | -+++ linux-3.6.2-1.fc16/fs/exec.c | |
33 | -@@ -1550,7 +1550,7 @@ static int do_execve_common(const char * | |
31 | +--- linux-3.6.6-1.fc16.orig/fs/exec.c | |
32 | ++++ linux-3.6.6-1.fc16/fs/exec.c | |
33 | +@@ -1551,7 +1551,7 @@ static int do_execve_common(const char * | |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
36 | 36 |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.6.2-1.fc16.orig/fs/open.c | |
43 | -+++ linux-3.6.2-1.fc16/fs/open.c | |
42 | +--- linux-3.6.6-1.fc16.orig/fs/open.c | |
43 | ++++ linux-3.6.6-1.fc16/fs/open.c | |
44 | 44 | @@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.6.2-1.fc16.orig/fs/proc/version.c | |
54 | -+++ linux-3.6.2-1.fc16/fs/proc/version.c | |
53 | +--- linux-3.6.6-1.fc16.orig/fs/proc/version.c | |
54 | ++++ linux-3.6.6-1.fc16/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.6.2-1.fc16 2012/10/27\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.6.6-1.fc16 2012/11/10\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.6.2-1.fc16.orig/include/linux/init_task.h | |
67 | -+++ linux-3.6.2-1.fc16/include/linux/init_task.h | |
66 | +--- linux-3.6.6-1.fc16.orig/include/linux/init_task.h | |
67 | ++++ linux-3.6.6-1.fc16/include/linux/init_task.h | |
68 | 68 | @@ -143,6 +143,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.6.2-1.fc16.orig/include/linux/sched.h | |
92 | -+++ linux-3.6.2-1.fc16/include/linux/sched.h | |
91 | +--- linux-3.6.6-1.fc16.orig/include/linux/sched.h | |
92 | ++++ linux-3.6.6-1.fc16/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.6.2-1.fc16.orig/include/linux/security.h | |
114 | -+++ linux-3.6.2-1.fc16/include/linux/security.h | |
113 | +--- linux-3.6.6-1.fc16.orig/include/linux/security.h | |
114 | ++++ linux-3.6.6-1.fc16/include/linux/security.h | |
115 | 115 | @@ -52,6 +52,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -313,8 +313,8 @@ | ||
313 | 313 | } |
314 | 314 | #endif /* CONFIG_SECURITY_PATH */ |
315 | 315 | |
316 | ---- linux-3.6.2-1.fc16.orig/include/net/ip.h | |
317 | -+++ linux-3.6.2-1.fc16/include/net/ip.h | |
316 | +--- linux-3.6.6-1.fc16.orig/include/net/ip.h | |
317 | ++++ linux-3.6.6-1.fc16/include/net/ip.h | |
318 | 318 | @@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in |
319 | 319 | extern unsigned long *sysctl_local_reserved_ports; |
320 | 320 | static inline int inet_is_reserved_local_port(int port) |
@@ -324,8 +324,8 @@ | ||
324 | 324 | return test_bit(port, sysctl_local_reserved_ports); |
325 | 325 | } |
326 | 326 | |
327 | ---- linux-3.6.2-1.fc16.orig/kernel/fork.c | |
328 | -+++ linux-3.6.2-1.fc16/kernel/fork.c | |
327 | +--- linux-3.6.6-1.fc16.orig/kernel/fork.c | |
328 | ++++ linux-3.6.6-1.fc16/kernel/fork.c | |
329 | 329 | @@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc |
330 | 330 | delayacct_tsk_free(tsk); |
331 | 331 | put_signal_struct(tsk->signal); |
@@ -352,8 +352,8 @@ | ||
352 | 352 | bad_fork_cleanup_policy: |
353 | 353 | perf_event_free_task(p); |
354 | 354 | #ifdef CONFIG_NUMA |
355 | ---- linux-3.6.2-1.fc16.orig/kernel/kexec.c | |
356 | -+++ linux-3.6.2-1.fc16/kernel/kexec.c | |
355 | +--- linux-3.6.6-1.fc16.orig/kernel/kexec.c | |
356 | ++++ linux-3.6.6-1.fc16/kernel/kexec.c | |
357 | 357 | @@ -38,6 +38,7 @@ |
358 | 358 | #include <asm/uaccess.h> |
359 | 359 | #include <asm/io.h> |
@@ -371,8 +371,8 @@ | ||
371 | 371 | |
372 | 372 | /* |
373 | 373 | * Verify we have a legal set of flags |
374 | ---- linux-3.6.2-1.fc16.orig/kernel/module.c | |
375 | -+++ linux-3.6.2-1.fc16/kernel/module.c | |
374 | +--- linux-3.6.6-1.fc16.orig/kernel/module.c | |
375 | ++++ linux-3.6.6-1.fc16/kernel/module.c | |
376 | 376 | @@ -58,6 +58,7 @@ |
377 | 377 | #include <linux/jump_label.h> |
378 | 378 | #include <linux/pfn.h> |
@@ -390,7 +390,7 @@ | ||
390 | 390 | |
391 | 391 | if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) |
392 | 392 | return -EFAULT; |
393 | -@@ -3020,6 +3023,8 @@ SYSCALL_DEFINE3(init_module, void __user | |
393 | +@@ -3024,6 +3027,8 @@ SYSCALL_DEFINE3(init_module, void __user | |
394 | 394 | /* Must have permission */ |
395 | 395 | if (!capable(CAP_SYS_MODULE) || modules_disabled) |
396 | 396 | return -EPERM; |
@@ -399,8 +399,8 @@ | ||
399 | 399 | |
400 | 400 | /* Do all the hard work */ |
401 | 401 | mod = load_module(umod, len, uargs); |
402 | ---- linux-3.6.2-1.fc16.orig/kernel/ptrace.c | |
403 | -+++ linux-3.6.2-1.fc16/kernel/ptrace.c | |
402 | +--- linux-3.6.6-1.fc16.orig/kernel/ptrace.c | |
403 | ++++ linux-3.6.6-1.fc16/kernel/ptrace.c | |
404 | 404 | @@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 | 405 | { |
406 | 406 | struct task_struct *child; |
@@ -425,8 +425,8 @@ | ||
425 | 425 | |
426 | 426 | if (request == PTRACE_TRACEME) { |
427 | 427 | ret = ptrace_traceme(); |
428 | ---- linux-3.6.2-1.fc16.orig/kernel/sched/core.c | |
429 | -+++ linux-3.6.2-1.fc16/kernel/sched/core.c | |
428 | +--- linux-3.6.6-1.fc16.orig/kernel/sched/core.c | |
429 | ++++ linux-3.6.6-1.fc16/kernel/sched/core.c | |
430 | 430 | @@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p |
431 | 431 | SYSCALL_DEFINE1(nice, int, increment) |
432 | 432 | { |
@@ -436,8 +436,8 @@ | ||
436 | 436 | |
437 | 437 | /* |
438 | 438 | * Setpriority might change our priority at the same moment. |
439 | ---- linux-3.6.2-1.fc16.orig/kernel/signal.c | |
440 | -+++ linux-3.6.2-1.fc16/kernel/signal.c | |
439 | +--- linux-3.6.6-1.fc16.orig/kernel/signal.c | |
440 | ++++ linux-3.6.6-1.fc16/kernel/signal.c | |
441 | 441 | @@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 | 442 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 | 443 | { |
@@ -483,8 +483,8 @@ | ||
483 | 483 | |
484 | 484 | return do_send_specific(tgid, pid, sig, info); |
485 | 485 | } |
486 | ---- linux-3.6.2-1.fc16.orig/kernel/sys.c | |
487 | -+++ linux-3.6.2-1.fc16/kernel/sys.c | |
486 | +--- linux-3.6.6-1.fc16.orig/kernel/sys.c | |
487 | ++++ linux-3.6.6-1.fc16/kernel/sys.c | |
488 | 488 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 | 489 | |
490 | 490 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -505,7 +505,7 @@ | ||
505 | 505 | |
506 | 506 | /* |
507 | 507 | * If pid namespaces are enabled and the current task is in a child |
508 | -@@ -1373,6 +1379,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
508 | +@@ -1375,6 +1381,8 @@ SYSCALL_DEFINE2(sethostname, char __user | |
509 | 509 | |
510 | 510 | if (len < 0 || len > __NEW_UTS_LEN) |
511 | 511 | return -EINVAL; |
@@ -514,7 +514,7 @@ | ||
514 | 514 | down_write(&uts_sem); |
515 | 515 | errno = -EFAULT; |
516 | 516 | if (!copy_from_user(tmp, name, len)) { |
517 | -@@ -1423,6 +1431,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
517 | +@@ -1425,6 +1433,8 @@ SYSCALL_DEFINE2(setdomainname, char __us | |
518 | 518 | return -EPERM; |
519 | 519 | if (len < 0 || len > __NEW_UTS_LEN) |
520 | 520 | return -EINVAL; |
@@ -523,8 +523,8 @@ | ||
523 | 523 | |
524 | 524 | down_write(&uts_sem); |
525 | 525 | errno = -EFAULT; |
526 | ---- linux-3.6.2-1.fc16.orig/kernel/time/ntp.c | |
527 | -+++ linux-3.6.2-1.fc16/kernel/time/ntp.c | |
526 | +--- linux-3.6.6-1.fc16.orig/kernel/time/ntp.c | |
527 | ++++ linux-3.6.6-1.fc16/kernel/time/ntp.c | |
528 | 528 | @@ -15,6 +15,7 @@ |
529 | 529 | #include <linux/time.h> |
530 | 530 | #include <linux/mm.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | if (!(txc->modes & ADJ_NANO)) |
559 | 559 | delta.tv_nsec *= 1000; |
560 | 560 | result = timekeeping_inject_offset(&delta); |
561 | ---- linux-3.6.2-1.fc16.orig/net/ipv4/raw.c | |
562 | -+++ linux-3.6.2-1.fc16/net/ipv4/raw.c | |
561 | +--- linux-3.6.6-1.fc16.orig/net/ipv4/raw.c | |
562 | ++++ linux-3.6.6-1.fc16/net/ipv4/raw.c | |
563 | 563 | @@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-3.6.2-1.fc16.orig/net/ipv4/udp.c | |
575 | -+++ linux-3.6.2-1.fc16/net/ipv4/udp.c | |
574 | +--- linux-3.6.6-1.fc16.orig/net/ipv4/udp.c | |
575 | ++++ linux-3.6.6-1.fc16/net/ipv4/udp.c | |
576 | 576 | @@ -1193,6 +1193,10 @@ try_again: |
577 | 577 | &peeked, &off, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | copied = len; |
587 | ---- linux-3.6.2-1.fc16.orig/net/ipv6/raw.c | |
588 | -+++ linux-3.6.2-1.fc16/net/ipv6/raw.c | |
587 | +--- linux-3.6.6-1.fc16.orig/net/ipv6/raw.c | |
588 | ++++ linux-3.6.6-1.fc16/net/ipv6/raw.c | |
589 | 589 | @@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-3.6.2-1.fc16.orig/net/ipv6/udp.c | |
601 | -+++ linux-3.6.2-1.fc16/net/ipv6/udp.c | |
600 | +--- linux-3.6.6-1.fc16.orig/net/ipv6/udp.c | |
601 | ++++ linux-3.6.6-1.fc16/net/ipv6/udp.c | |
602 | 602 | @@ -363,6 +363,10 @@ try_again: |
603 | 603 | &peeked, &off, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | copied = len; |
613 | ---- linux-3.6.2-1.fc16.orig/net/socket.c | |
614 | -+++ linux-3.6.2-1.fc16/net/socket.c | |
613 | +--- linux-3.6.6-1.fc16.orig/net/socket.c | |
614 | ++++ linux-3.6.6-1.fc16/net/socket.c | |
615 | 615 | @@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-3.6.2-1.fc16.orig/net/unix/af_unix.c | |
627 | -+++ linux-3.6.2-1.fc16/net/unix/af_unix.c | |
626 | +--- linux-3.6.6-1.fc16.orig/net/unix/af_unix.c | |
627 | ++++ linux-3.6.6-1.fc16/net/unix/af_unix.c | |
628 | 628 | @@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | wake_up_interruptible_sync_poll(&u->peer_wait, |
630 | 630 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-3.6.2-1.fc16.orig/security/Kconfig | |
640 | -+++ linux-3.6.2-1.fc16/security/Kconfig | |
639 | +--- linux-3.6.6-1.fc16.orig/security/Kconfig | |
640 | ++++ linux-3.6.6-1.fc16/security/Kconfig | |
641 | 641 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "yama" if DEFAULT_SECURITY_YAMA |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-3.6.2-1.fc16.orig/security/Makefile | |
650 | -+++ linux-3.6.2-1.fc16/security/Makefile | |
649 | +--- linux-3.6.6-1.fc16.orig/security/Makefile | |
650 | ++++ linux-3.6.6-1.fc16/security/Makefile | |
651 | 651 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-3.6.2-1.fc16.orig/security/security.c | |
659 | -+++ linux-3.6.2-1.fc16/security/security.c | |
658 | +--- linux-3.6.6-1.fc16.orig/security/security.c | |
659 | ++++ linux-3.6.6-1.fc16/security/security.c | |
660 | 660 | @@ -190,7 +190,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for openSUSE 11.4. |
2 | 2 | |
3 | -Source code for this patch is http://download.opensuse.org/update/11.4/rpm/src/kernel-source-2.6.37.6-0.20.1.src.rpm | |
3 | +Source code for this patch is http://download.opensuse.org/update/11.4/rpm/src/kernel-source-2.6.37.6-24.1.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/compat.c | 2 |
6 | 6 | fs/exec.c | 2 |
@@ -29,8 +29,8 @@ | ||
29 | 29 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
30 | 30 | 25 files changed, 246 insertions(+), 50 deletions(-) |
31 | 31 | |
32 | ---- linux-2.6.37.6-0.20.1.orig/fs/compat.c | |
33 | -+++ linux-2.6.37.6-0.20.1/fs/compat.c | |
32 | +--- linux-2.6.37.6-24.1.orig/fs/compat.c | |
33 | ++++ linux-2.6.37.6-24.1/fs/compat.c | |
34 | 34 | @@ -1525,7 +1525,7 @@ int compat_do_execve(char * filename, |
35 | 35 | if (retval < 0) |
36 | 36 | goto out; |
@@ -40,8 +40,8 @@ | ||
40 | 40 | if (retval < 0) |
41 | 41 | goto out; |
42 | 42 | |
43 | ---- linux-2.6.37.6-0.20.1.orig/fs/exec.c | |
44 | -+++ linux-2.6.37.6-0.20.1/fs/exec.c | |
43 | +--- linux-2.6.37.6-24.1.orig/fs/exec.c | |
44 | ++++ linux-2.6.37.6-24.1/fs/exec.c | |
45 | 45 | @@ -1443,7 +1443,7 @@ int do_execve(const char * filename, |
46 | 46 | if (retval < 0) |
47 | 47 | goto out; |
@@ -51,8 +51,8 @@ | ||
51 | 51 | if (retval < 0) |
52 | 52 | goto out; |
53 | 53 | |
54 | ---- linux-2.6.37.6-0.20.1.orig/fs/open.c | |
55 | -+++ linux-2.6.37.6-0.20.1/fs/open.c | |
54 | +--- linux-2.6.37.6-24.1.orig/fs/open.c | |
55 | ++++ linux-2.6.37.6-24.1/fs/open.c | |
56 | 56 | @@ -1007,6 +1007,8 @@ EXPORT_SYMBOL(sys_close); |
57 | 57 | */ |
58 | 58 | SYSCALL_DEFINE0(vhangup) |
@@ -62,8 +62,8 @@ | ||
62 | 62 | if (capable(CAP_SYS_TTY_CONFIG)) { |
63 | 63 | tty_vhangup_self(); |
64 | 64 | return 0; |
65 | ---- linux-2.6.37.6-0.20.1.orig/fs/proc/version.c | |
66 | -+++ linux-2.6.37.6-0.20.1/fs/proc/version.c | |
65 | +--- linux-2.6.37.6-24.1.orig/fs/proc/version.c | |
66 | ++++ linux-2.6.37.6-24.1/fs/proc/version.c | |
67 | 67 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
68 | 68 | return 0; |
69 | 69 | } |
@@ -71,12 +71,12 @@ | ||
71 | 71 | + |
72 | 72 | +static int __init ccs_show_version(void) |
73 | 73 | +{ |
74 | -+ printk(KERN_INFO "Hook version: 2.6.37.6-0.20.1 2012/06/29\n"); | |
74 | ++ printk(KERN_INFO "Hook version: 2.6.37.6-24.1 2012/11/08\n"); | |
75 | 75 | + return 0; |
76 | 76 | +} |
77 | 77 | +module_init(ccs_show_version); |
78 | ---- linux-2.6.37.6-0.20.1.orig/include/linux/init_task.h | |
79 | -+++ linux-2.6.37.6-0.20.1/include/linux/init_task.h | |
78 | +--- linux-2.6.37.6-24.1.orig/include/linux/init_task.h | |
79 | ++++ linux-2.6.37.6-24.1/include/linux/init_task.h | |
80 | 80 | @@ -110,6 +110,14 @@ extern struct cred init_cred; |
81 | 81 | # define INIT_PERF_EVENTS(tsk) |
82 | 82 | #endif |
@@ -100,8 +100,8 @@ | ||
100 | 100 | } |
101 | 101 | |
102 | 102 | |
103 | ---- linux-2.6.37.6-0.20.1.orig/include/linux/sched.h | |
104 | -+++ linux-2.6.37.6-0.20.1/include/linux/sched.h | |
103 | +--- linux-2.6.37.6-24.1.orig/include/linux/sched.h | |
104 | ++++ linux-2.6.37.6-24.1/include/linux/sched.h | |
105 | 105 | @@ -43,6 +43,8 @@ |
106 | 106 | |
107 | 107 | #ifdef __KERNEL__ |
@@ -122,8 +122,8 @@ | ||
122 | 122 | }; |
123 | 123 | |
124 | 124 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
125 | ---- linux-2.6.37.6-0.20.1.orig/include/linux/security.h | |
126 | -+++ linux-2.6.37.6-0.20.1/include/linux/security.h | |
125 | +--- linux-2.6.37.6-24.1.orig/include/linux/security.h | |
126 | ++++ linux-2.6.37.6-24.1/include/linux/security.h | |
127 | 127 | @@ -36,6 +36,7 @@ |
128 | 128 | #include <linux/xfrm.h> |
129 | 129 | #include <linux/slab.h> |
@@ -322,8 +322,8 @@ | ||
322 | 322 | } |
323 | 323 | #endif /* CONFIG_SECURITY_PATH */ |
324 | 324 | |
325 | ---- linux-2.6.37.6-0.20.1.orig/include/net/ip.h | |
326 | -+++ linux-2.6.37.6-0.20.1/include/net/ip.h | |
325 | +--- linux-2.6.37.6-24.1.orig/include/net/ip.h | |
326 | ++++ linux-2.6.37.6-24.1/include/net/ip.h | |
327 | 327 | @@ -198,6 +198,8 @@ extern void inet_get_local_port_range(in |
328 | 328 | extern unsigned long *sysctl_local_reserved_ports; |
329 | 329 | static inline int inet_is_reserved_local_port(int port) |
@@ -333,8 +333,8 @@ | ||
333 | 333 | return test_bit(port, sysctl_local_reserved_ports); |
334 | 334 | } |
335 | 335 | |
336 | ---- linux-2.6.37.6-0.20.1.orig/kernel/fork.c | |
337 | -+++ linux-2.6.37.6-0.20.1/kernel/fork.c | |
336 | +--- linux-2.6.37.6-24.1.orig/kernel/fork.c | |
337 | ++++ linux-2.6.37.6-24.1/kernel/fork.c | |
338 | 338 | @@ -189,6 +189,7 @@ void __put_task_struct(struct task_struc |
339 | 339 | delayacct_tsk_free(tsk); |
340 | 340 | put_signal_struct(tsk->signal); |
@@ -361,8 +361,8 @@ | ||
361 | 361 | bad_fork_cleanup_policy: |
362 | 362 | perf_event_free_task(p); |
363 | 363 | #ifdef CONFIG_NUMA |
364 | ---- linux-2.6.37.6-0.20.1.orig/kernel/kexec.c | |
365 | -+++ linux-2.6.37.6-0.20.1/kernel/kexec.c | |
364 | +--- linux-2.6.37.6-24.1.orig/kernel/kexec.c | |
365 | ++++ linux-2.6.37.6-24.1/kernel/kexec.c | |
366 | 366 | @@ -39,6 +39,7 @@ |
367 | 367 | #include <asm/io.h> |
368 | 368 | #include <asm/system.h> |
@@ -380,8 +380,8 @@ | ||
380 | 380 | |
381 | 381 | /* |
382 | 382 | * Verify we have a legal set of flags |
383 | ---- linux-2.6.37.6-0.20.1.orig/kernel/module.c | |
384 | -+++ linux-2.6.37.6-0.20.1/kernel/module.c | |
383 | +--- linux-2.6.37.6-24.1.orig/kernel/module.c | |
384 | ++++ linux-2.6.37.6-24.1/kernel/module.c | |
385 | 385 | @@ -57,6 +57,7 @@ |
386 | 386 | #include <linux/percpu.h> |
387 | 387 | #include <linux/kmemleak.h> |
@@ -408,8 +408,8 @@ | ||
408 | 408 | |
409 | 409 | /* Do all the hard work */ |
410 | 410 | mod = load_module(umod, len, uargs); |
411 | ---- linux-2.6.37.6-0.20.1.orig/kernel/ptrace.c | |
412 | -+++ linux-2.6.37.6-0.20.1/kernel/ptrace.c | |
411 | +--- linux-2.6.37.6-24.1.orig/kernel/ptrace.c | |
412 | ++++ linux-2.6.37.6-24.1/kernel/ptrace.c | |
413 | 413 | @@ -713,6 +713,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
414 | 414 | { |
415 | 415 | struct task_struct *child; |
@@ -434,8 +434,8 @@ | ||
434 | 434 | |
435 | 435 | if (request == PTRACE_TRACEME) { |
436 | 436 | ret = ptrace_traceme(); |
437 | ---- linux-2.6.37.6-0.20.1.orig/kernel/sched.c | |
438 | -+++ linux-2.6.37.6-0.20.1/kernel/sched.c | |
437 | +--- linux-2.6.37.6-24.1.orig/kernel/sched.c | |
438 | ++++ linux-2.6.37.6-24.1/kernel/sched.c | |
439 | 439 | @@ -4805,6 +4805,8 @@ int can_nice(const struct task_struct *p |
440 | 440 | SYSCALL_DEFINE1(nice, int, increment) |
441 | 441 | { |
@@ -445,8 +445,8 @@ | ||
445 | 445 | |
446 | 446 | /* |
447 | 447 | * Setpriority might change our priority at the same moment. |
448 | ---- linux-2.6.37.6-0.20.1.orig/kernel/signal.c | |
449 | -+++ linux-2.6.37.6-0.20.1/kernel/signal.c | |
448 | +--- linux-2.6.37.6-24.1.orig/kernel/signal.c | |
449 | ++++ linux-2.6.37.6-24.1/kernel/signal.c | |
450 | 450 | @@ -2328,6 +2328,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
451 | 451 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
452 | 452 | { |
@@ -492,8 +492,8 @@ | ||
492 | 492 | |
493 | 493 | return do_send_specific(tgid, pid, sig, info); |
494 | 494 | } |
495 | ---- linux-2.6.37.6-0.20.1.orig/kernel/sys.c | |
496 | -+++ linux-2.6.37.6-0.20.1/kernel/sys.c | |
495 | +--- linux-2.6.37.6-24.1.orig/kernel/sys.c | |
496 | ++++ linux-2.6.37.6-24.1/kernel/sys.c | |
497 | 497 | @@ -156,6 +156,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
498 | 498 | |
499 | 499 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -532,8 +532,8 @@ | ||
532 | 532 | |
533 | 533 | down_write(&uts_sem); |
534 | 534 | errno = -EFAULT; |
535 | ---- linux-2.6.37.6-0.20.1.orig/kernel/time/ntp.c | |
536 | -+++ linux-2.6.37.6-0.20.1/kernel/time/ntp.c | |
535 | +--- linux-2.6.37.6-24.1.orig/kernel/time/ntp.c | |
536 | ++++ linux-2.6.37.6-24.1/kernel/time/ntp.c | |
537 | 537 | @@ -14,6 +14,7 @@ |
538 | 538 | #include <linux/timex.h> |
539 | 539 | #include <linux/time.h> |
@@ -558,8 +558,8 @@ | ||
558 | 558 | |
559 | 559 | /* |
560 | 560 | * if the quartz is off by more than 10% then |
561 | ---- linux-2.6.37.6-0.20.1.orig/net/ipv4/raw.c | |
562 | -+++ linux-2.6.37.6-0.20.1/net/ipv4/raw.c | |
561 | +--- linux-2.6.37.6-24.1.orig/net/ipv4/raw.c | |
562 | ++++ linux-2.6.37.6-24.1/net/ipv4/raw.c | |
563 | 563 | @@ -681,6 +681,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 | 564 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 | 565 | if (!skb) |
@@ -571,8 +571,8 @@ | ||
571 | 571 | |
572 | 572 | copied = skb->len; |
573 | 573 | if (len < copied) { |
574 | ---- linux-2.6.37.6-0.20.1.orig/net/ipv4/udp.c | |
575 | -+++ linux-2.6.37.6-0.20.1/net/ipv4/udp.c | |
574 | +--- linux-2.6.37.6-24.1.orig/net/ipv4/udp.c | |
575 | ++++ linux-2.6.37.6-24.1/net/ipv4/udp.c | |
576 | 576 | @@ -1140,6 +1140,10 @@ try_again: |
577 | 577 | &peeked, &err); |
578 | 578 | if (!skb) |
@@ -584,8 +584,8 @@ | ||
584 | 584 | |
585 | 585 | ulen = skb->len - sizeof(struct udphdr); |
586 | 586 | if (len > ulen) |
587 | ---- linux-2.6.37.6-0.20.1.orig/net/ipv6/raw.c | |
588 | -+++ linux-2.6.37.6-0.20.1/net/ipv6/raw.c | |
587 | +--- linux-2.6.37.6-24.1.orig/net/ipv6/raw.c | |
588 | ++++ linux-2.6.37.6-24.1/net/ipv6/raw.c | |
589 | 589 | @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 | 590 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 | 591 | if (!skb) |
@@ -597,8 +597,8 @@ | ||
597 | 597 | |
598 | 598 | copied = skb->len; |
599 | 599 | if (copied > len) { |
600 | ---- linux-2.6.37.6-0.20.1.orig/net/ipv6/udp.c | |
601 | -+++ linux-2.6.37.6-0.20.1/net/ipv6/udp.c | |
600 | +--- linux-2.6.37.6-24.1.orig/net/ipv6/udp.c | |
601 | ++++ linux-2.6.37.6-24.1/net/ipv6/udp.c | |
602 | 602 | @@ -361,6 +361,10 @@ try_again: |
603 | 603 | &peeked, &err); |
604 | 604 | if (!skb) |
@@ -610,8 +610,8 @@ | ||
610 | 610 | |
611 | 611 | ulen = skb->len - sizeof(struct udphdr); |
612 | 612 | if (len > ulen) |
613 | ---- linux-2.6.37.6-0.20.1.orig/net/socket.c | |
614 | -+++ linux-2.6.37.6-0.20.1/net/socket.c | |
613 | +--- linux-2.6.37.6-24.1.orig/net/socket.c | |
614 | ++++ linux-2.6.37.6-24.1/net/socket.c | |
615 | 615 | @@ -1516,6 +1516,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 | 616 | if (err < 0) |
617 | 617 | goto out_fd; |
@@ -623,8 +623,8 @@ | ||
623 | 623 | if (upeer_sockaddr) { |
624 | 624 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 | 625 | &len, 2) < 0) { |
626 | ---- linux-2.6.37.6-0.20.1.orig/net/unix/af_unix.c | |
627 | -+++ linux-2.6.37.6-0.20.1/net/unix/af_unix.c | |
626 | +--- linux-2.6.37.6-24.1.orig/net/unix/af_unix.c | |
627 | ++++ linux-2.6.37.6-24.1/net/unix/af_unix.c | |
628 | 628 | @@ -1738,6 +1738,10 @@ static int unix_dgram_recvmsg(struct kio |
629 | 629 | |
630 | 630 | wake_up_interruptible_sync(&u->peer_wait); |
@@ -636,8 +636,8 @@ | ||
636 | 636 | if (msg->msg_name) |
637 | 637 | unix_copy_addr(msg, skb->sk); |
638 | 638 | |
639 | ---- linux-2.6.37.6-0.20.1.orig/security/Kconfig | |
640 | -+++ linux-2.6.37.6-0.20.1/security/Kconfig | |
639 | +--- linux-2.6.37.6-24.1.orig/security/Kconfig | |
640 | ++++ linux-2.6.37.6-24.1/security/Kconfig | |
641 | 641 | @@ -193,5 +193,7 @@ config DEFAULT_SECURITY |
642 | 642 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
643 | 643 | default "" if DEFAULT_SECURITY_DAC |
@@ -646,8 +646,8 @@ | ||
646 | 646 | + |
647 | 647 | endmenu |
648 | 648 | |
649 | ---- linux-2.6.37.6-0.20.1.orig/security/Makefile | |
650 | -+++ linux-2.6.37.6-0.20.1/security/Makefile | |
649 | +--- linux-2.6.37.6-24.1.orig/security/Makefile | |
650 | ++++ linux-2.6.37.6-24.1/security/Makefile | |
651 | 651 | @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 | 652 | # Object integrity file lists |
653 | 653 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -655,8 +655,8 @@ | ||
655 | 655 | + |
656 | 656 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 | 657 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 | ---- linux-2.6.37.6-0.20.1.orig/security/security.c | |
659 | -+++ linux-2.6.37.6-0.20.1/security/security.c | |
658 | +--- linux-2.6.37.6-24.1.orig/security/security.c | |
659 | ++++ linux-2.6.37.6-24.1/security/security.c | |
660 | 660 | @@ -203,7 +203,10 @@ int security_syslog(int type) |
661 | 661 | |
662 | 662 | int security_settime(struct timespec *ts, struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | 1 | Index: security/caitsith/internal.h |
2 | 2 | =================================================================== |
3 | ---- security/caitsith/internal.h (revision 56) | |
3 | +--- security/caitsith/internal.h (revision 66) | |
4 | 4 | +++ security/caitsith/internal.h (working copy) |
5 | 5 | @@ -211,6 +211,7 @@ |
6 | 6 | /* Index numbers for "struct ccs_condition". */ |
@@ -14,9 +14,9 @@ | ||
14 | 14 | CCS_SELF_SGID, /* current_sgid() */ |
15 | 15 | CCS_SELF_FSGID, /* current_fsgid() */ |
16 | 16 | CCS_SELF_PID, /* sys_getpid() */ |
17 | -- CCS_SELF_PPID, /* sys_getppid() */ | |
18 | - /* 10 */ | |
19 | -+ CCS_SELF_PPID, /* sys_getppid() */ | |
17 | ++ /* 10 */ | |
18 | + CCS_SELF_PPID, /* sys_getppid() */ | |
19 | +- /* 10 */ | |
20 | 20 | CCS_TASK_TYPE, /* ((u8) task->ccs_flags) & |
21 | 21 | CCS_TASK_IS_EXECUTE_HANDLER */ |
22 | 22 | CCS_SELF_DOMAIN, |
@@ -24,9 +24,9 @@ | ||
24 | 24 | CCS_OBJ_IS_SYMLINK, /* S_IFLNK */ |
25 | 25 | CCS_OBJ_IS_FILE, /* S_IFREG */ |
26 | 26 | CCS_OBJ_IS_BLOCK_DEV, /* S_IFBLK */ |
27 | -- CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */ | |
28 | - /* 20 */ | |
29 | -+ CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */ | |
27 | ++ /* 20 */ | |
28 | + CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */ | |
29 | +- /* 20 */ | |
30 | 30 | CCS_OBJ_IS_CHAR_DEV, /* S_IFCHR */ |
31 | 31 | CCS_OBJ_IS_FIFO, /* S_IFIFO */ |
32 | 32 | CCS_MODE_SETUID, /* S_ISUID */ |
@@ -34,9 +34,9 @@ | ||
34 | 34 | CCS_MODE_OWNER_WRITE, /* S_IWUSR */ |
35 | 35 | CCS_MODE_OWNER_EXECUTE, /* S_IXUSR */ |
36 | 36 | CCS_MODE_GROUP_READ, /* S_IRGRP */ |
37 | -- CCS_MODE_GROUP_WRITE, /* S_IWGRP */ | |
38 | - /* 30 */ | |
39 | -+ CCS_MODE_GROUP_WRITE, /* S_IWGRP */ | |
37 | ++ /* 30 */ | |
38 | + CCS_MODE_GROUP_WRITE, /* S_IWGRP */ | |
39 | +- /* 30 */ | |
40 | 40 | CCS_MODE_GROUP_EXECUTE, /* S_IXGRP */ |
41 | 41 | CCS_MODE_OTHERS_READ, /* S_IROTH */ |
42 | 42 | CCS_MODE_OTHERS_WRITE, /* S_IWOTH */ |
@@ -48,7 +48,71 @@ | ||
48 | 48 | CCS_COND_SARG0, |
49 | 49 | CCS_COND_SARG1, |
50 | 50 | /* 40 */ |
51 | -@@ -471,15 +471,6 @@ | |
51 | +@@ -389,7 +389,62 @@ | |
52 | + #ifdef CONFIG_CAITSITH_MANUAL_DOMAIN_TRANSITION | |
53 | + CCS_MAC_MANUAL_DOMAIN_TRANSITION, | |
54 | + #endif | |
55 | +- CCS_MAX_MAC_INDEX | |
56 | ++ CCS_MAX_MAC_INDEX, | |
57 | ++ /* Map undefined functions to CCS_MAX_MAC_INDEX */ | |
58 | ++#ifndef CONFIG_CAITSITH_GETATTR | |
59 | ++ CCS_MAC_GETATTR = CCS_MAX_MAC_INDEX, | |
60 | ++#endif | |
61 | ++#ifndef CONFIG_CAITSITH_NETWORK | |
62 | ++ CCS_MAC_INET_STREAM_BIND = CCS_MAX_MAC_INDEX, | |
63 | ++ CCS_MAC_INET_STREAM_LISTEN = CCS_MAX_MAC_INDEX, | |
64 | ++ CCS_MAC_INET_STREAM_CONNECT = CCS_MAX_MAC_INDEX, | |
65 | ++ CCS_MAC_INET_STREAM_ACCEPT = CCS_MAX_MAC_INDEX, | |
66 | ++ CCS_MAC_INET_DGRAM_BIND = CCS_MAX_MAC_INDEX, | |
67 | ++ CCS_MAC_INET_DGRAM_SEND = CCS_MAX_MAC_INDEX, | |
68 | ++ CCS_MAC_INET_RAW_BIND = CCS_MAX_MAC_INDEX, | |
69 | ++ CCS_MAC_INET_RAW_SEND = CCS_MAX_MAC_INDEX, | |
70 | ++ CCS_MAC_UNIX_STREAM_BIND = CCS_MAX_MAC_INDEX, | |
71 | ++ CCS_MAC_UNIX_STREAM_LISTEN = CCS_MAX_MAC_INDEX, | |
72 | ++ CCS_MAC_UNIX_STREAM_CONNECT = CCS_MAX_MAC_INDEX, | |
73 | ++ CCS_MAC_UNIX_STREAM_ACCEPT = CCS_MAX_MAC_INDEX, | |
74 | ++ CCS_MAC_UNIX_DGRAM_BIND = CCS_MAX_MAC_INDEX, | |
75 | ++ CCS_MAC_UNIX_DGRAM_SEND = CCS_MAX_MAC_INDEX, | |
76 | ++ CCS_MAC_UNIX_SEQPACKET_BIND = CCS_MAX_MAC_INDEX, | |
77 | ++ CCS_MAC_UNIX_SEQPACKET_LISTEN = CCS_MAX_MAC_INDEX, | |
78 | ++ CCS_MAC_UNIX_SEQPACKET_CONNECT = CCS_MAX_MAC_INDEX, | |
79 | ++ CCS_MAC_UNIX_SEQPACKET_ACCEPT = CCS_MAX_MAC_INDEX, | |
80 | ++#endif | |
81 | ++#ifndef CONFIG_CAITSITH_NETWORK_RECVMSG | |
82 | ++ CCS_MAC_INET_DGRAM_RECV = CCS_MAX_MAC_INDEX, | |
83 | ++ CCS_MAC_INET_RAW_RECV = CCS_MAX_MAC_INDEX, | |
84 | ++ CCS_MAC_UNIX_DGRAM_RECV = CCS_MAX_MAC_INDEX, | |
85 | ++#endif | |
86 | ++#ifndef CONFIG_CAITSITH_ENVIRON | |
87 | ++ CCS_MAC_ENVIRON = CCS_MAX_MAC_INDEX, | |
88 | ++#endif | |
89 | ++#ifndef CONFIG_CAITSITH_PTRACE | |
90 | ++ CCS_MAC_PTRACE = CCS_MAX_MAC_INDEX, | |
91 | ++#endif | |
92 | ++#ifndef CONFIG_CAITSITH_SIGNAL | |
93 | ++ CCS_MAC_SIGNAL = CCS_MAX_MAC_INDEX, | |
94 | ++#endif | |
95 | ++#ifndef CONFIG_CAITSITH_CAPABILITY | |
96 | ++ CCS_MAC_USE_NETLINK_SOCKET = CCS_MAX_MAC_INDEX, | |
97 | ++ CCS_MAC_USE_PACKET_SOCKET = CCS_MAX_MAC_INDEX, | |
98 | ++ CCS_MAC_USE_REBOOT = CCS_MAX_MAC_INDEX, | |
99 | ++ CCS_MAC_USE_VHANGUP = CCS_MAX_MAC_INDEX, | |
100 | ++ CCS_MAC_SET_TIME = CCS_MAX_MAC_INDEX, | |
101 | ++ CCS_MAC_SET_PRIORITY = CCS_MAX_MAC_INDEX, | |
102 | ++ CCS_MAC_SET_HOSTNAME = CCS_MAX_MAC_INDEX, | |
103 | ++ CCS_MAC_USE_KERNEL_MODULE = CCS_MAX_MAC_INDEX, | |
104 | ++ CCS_MAC_USE_NEW_KERNEL = CCS_MAX_MAC_INDEX, | |
105 | ++#endif | |
106 | ++#ifndef CONFIG_CAITSITH_AUTO_DOMAIN_TRANSITION | |
107 | ++ CCS_MAC_AUTO_DOMAIN_TRANSITION = CCS_MAX_MAC_INDEX, | |
108 | ++#endif | |
109 | ++#ifndef CONFIG_CAITSITH_MANUAL_DOMAIN_TRANSITION | |
110 | ++ CCS_MAC_MANUAL_DOMAIN_TRANSITION = CCS_MAX_MAC_INDEX, | |
111 | ++#endif | |
112 | + } __packed; | |
113 | + | |
114 | + /* Index numbers for statistic information. */ | |
115 | +@@ -471,15 +526,6 @@ | |
52 | 116 | CCS_VALUE_TYPE_HEXADECIMAL, |
53 | 117 | } __packed; |
54 | 118 |
@@ -66,7 +130,7 @@ | ||
66 | 130 | /* |
67 | 131 | Index: security/caitsith/policy_io.c |
68 | 132 | =================================================================== |
69 | ---- security/caitsith/policy_io.c (revision 56) | |
133 | +--- security/caitsith/policy_io.c (revision 66) | |
70 | 134 | +++ security/caitsith/policy_io.c (working copy) |
71 | 135 | @@ -106,61 +106,6 @@ |
72 | 136 | #endif |
@@ -1085,7 +1149,7 @@ | ||
1085 | 1149 | { |
1086 | 1150 | const char *end; |
1087 | 1151 | if (!strchr(address, ':') && |
1088 | -@@ -1303,397 +1717,165 @@ | |
1152 | +@@ -1303,397 +1717,169 @@ | |
1089 | 1153 | if (!*end) { |
1090 | 1154 | ipv6[0].s6_addr32[0] = ipv6[0].s6_addr32[0]; |
1091 | 1155 | ipv6[1].s6_addr32[0] = ipv6[0].s6_addr32[0]; |
@@ -1163,21 +1227,44 @@ | ||
1163 | 1227 | - return CCS_SELF_DOMAIN; |
1164 | 1228 | - if (!strcmp(word, "exe")) |
1165 | 1229 | - return CCS_SELF_EXE; |
1166 | -- } | |
1230 | ++ if (mac == CCS_MAC_EXECUTE || mac == CCS_MAC_ENVIRON) { | |
1231 | ++ tmp->type = CCS_TYPE_STRING; | |
1232 | ++ if (!strncmp(word, "argv[", 5)) { | |
1233 | ++ word += 5; | |
1234 | ++ if (ccs_parse_ulong(&tmp->argv, &word) == | |
1235 | ++ CCS_VALUE_TYPE_DECIMAL && !strcmp(word, "]")) | |
1236 | ++ return CCS_ARGV_ENTRY; | |
1237 | ++ } else if (!strncmp(word, "envp[\"", 6)) { | |
1238 | ++ char *end = word + strlen(word) - 2; | |
1239 | ++ if (!strcmp(end, "\"]")) { | |
1240 | ++ *end = '\0'; | |
1241 | ++ tmp->envp = ccs_get_name(word + 6); | |
1242 | ++ if (tmp->envp) | |
1243 | ++ return CCS_ENVP_ENTRY; | |
1244 | ++ } | |
1245 | ++ } | |
1246 | + } | |
1167 | 1247 | - return CCS_MAX_CONDITION_KEYWORD; |
1168 | --} | |
1169 | -- | |
1170 | --/** | |
1248 | ++ return CCS_INVALID_CONDITION; | |
1249 | + } | |
1250 | + | |
1251 | + /** | |
1171 | 1252 | - * ccs_parse_syscall_arg - Find index for variable's name. |
1172 | -- * | |
1173 | -- * @word: Keyword to search. | |
1253 | ++ * ccs_parse_righthand - Parse special righthand conditions. | |
1254 | + * | |
1255 | + * @word: Keyword to search. | |
1174 | 1256 | - * @type: One of values in "enum ccs_mac_index". |
1175 | -- * | |
1257 | ++ * @head: Pointer to "struct ccs_io_buffer". | |
1258 | ++ * @tmp: Pointer to "struct ccs_cond_tmp". | |
1259 | + * | |
1176 | 1260 | - * Returns one of "ccs_conditions_index" value. |
1177 | -- */ | |
1261 | ++ * Returns one of values in "enum ccs_conditions_index". | |
1262 | + */ | |
1178 | 1263 | -static enum ccs_conditions_index ccs_parse_syscall_arg |
1179 | 1264 | -(const char *word, const enum ccs_mac_index type) |
1180 | --{ | |
1265 | ++static enum ccs_conditions_index ccs_parse_righthand | |
1266 | ++(char *word, struct ccs_io_buffer *head, struct ccs_cond_tmp *tmp) | |
1267 | + { | |
1181 | 1268 | - switch (type) { |
1182 | 1269 | - case CCS_MAC_READ: |
1183 | 1270 | - case CCS_MAC_WRITE: |
@@ -1223,22 +1310,7 @@ | ||
1223 | 1310 | - return CCS_COND_NARG1; |
1224 | 1311 | - if (!strcmp(word, "dev_minor")) |
1225 | 1312 | - return CCS_COND_NARG2; |
1226 | -+ if (mac == CCS_MAC_EXECUTE || mac == CCS_MAC_ENVIRON) { | |
1227 | -+ tmp->type = CCS_TYPE_STRING; | |
1228 | -+ if (!strncmp(word, "argv[", 5)) { | |
1229 | -+ word += 5; | |
1230 | -+ if (ccs_parse_ulong(&tmp->argv, &word) == | |
1231 | -+ CCS_VALUE_TYPE_DECIMAL && !strcmp(word, "]")) | |
1232 | -+ return CCS_ARGV_ENTRY; | |
1233 | -+ } else if (!strncmp(word, "envp[\"", 6)) { | |
1234 | -+ char *end = word + strlen(word) - 2; | |
1235 | -+ if (!strcmp(end, "\"]")) { | |
1236 | -+ *end = '\0'; | |
1237 | -+ tmp->envp = ccs_get_name(word + 6); | |
1238 | -+ if (tmp->envp) | |
1239 | -+ return CCS_ENVP_ENTRY; | |
1240 | -+ } | |
1241 | - } | |
1313 | +- } | |
1242 | 1314 | - break; |
1243 | 1315 | - case CCS_MAC_LINK: |
1244 | 1316 | - case CCS_MAC_RENAME: |
@@ -1271,7 +1343,27 @@ | ||
1271 | 1343 | - if (!strcmp(word, "put_old")) |
1272 | 1344 | - return CCS_COND_SARG1; |
1273 | 1345 | - break; |
1274 | --#ifdef CONFIG_CAITSITH_NETWORK | |
1346 | ++ const enum ccs_var_type type = tmp->type; | |
1347 | ++ dprintk(KERN_WARNING "%u: tmp->left=%u type=%u\n", | |
1348 | ++ __LINE__, tmp->left, type); | |
1349 | ++ if (type == CCS_TYPE_ASSIGN) { | |
1350 | ++ if (tmp->is_not) | |
1351 | ++ goto out; | |
1352 | ++ if (tmp->left != CCS_MAC_AUTO_DOMAIN_TRANSITION && | |
1353 | ++ !strcmp(word, "NULL")) | |
1354 | ++ goto null_word; | |
1355 | ++ tmp->path = ccs_get_dqword(word); | |
1356 | ++ if (tmp->path && tmp->path->const_len == tmp->path->total_len) | |
1357 | ++ return CCS_IMM_NAME_ENTRY; | |
1358 | ++ goto out; | |
1359 | ++ } | |
1360 | ++ if (word[0] == '@' && word[1]) { | |
1361 | ++ enum ccs_group_id g; | |
1362 | ++ if (type == CCS_TYPE_NUMBER || type == CCS_TYPE_FILEPERM) | |
1363 | ++ g = CCS_NUMBER_GROUP; | |
1364 | ++ else if (type == CCS_TYPE_STRING) | |
1365 | ++ g = CCS_STRING_GROUP; | |
1366 | + #ifdef CONFIG_CAITSITH_NETWORK | |
1275 | 1367 | - case CCS_MAC_INET_STREAM_BIND: |
1276 | 1368 | - case CCS_MAC_INET_STREAM_LISTEN: |
1277 | 1369 | - case CCS_MAC_INET_STREAM_CONNECT: |
@@ -1306,7 +1398,9 @@ | ||
1306 | 1398 | - if (!strcmp(word, "addr")) |
1307 | 1399 | - return CCS_COND_SARG0; |
1308 | 1400 | - break; |
1309 | --#endif | |
1401 | ++ else if (type == CCS_TYPE_IPADDR) | |
1402 | ++ g = CCS_IP_GROUP; | |
1403 | + #endif | |
1310 | 1404 | -#ifdef CONFIG_CAITSITH_ENVIRON |
1311 | 1405 | - case CCS_MAC_ENVIRON: |
1312 | 1406 | - if (!strcmp(word, "path")) |
@@ -1341,28 +1435,28 @@ | ||
1341 | 1435 | -#endif |
1342 | 1436 | - default: |
1343 | 1437 | - break; |
1438 | ++ else | |
1439 | ++ goto out; | |
1440 | ++ head->w.data = word + 1; | |
1441 | ++ tmp->group = ccs_get_group(head, g); | |
1442 | ++ if (tmp->group) | |
1443 | ++ return CCS_IMM_GROUP; | |
1444 | ++ goto out; | |
1344 | 1445 | } |
1345 | 1446 | - return CCS_MAX_CONDITION_KEYWORD; |
1346 | -+ return CCS_INVALID_CONDITION; | |
1347 | - } | |
1348 | - | |
1349 | - /** | |
1447 | +-} | |
1448 | +- | |
1449 | +-/** | |
1350 | 1450 | - * ccs_parse_path_attributes - Find index for variable's name. |
1351 | -+ * ccs_parse_righthand - Parse special righthand conditions. | |
1352 | - * | |
1353 | - * @word: Keyword to search. | |
1451 | +- * | |
1452 | +- * @word: Keyword to search. | |
1354 | 1453 | - * @type: One of values in "enum ccs_mac_index". |
1355 | -+ * @head: Pointer to "struct ccs_io_buffer". | |
1356 | -+ * @tmp: Pointer to "struct ccs_cond_tmp". | |
1357 | - * | |
1454 | +- * | |
1358 | 1455 | - * Returns one of "ccs_conditions_index" value. |
1359 | -+ * Returns one of values in "enum ccs_conditions_index". | |
1360 | - */ | |
1456 | +- */ | |
1361 | 1457 | -static enum ccs_conditions_index ccs_parse_path_attribute |
1362 | 1458 | -(char *word, const enum ccs_mac_index type) |
1363 | -+static enum ccs_conditions_index ccs_parse_righthand | |
1364 | -+(char *word, struct ccs_io_buffer *head, struct ccs_cond_tmp *tmp) | |
1365 | - { | |
1459 | +-{ | |
1366 | 1460 | - u8 i; |
1367 | 1461 | - enum ccs_conditions_index start; |
1368 | 1462 | - switch (type) { |
@@ -1428,44 +1522,6 @@ | ||
1428 | 1522 | - break; |
1429 | 1523 | - default: |
1430 | 1524 | - break; |
1431 | -+ const enum ccs_var_type type = tmp->type; | |
1432 | -+ dprintk(KERN_WARNING "%u: tmp->left=%u type=%u\n", | |
1433 | -+ __LINE__, tmp->left, type); | |
1434 | -+ if (type == CCS_TYPE_ASSIGN) { | |
1435 | -+ if (tmp->is_not) | |
1436 | -+ goto out; | |
1437 | -+ if (tmp->left != CCS_MAC_AUTO_DOMAIN_TRANSITION && | |
1438 | -+ !strcmp(word, "NULL")) | |
1439 | -+ goto null_word; | |
1440 | -+ tmp->path = ccs_get_dqword(word); | |
1441 | -+ if (tmp->path && tmp->path->const_len == tmp->path->total_len) | |
1442 | -+ return CCS_IMM_NAME_ENTRY; | |
1443 | -+ goto out; | |
1444 | - } | |
1445 | -- goto out; | |
1446 | --path1_parent: | |
1447 | -- if (strncmp(word, ".parent", 7)) | |
1448 | -+ if (word[0] == '@' && word[1]) { | |
1449 | -+ enum ccs_group_id g; | |
1450 | -+ if (type == CCS_TYPE_NUMBER || type == CCS_TYPE_FILEPERM) | |
1451 | -+ g = CCS_NUMBER_GROUP; | |
1452 | -+ else if (type == CCS_TYPE_STRING) | |
1453 | -+ g = CCS_STRING_GROUP; | |
1454 | -+ else if (type == CCS_TYPE_IPADDR) | |
1455 | -+ g = CCS_IP_GROUP; | |
1456 | -+ else | |
1457 | -+ goto out; | |
1458 | -+ head->w.data = word + 1; | |
1459 | -+ tmp->group = ccs_get_group(head, g); | |
1460 | -+ if (tmp->group) | |
1461 | -+ return CCS_IMM_GROUP; | |
1462 | - goto out; | |
1463 | --path1: | |
1464 | -- start = CCS_PATH_ATTRIBUTE_START; | |
1465 | -- goto check; | |
1466 | --path2_parent: | |
1467 | -- if (strncmp(word, ".parent", 7)) | |
1468 | -+ } | |
1469 | 1525 | + if (type == CCS_TYPE_NUMBER || type == CCS_TYPE_FILEPERM) { |
1470 | 1526 | + tmp->radix = ccs_parse_values(word, tmp->value); |
1471 | 1527 | + if (tmp->radix == CCS_VALUE_TYPE_INVALID) |
@@ -1474,7 +1530,10 @@ | ||
1474 | 1530 | + return CCS_IMM_NUMBER_ENTRY2; |
1475 | 1531 | + else |
1476 | 1532 | + return CCS_IMM_NUMBER_ENTRY1; |
1477 | -+ } | |
1533 | + } | |
1534 | +- goto out; | |
1535 | +-path1_parent: | |
1536 | +- if (strncmp(word, ".parent", 7)) | |
1478 | 1537 | + if (type == CCS_TYPE_STRING) { |
1479 | 1538 | + dprintk(KERN_WARNING "%u: word='%s'\n", __LINE__, word); |
1480 | 1539 | + if (!strcmp(word, "NULL")) |
@@ -1485,6 +1544,12 @@ | ||
1485 | 1544 | + if (tmp->path) |
1486 | 1545 | + return CCS_IMM_NAME_ENTRY; |
1487 | 1546 | goto out; |
1547 | +-path1: | |
1548 | +- start = CCS_PATH_ATTRIBUTE_START; | |
1549 | +- goto check; | |
1550 | +-path2_parent: | |
1551 | +- if (strncmp(word, ".parent", 7)) | |
1552 | +- goto out; | |
1488 | 1553 | -path2: |
1489 | 1554 | - start = CCS_PATH_ATTRIBUTE_START + 32; |
1490 | 1555 | -check: |
@@ -1495,8 +1560,10 @@ | ||
1495 | 1560 | - if (!strcmp(word, ccs_path_attribute[i])) |
1496 | 1561 | - return start + i; |
1497 | 1562 | + } |
1563 | ++#ifdef CONFIG_CAITSITH_NETWORK | |
1498 | 1564 | + if (type == CCS_TYPE_IPADDR) |
1499 | 1565 | + return ccs_parse_ipaddr(word, tmp->ipv6); |
1566 | ++#endif | |
1500 | 1567 | out: |
1501 | 1568 | - return CCS_MAX_CONDITION_KEYWORD; |
1502 | 1569 | + dprintk(KERN_WARNING "%u: righthand failed\n", __LINE__); |
@@ -1596,7 +1663,7 @@ | ||
1596 | 1663 | * ccs_parse_cond - Parse single condition. |
1597 | 1664 | * |
1598 | 1665 | * @tmp: Pointer to "struct ccs_cond_tmp". |
1599 | -@@ -1704,10 +1886,12 @@ | |
1666 | +@@ -1704,10 +1890,12 @@ | |
1600 | 1667 | static bool ccs_parse_cond(struct ccs_cond_tmp *tmp, |
1601 | 1668 | struct ccs_io_buffer *head) |
1602 | 1669 | { |
@@ -1611,7 +1678,7 @@ | ||
1611 | 1678 | right = strchr(left, '='); |
1612 | 1679 | if (!right || right == left) |
1613 | 1680 | return false; |
1614 | -@@ -1717,155 +1901,29 @@ | |
1681 | +@@ -1717,155 +1905,29 @@ | |
1615 | 1682 | *(right - 2) = '\0'; |
1616 | 1683 | if (!*left || !*right) |
1617 | 1684 | return false; |
@@ -1788,7 +1855,7 @@ | ||
1788 | 1855 | } |
1789 | 1856 | |
1790 | 1857 | /** |
1791 | -@@ -1899,8 +1957,10 @@ | |
1858 | +@@ -1899,8 +1961,10 @@ | |
1792 | 1859 | condp = (union ccs_condition_element *) (entry + 1); |
1793 | 1860 | while (1) { |
1794 | 1861 | memset(&tmp, 0, sizeof(tmp)); |
@@ -1801,7 +1868,7 @@ | ||
1801 | 1868 | while (*pos == ' ') |
1802 | 1869 | pos++; |
1803 | 1870 | if (!*pos) |
1804 | -@@ -1984,8 +2044,8 @@ | |
1871 | +@@ -1984,8 +2048,8 @@ | |
1805 | 1872 | entry->size = (void *) condp - (void *) entry; |
1806 | 1873 | return ccs_commit_condition(entry); |
1807 | 1874 | out: |
@@ -1812,7 +1879,7 @@ | ||
1812 | 1879 | tmp.path ? tmp.path->name : "", |
1813 | 1880 | tmp.group ? tmp.group->group_name->name : ""); |
1814 | 1881 | ccs_put_name(tmp.envp); |
1815 | -@@ -2342,51 +2402,25 @@ | |
1882 | +@@ -2342,51 +2406,25 @@ | |
1816 | 1883 | } |
1817 | 1884 | |
1818 | 1885 | /** |
@@ -1876,7 +1943,7 @@ | ||
1876 | 1943 | } |
1877 | 1944 | |
1878 | 1945 | /** |
1879 | -@@ -2424,32 +2458,8 @@ | |
1946 | +@@ -2424,32 +2462,8 @@ | |
1880 | 1947 | condp++; |
1881 | 1948 | ccs_set_string(head, "\"]"); |
1882 | 1949 | break; |
@@ -1910,7 +1977,7 @@ | ||
1910 | 1977 | } |
1911 | 1978 | ccs_set_string(head, is_not ? "!=" : "="); |
1912 | 1979 | switch (right) { |
1913 | -@@ -2503,7 +2513,7 @@ | |
1980 | +@@ -2503,7 +2517,7 @@ | |
1914 | 1981 | break; |
1915 | 1982 | #endif |
1916 | 1983 | default: |
@@ -1919,7 +1986,7 @@ | ||
1919 | 1986 | } |
1920 | 1987 | } |
1921 | 1988 | head->r.cond = NULL; |
1922 | -@@ -2688,12 +2698,12 @@ | |
1989 | +@@ -2688,12 +2702,12 @@ | |
1923 | 1990 | } else { |
1924 | 1991 | #ifdef CONFIG_CAITSITH_NETWORK |
1925 | 1992 | switch (ccs_parse_ipaddr(word, e.address.ip)) { |
@@ -1936,7 +2003,7 @@ | ||
1936 | 2003 | e.address.is_ipv6 = true; |
1937 | 2004 | break; |
1938 | 2005 | default: |
1939 | -@@ -3407,36 +3417,62 @@ | |
2006 | +@@ -3407,36 +3421,62 @@ | |
1940 | 2007 | goto no_obj_info; |
1941 | 2008 | ccs_get_attributes(r); |
1942 | 2009 | for (i = 0; i < CCS_MAX_PATH_STAT; i++) { |
@@ -2020,7 +2087,7 @@ | ||
2020 | 2087 | } |
2021 | 2088 | no_obj_info: |
2022 | 2089 | if (pos < ccs_buffer_len - 1) |
2023 | -@@ -3553,6 +3589,9 @@ | |
2090 | +@@ -3553,6 +3593,9 @@ | |
2024 | 2091 | case CCS_MAC_MOUNT: |
2025 | 2092 | pos = 0; |
2026 | 2093 | for (i = 0; i < 4; i++) { |
@@ -2030,7 +2097,7 @@ | ||
2030 | 2097 | if (i == 3) |
2031 | 2098 | pos += snprintf(buf + pos, pos < len ? |
2032 | 2099 | len - pos : 0, " flags=0x%lX", |
2033 | -@@ -3560,8 +3599,7 @@ | |
2100 | +@@ -3560,8 +3603,7 @@ | |
2034 | 2101 | if (!r->param.s[i]) |
2035 | 2102 | continue; |
2036 | 2103 | pos += snprintf(buf + pos, pos < len ? len - pos : 0, |