OSDN > ソフトウェアを探す > システム > オペレーティングシステムカーネル > Linux > CaitSith > SCM > SVN > コミット

CaitSith

R/O
SSH
HTTPS

caitsith: コミット

コミットメタ情報

リビジョン	68 (tree)
日時	2012-11-11 16:26:54
作者	kumaneko

ログメッセージ

(メッセージはありません)

変更サマリ

modified: trunk/caitsith-patch/patches/ccs-patch-3.7.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-2.6.32-ubuntu-10.04.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-17.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.0-vine-linux-6.1.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.0.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.4.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.6.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.5-ubuntu-12.10.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.3.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-16.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-2.6.37-suse-11.4.diff (diff)
modified: trunk/diff.txt (diff)

差分

--- trunk/caitsith-patch/patches/ccs-patch-3.7.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.7.diff (revision 68)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 3.7-rc3.
	1	+This is TOMOYO Linux patch for kernel 3.7-rc4.
2	2
3		-Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.7-rc3.tar.bz2
	3	+Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.7-rc4.tar.bz2
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 107 ++++++++++++++++++++++++++++++++++++++++------
29	29	24 files changed, 235 insertions(+), 37 deletions(-)
30	30
31		---- linux-3.7-rc3.orig/fs/exec.c
32		-+++ linux-3.7-rc3/fs/exec.c
	31	+--- linux-3.7-rc4.orig/fs/exec.c
	32	++++ linux-3.7-rc4/fs/exec.c
33	33	@@ -1524,7 +1524,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.7-rc3.orig/fs/open.c
43		-+++ linux-3.7-rc3/fs/open.c
	42	+--- linux-3.7-rc4.orig/fs/open.c
	43	++++ linux-3.7-rc4/fs/open.c
44	44	@@ -1024,6 +1024,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.7-rc3.orig/fs/proc/version.c
54		-+++ linux-3.7-rc3/fs/proc/version.c
	53	+--- linux-3.7-rc4.orig/fs/proc/version.c
	54	++++ linux-3.7-rc4/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.7-rc3 2012/10/29\n");
	62	++ printk(KERN_INFO "Hook version: 3.7-rc4 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.7-rc3.orig/include/linux/init_task.h
67		-+++ linux-3.7-rc3/include/linux/init_task.h
	66	+--- linux-3.7-rc4.orig/include/linux/init_task.h
	67	++++ linux-3.7-rc4/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.7-rc3.orig/include/linux/sched.h
92		-+++ linux-3.7-rc3/include/linux/sched.h
	91	+--- linux-3.7-rc4.orig/include/linux/sched.h
	92	++++ linux-3.7-rc4/include/linux/sched.h
93	93	@@ -4,6 +4,8 @@
94	94	#include <uapi/linux/sched.h>
95	95

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.7-rc3.orig/include/linux/security.h
114		-+++ linux-3.7-rc3/include/linux/security.h
	113	+--- linux-3.7-rc4.orig/include/linux/security.h
	114	++++ linux-3.7-rc4/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.7-rc3.orig/include/net/ip.h
317		-+++ linux-3.7-rc3/include/net/ip.h
	316	+--- linux-3.7-rc4.orig/include/net/ip.h
	317	++++ linux-3.7-rc4/include/net/ip.h
318	318	@@ -203,6 +203,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.7-rc3.orig/kernel/fork.c
328		-+++ linux-3.7-rc3/kernel/fork.c
	327	+--- linux-3.7-rc4.orig/kernel/fork.c
	328	++++ linux-3.7-rc4/kernel/fork.c
329	329	@@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.7-rc3.orig/kernel/kexec.c
356		-+++ linux-3.7-rc3/kernel/kexec.c
	355	+--- linux-3.7-rc4.orig/kernel/kexec.c
	356	++++ linux-3.7-rc4/kernel/kexec.c
357	357	@@ -37,6 +37,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/*
373	373	* Verify we have a legal set of flags
374		---- linux-3.7-rc3.orig/kernel/module.c
375		-+++ linux-3.7-rc3/kernel/module.c
	374	+--- linux-3.7-rc4.orig/kernel/module.c
	375	++++ linux-3.7-rc4/kernel/module.c
376	376	@@ -60,6 +60,7 @@
377	377	#include <linux/bsearch.h>
378	378	#include <linux/fips.h>

		@@ -399,8 +399,8 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.7-rc3.orig/kernel/ptrace.c
403		-+++ linux-3.7-rc3/kernel/ptrace.c
	402	+--- linux-3.7-rc4.orig/kernel/ptrace.c
	403	++++ linux-3.7-rc4/kernel/ptrace.c
404	404	@@ -860,6 +860,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.7-rc3.orig/kernel/sched/core.c
429		-+++ linux-3.7-rc3/kernel/sched/core.c
	428	+--- linux-3.7-rc4.orig/kernel/sched/core.c
	429	++++ linux-3.7-rc4/kernel/sched/core.c
430	430	@@ -3578,6 +3578,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.7-rc3.orig/kernel/signal.c
440		-+++ linux-3.7-rc3/kernel/signal.c
	439	+--- linux-3.7-rc4.orig/kernel/signal.c
	440	++++ linux-3.7-rc4/kernel/signal.c
441	441	@@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.7-rc3.orig/kernel/sys.c
487		-+++ linux-3.7-rc3/kernel/sys.c
	486	+--- linux-3.7-rc4.orig/kernel/sys.c
	487	++++ linux-3.7-rc4/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.7-rc3.orig/kernel/time/ntp.c
527		-+++ linux-3.7-rc3/kernel/time/ntp.c
	526	+--- linux-3.7-rc4.orig/kernel/time/ntp.c
	527	++++ linux-3.7-rc4/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,8 +558,8 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.7-rc3.orig/net/ipv4/raw.c
562		-+++ linux-3.7-rc3/net/ipv4/raw.c
	561	+--- linux-3.7-rc4.orig/net/ipv4/raw.c
	562	++++ linux-3.7-rc4/net/ipv4/raw.c
563	563	@@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.7-rc3.orig/net/ipv4/udp.c
575		-+++ linux-3.7-rc3/net/ipv4/udp.c
	574	+--- linux-3.7-rc4.orig/net/ipv4/udp.c
	575	++++ linux-3.7-rc4/net/ipv4/udp.c
576	576	@@ -1193,6 +1193,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.7-rc3.orig/net/ipv6/raw.c
588		-+++ linux-3.7-rc3/net/ipv6/raw.c
	587	+--- linux-3.7-rc4.orig/net/ipv6/raw.c
	588	++++ linux-3.7-rc4/net/ipv6/raw.c
589	589	@@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.7-rc3.orig/net/ipv6/udp.c
601		-+++ linux-3.7-rc3/net/ipv6/udp.c
	600	+--- linux-3.7-rc4.orig/net/ipv6/udp.c
	601	++++ linux-3.7-rc4/net/ipv6/udp.c
602	602	@@ -363,6 +363,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.7-rc3.orig/net/socket.c
614		-+++ linux-3.7-rc3/net/socket.c
	613	+--- linux-3.7-rc4.orig/net/socket.c
	614	++++ linux-3.7-rc4/net/socket.c
615	615	@@ -1640,6 +1640,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.7-rc3.orig/net/unix/af_unix.c
627		-+++ linux-3.7-rc3/net/unix/af_unix.c
	626	+--- linux-3.7-rc4.orig/net/unix/af_unix.c
	627	++++ linux-3.7-rc4/net/unix/af_unix.c
628	628	@@ -1803,6 +1803,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.7-rc3.orig/security/Kconfig
640		-+++ linux-3.7-rc3/security/Kconfig
	639	+--- linux-3.7-rc4.orig/security/Kconfig
	640	++++ linux-3.7-rc4/security/Kconfig
641	641	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.7-rc3.orig/security/Makefile
650		-+++ linux-3.7-rc3/security/Makefile
	649	+--- linux-3.7-rc4.orig/security/Makefile
	650	++++ linux-3.7-rc4/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.7-rc3.orig/security/security.c
659		-+++ linux-3.7-rc3/security/security.c
	658	+--- linux-3.7-rc4.orig/security/security.c
	659	++++ linux-3.7-rc4/security/security.c
660	660	@@ -202,7 +202,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-2.6.32-ubuntu-10.04.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-2.6.32-ubuntu-10.04.diff (revision 68)

		@@ -38,9 +38,9 @@
38	38	security/Makefile \| 3 +++
39	39	34 files changed, 205 insertions(+), 3 deletions(-)
40	40
41		---- linux-2.6.32-44.98.orig/fs/compat.c
42		-+++ linux-2.6.32-44.98/fs/compat.c
43		-@@ -1528,7 +1528,7 @@ int compat_do_execve(char * filename,
	41	+--- linux-2.6.32-45.99.orig/fs/compat.c
	42	++++ linux-2.6.32-45.99/fs/compat.c
	43	+@@ -1534,7 +1534,7 @@ int compat_do_execve(char * filename,
44	44	if (retval < 0)
45	45	goto out;
46	46

		@@ -49,8 +49,8 @@
49	49	if (retval < 0)
50	50	goto out;
51	51
52		---- linux-2.6.32-44.98.orig/fs/compat_ioctl.c
53		-+++ linux-2.6.32-44.98/fs/compat_ioctl.c
	52	+--- linux-2.6.32-45.99.orig/fs/compat_ioctl.c
	53	++++ linux-2.6.32-45.99/fs/compat_ioctl.c
54	54	@@ -114,6 +114,7 @@
55	55	#ifdef CONFIG_SPARC
56	56	#include <asm/fbio.h>

		@@ -68,8 +68,8 @@
68	68	if (error)
69	69	goto out_fput;
70	70
71		---- linux-2.6.32-44.98.orig/fs/exec.c
72		-+++ linux-2.6.32-44.98/fs/exec.c
	71	+--- linux-2.6.32-45.99.orig/fs/exec.c
	72	++++ linux-2.6.32-45.99/fs/exec.c
73	73	@@ -1417,7 +1417,7 @@ int do_execve(char * filename,
74	74	goto out;
75	75

		@@ -79,8 +79,8 @@
79	79	if (retval < 0)
80	80	goto out;
81	81
82		---- linux-2.6.32-44.98.orig/fs/fcntl.c
83		-+++ linux-2.6.32-44.98/fs/fcntl.c
	82	+--- linux-2.6.32-45.99.orig/fs/fcntl.c
	83	++++ linux-2.6.32-45.99/fs/fcntl.c
84	84	@@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
85	85	goto out;
86	86

		@@ -99,8 +99,8 @@
99	99	if (err) {
100	100	fput(filp);
101	101	return err;
102		---- linux-2.6.32-44.98.orig/fs/ioctl.c
103		-+++ linux-2.6.32-44.98/fs/ioctl.c
	102	+--- linux-2.6.32-45.99.orig/fs/ioctl.c
	103	++++ linux-2.6.32-45.99/fs/ioctl.c
104	104	@@ -618,6 +618,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
105	105	goto out;
106	106

		@@ -110,8 +110,8 @@
110	110	if (error)
111	111	goto out_fput;
112	112
113		---- linux-2.6.32-44.98.orig/fs/namei.c
114		-+++ linux-2.6.32-44.98/fs/namei.c
	113	+--- linux-2.6.32-45.99.orig/fs/namei.c
	114	++++ linux-2.6.32-45.99/fs/namei.c
115	115	@@ -1572,6 +1572,11 @@ int may_open(struct path *path, int acc_
116	116	goto err_out;
117	117	}

		@@ -219,8 +219,8 @@
219	219	if (error)
220	220	goto exit6;
221	221	error = vfs_rename(old_dir->d_inode, old_dentry,
222		---- linux-2.6.32-44.98.orig/fs/namespace.c
223		-+++ linux-2.6.32-44.98/fs/namespace.c
	222	+--- linux-2.6.32-45.99.orig/fs/namespace.c
	223	++++ linux-2.6.32-45.99/fs/namespace.c
224	224	@@ -1031,6 +1031,8 @@ static int do_umount(struct vfsmount *mn
225	225	LIST_HEAD(umount_list);
226	226

		@@ -257,8 +257,8 @@
257	257	if (error) {
258	258	path_put(&old);
259	259	goto out1;
260		---- linux-2.6.32-44.98.orig/fs/open.c
261		-+++ linux-2.6.32-44.98/fs/open.c
	260	+--- linux-2.6.32-45.99.orig/fs/open.c
	261	++++ linux-2.6.32-45.99/fs/open.c
262	262	@@ -279,6 +279,8 @@ static long do_sys_truncate(const char _
263	263	error = locks_verify_truncate(inode, NULL, length);
264	264	if (!error)

		@@ -323,8 +323,8 @@
323	323	if (capable(CAP_SYS_TTY_CONFIG)) {
324	324	tty_vhangup_self();
325	325	return 0;
326		---- linux-2.6.32-44.98.orig/fs/proc/version.c
327		-+++ linux-2.6.32-44.98/fs/proc/version.c
	326	+--- linux-2.6.32-45.99.orig/fs/proc/version.c
	327	++++ linux-2.6.32-45.99/fs/proc/version.c
328	328	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
329	329	return 0;
330	330	}

		@@ -332,12 +332,12 @@
332	332	+
333	333	+static int __init ccs_show_version(void)
334	334	+{
335		-+ printk(KERN_INFO "Hook version: 2.6.32-44.98 2012/10/13\n");
	335	++ printk(KERN_INFO "Hook version: 2.6.32-45.99 2012/11/10\n");
336	336	+ return 0;
337	337	+}
338	338	+module_init(ccs_show_version);
339		---- linux-2.6.32-44.98.orig/fs/stat.c
340		-+++ linux-2.6.32-44.98/fs/stat.c
	339	+--- linux-2.6.32-45.99.orig/fs/stat.c
	340	++++ linux-2.6.32-45.99/fs/stat.c
341	341	@@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st
342	342	int retval;
343	343

		@@ -347,8 +347,8 @@
347	347	if (retval)
348	348	return retval;
349	349
350		---- linux-2.6.32-44.98.orig/include/linux/init_task.h
351		-+++ linux-2.6.32-44.98/include/linux/init_task.h
	350	+--- linux-2.6.32-45.99.orig/include/linux/init_task.h
	351	++++ linux-2.6.32-45.99/include/linux/init_task.h
352	352	@@ -115,6 +115,14 @@ extern struct cred init_cred;
353	353	# define INIT_PERF_EVENTS(tsk)
354	354	#endif

		@@ -372,8 +372,8 @@
372	372	}
373	373
374	374
375		---- linux-2.6.32-44.98.orig/include/linux/sched.h
376		-+++ linux-2.6.32-44.98/include/linux/sched.h
	375	+--- linux-2.6.32-45.99.orig/include/linux/sched.h
	376	++++ linux-2.6.32-45.99/include/linux/sched.h
377	377	@@ -43,6 +43,8 @@
378	378
379	379	#ifdef __KERNEL__

		@@ -394,8 +394,8 @@
394	394	};
395	395
396	396	/* Future-safe accessor for struct task_struct's cpus_allowed. */
397		---- linux-2.6.32-44.98.orig/include/linux/security.h
398		-+++ linux-2.6.32-44.98/include/linux/security.h
	397	+--- linux-2.6.32-45.99.orig/include/linux/security.h
	398	++++ linux-2.6.32-45.99/include/linux/security.h
399	399	@@ -35,6 +35,7 @@
400	400	#include <linux/xfrm.h>
401	401	#include <linux/gfp.h>

		@@ -404,8 +404,8 @@
404	404
405	405	/* Maximum number of letters for an LSM name string */
406	406	#define SECURITY_NAME_MAX 10
407		---- linux-2.6.32-44.98.orig/kernel/compat.c
408		-+++ linux-2.6.32-44.98/kernel/compat.c
	407	+--- linux-2.6.32-45.99.orig/kernel/compat.c
	408	++++ linux-2.6.32-45.99/kernel/compat.c
409	409	@@ -924,6 +924,8 @@ asmlinkage long compat_sys_stime(compat_
410	410	err = security_settime(&tv, NULL);
411	411	if (err)

		@@ -415,9 +415,9 @@
415	415
416	416	do_settimeofday(&tv);
417	417	return 0;
418		---- linux-2.6.32-44.98.orig/kernel/fork.c
419		-+++ linux-2.6.32-44.98/kernel/fork.c
420		-@@ -165,6 +165,7 @@ void __put_task_struct(struct task_struc
	418	+--- linux-2.6.32-45.99.orig/kernel/fork.c
	419	++++ linux-2.6.32-45.99/kernel/fork.c
	420	+@@ -166,6 +166,7 @@ void __put_task_struct(struct task_struc
421	421	exit_creds(tsk);
422	422	delayacct_tsk_free(tsk);
423	423

		@@ -425,7 +425,7 @@
425	425	if (!profile_handoff_task(tsk))
426	426	free_task(tsk);
427	427	}
428		-@@ -1138,6 +1139,9 @@ static struct task_struct *copy_process(
	428	+@@ -1141,6 +1142,9 @@ static struct task_struct *copy_process(
429	429
430	430	if ((retval = audit_alloc(p)))
431	431	goto bad_fork_cleanup_policy;

		@@ -435,7 +435,7 @@
435	435	/* copy all the process information */
436	436	if ((retval = copy_semundo(clone_flags, p)))
437	437	goto bad_fork_cleanup_audit;
438		-@@ -1319,6 +1323,7 @@ bad_fork_cleanup_semundo:
	438	+@@ -1322,6 +1326,7 @@ bad_fork_cleanup_semundo:
439	439	exit_sem(p);
440	440	bad_fork_cleanup_audit:
441	441	audit_free(p);

		@@ -443,8 +443,8 @@
443	443	bad_fork_cleanup_policy:
444	444	perf_event_free_task(p);
445	445	#ifdef CONFIG_NUMA
446		---- linux-2.6.32-44.98.orig/kernel/kexec.c
447		-+++ linux-2.6.32-44.98/kernel/kexec.c
	446	+--- linux-2.6.32-45.99.orig/kernel/kexec.c
	447	++++ linux-2.6.32-45.99/kernel/kexec.c
448	448	@@ -37,6 +37,7 @@
449	449	#include <asm/io.h>
450	450	#include <asm/system.h>

		@@ -462,8 +462,8 @@
462	462
463	463	/*
464	464	* Verify we have a legal set of flags
465		---- linux-2.6.32-44.98.orig/kernel/module.c
466		-+++ linux-2.6.32-44.98/kernel/module.c
	465	+--- linux-2.6.32-45.99.orig/kernel/module.c
	466	++++ linux-2.6.32-45.99/kernel/module.c
467	467	@@ -55,6 +55,7 @@
468	468	#include <linux/async.h>
469	469	#include <linux/percpu.h>

		@@ -490,8 +490,8 @@
490	490
491	491	/* Only one module load at a time, please */
492	492	if (mutex_lock_interruptible(&module_mutex) != 0)
493		---- linux-2.6.32-44.98.orig/kernel/ptrace.c
494		-+++ linux-2.6.32-44.98/kernel/ptrace.c
	493	+--- linux-2.6.32-45.99.orig/kernel/ptrace.c
	494	++++ linux-2.6.32-45.99/kernel/ptrace.c
495	495	@@ -603,6 +603,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
496	496	{
497	497	struct task_struct *child;

		@@ -516,8 +516,8 @@
516	516
517	517	/*
518	518	* This lock_kernel fixes a subtle race with suid exec
519		---- linux-2.6.32-44.98.orig/kernel/sched.c
520		-+++ linux-2.6.32-44.98/kernel/sched.c
	519	+--- linux-2.6.32-45.99.orig/kernel/sched.c
	520	++++ linux-2.6.32-45.99/kernel/sched.c
521	521	@@ -6401,6 +6401,8 @@ int can_nice(const struct task_struct *p
522	522	SYSCALL_DEFINE1(nice, int, increment)
523	523	{

		@@ -527,8 +527,8 @@
527	527
528	528	/*
529	529	* Setpriority might change our priority at the same moment.
530		---- linux-2.6.32-44.98.orig/kernel/signal.c
531		-+++ linux-2.6.32-44.98/kernel/signal.c
	530	+--- linux-2.6.32-45.99.orig/kernel/signal.c
	531	++++ linux-2.6.32-45.99/kernel/signal.c
532	532	@@ -2258,6 +2258,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
533	533	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
534	534	{

		@@ -574,8 +574,8 @@
574	574
575	575	return do_send_specific(tgid, pid, sig, info);
576	576	}
577		---- linux-2.6.32-44.98.orig/kernel/sys.c
578		-+++ linux-2.6.32-44.98/kernel/sys.c
	577	+--- linux-2.6.32-45.99.orig/kernel/sys.c
	578	++++ linux-2.6.32-45.99/kernel/sys.c
579	579	@@ -155,6 +155,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
580	580
581	581	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -614,8 +614,8 @@
614	614
615	615	down_write(&uts_sem);
616	616	errno = -EFAULT;
617		---- linux-2.6.32-44.98.orig/kernel/sysctl.c
618		-+++ linux-2.6.32-44.98/kernel/sysctl.c
	617	+--- linux-2.6.32-45.99.orig/kernel/sysctl.c
	618	++++ linux-2.6.32-45.99/kernel/sysctl.c
619	619	@@ -1853,6 +1853,9 @@ int do_sysctl(int __user *name, int nlen
620	620
621	621	for (head = sysctl_head_next(NULL); head;

		@@ -626,8 +626,8 @@
626	626	error = parse_table(name, nlen, oldval, oldlenp,
627	627	newval, newlen,
628	628	head->root, head->ctl_table);
629		---- linux-2.6.32-44.98.orig/kernel/time.c
630		-+++ linux-2.6.32-44.98/kernel/time.c
	629	+--- linux-2.6.32-45.99.orig/kernel/time.c
	630	++++ linux-2.6.32-45.99/kernel/time.c
631	631	@@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
632	632	err = security_settime(&tv, NULL);
633	633	if (err)

		@@ -646,8 +646,8 @@
646	646
647	647	if (tz) {
648	648	/* SMP safe, global irq locking makes it work. */
649		---- linux-2.6.32-44.98.orig/kernel/time/ntp.c
650		-+++ linux-2.6.32-44.98/kernel/time/ntp.c
	649	+--- linux-2.6.32-45.99.orig/kernel/time/ntp.c
	650	++++ linux-2.6.32-45.99/kernel/time/ntp.c
651	651	@@ -14,6 +14,7 @@
652	652	#include <linux/timex.h>
653	653	#include <linux/time.h>

		@@ -656,7 +656,7 @@
656	656
657	657	/*
658	658	* NTP timekeeping variables:
659		-@@ -419,10 +420,15 @@ int do_adjtimex(struct timex *txc)
	659	+@@ -423,10 +424,15 @@ int do_adjtimex(struct timex *txc)
660	660	if (!(txc->modes & ADJ_OFFSET_READONLY) &&
661	661	!capable(CAP_SYS_TIME))
662	662	return -EPERM;

		@@ -672,8 +672,8 @@
672	672
673	673	/*
674	674	* if the quartz is off by more than 10% then
675		---- linux-2.6.32-44.98.orig/net/ipv4/inet_connection_sock.c
676		-+++ linux-2.6.32-44.98/net/ipv4/inet_connection_sock.c
	675	+--- linux-2.6.32-45.99.orig/net/ipv4/inet_connection_sock.c
	676	++++ linux-2.6.32-45.99/net/ipv4/inet_connection_sock.c
677	677	@@ -23,6 +23,7 @@
678	678	#include <net/route.h>
679	679	#include <net/tcp_states.h>

		@@ -691,8 +691,8 @@
691	691	inet_bind_bucket_for_each(tb, node, &head->chain)
692	692	if (ib_net(tb) == net && tb->port == rover) {
693	693	if (tb->fastreuse > 0 &&
694		---- linux-2.6.32-44.98.orig/net/ipv4/inet_hashtables.c
695		-+++ linux-2.6.32-44.98/net/ipv4/inet_hashtables.c
	694	+--- linux-2.6.32-45.99.orig/net/ipv4/inet_hashtables.c
	695	++++ linux-2.6.32-45.99/net/ipv4/inet_hashtables.c
696	696	@@ -23,6 +23,7 @@
697	697	#include <net/inet_hashtables.h>
698	698	#include <net/secure_seq.h>

		@@ -710,8 +710,8 @@
710	710	head = &hinfo->bhash[inet_bhashfn(net, port,
711	711	hinfo->bhash_size)];
712	712	spin_lock(&head->lock);
713		---- linux-2.6.32-44.98.orig/net/ipv4/raw.c
714		-+++ linux-2.6.32-44.98/net/ipv4/raw.c
	713	+--- linux-2.6.32-45.99.orig/net/ipv4/raw.c
	714	++++ linux-2.6.32-45.99/net/ipv4/raw.c
715	715	@@ -77,6 +77,7 @@
716	716	#include <linux/seq_file.h>
717	717	#include <linux/netfilter.h>

		@@ -731,8 +731,8 @@
731	731
732	732	copied = skb->len;
733	733	if (len < copied) {
734		---- linux-2.6.32-44.98.orig/net/ipv4/udp.c
735		-+++ linux-2.6.32-44.98/net/ipv4/udp.c
	734	+--- linux-2.6.32-45.99.orig/net/ipv4/udp.c
	735	++++ linux-2.6.32-45.99/net/ipv4/udp.c
736	736	@@ -105,6 +105,7 @@
737	737	#include <net/checksum.h>
738	738	#include <net/xfrm.h>

		@@ -762,8 +762,8 @@
762	762
763	763	ulen = skb->len - sizeof(struct udphdr);
764	764	copied = len;
765		---- linux-2.6.32-44.98.orig/net/ipv6/raw.c
766		-+++ linux-2.6.32-44.98/net/ipv6/raw.c
	765	+--- linux-2.6.32-45.99.orig/net/ipv6/raw.c
	766	++++ linux-2.6.32-45.99/net/ipv6/raw.c
767	767	@@ -59,6 +59,7 @@
768	768
769	769	#include <linux/proc_fs.h>

		@@ -783,8 +783,8 @@
783	783
784	784	copied = skb->len;
785	785	if (copied > len) {
786		---- linux-2.6.32-44.98.orig/net/ipv6/udp.c
787		-+++ linux-2.6.32-44.98/net/ipv6/udp.c
	786	+--- linux-2.6.32-45.99.orig/net/ipv6/udp.c
	787	++++ linux-2.6.32-45.99/net/ipv6/udp.c
788	788	@@ -48,6 +48,7 @@
789	789	#include <linux/proc_fs.h>
790	790	#include <linux/seq_file.h>

		@@ -804,8 +804,8 @@
804	804
805	805	ulen = skb->len - sizeof(struct udphdr);
806	806	copied = len;
807		---- linux-2.6.32-44.98.orig/net/socket.c
808		-+++ linux-2.6.32-44.98/net/socket.c
	807	+--- linux-2.6.32-45.99.orig/net/socket.c
	808	++++ linux-2.6.32-45.99/net/socket.c
809	809	@@ -567,6 +567,8 @@ static inline int __sock_sendmsg(struct
810	810	si->size = size;
811	811

		@@ -866,8 +866,8 @@
866	866	if (err)
867	867	goto out_put;
868	868
869		---- linux-2.6.32-44.98.orig/net/unix/af_unix.c
870		-+++ linux-2.6.32-44.98/net/unix/af_unix.c
	869	+--- linux-2.6.32-45.99.orig/net/unix/af_unix.c
	870	++++ linux-2.6.32-45.99/net/unix/af_unix.c
871	871	@@ -846,6 +846,9 @@ static int unix_bind(struct socket *sock
872	872	if (err)
873	873	goto out_mknod_dput;

		@@ -889,8 +889,8 @@
889	889	if (msg->msg_name)
890	890	unix_copy_addr(msg, skb->sk);
891	891
892		---- linux-2.6.32-44.98.orig/security/Kconfig
893		-+++ linux-2.6.32-44.98/security/Kconfig
	892	+--- linux-2.6.32-45.99.orig/security/Kconfig
	893	++++ linux-2.6.32-45.99/security/Kconfig
894	894	@@ -203,5 +203,7 @@ config DEFAULT_SECURITY
895	895	default "apparmor" if DEFAULT_SECURITY_APPARMOR
896	896	default "" if DEFAULT_SECURITY_DAC

		@@ -899,8 +899,8 @@
899	899	+
900	900	endmenu
901	901
902		---- linux-2.6.32-44.98.orig/security/Makefile
903		-+++ linux-2.6.32-44.98/security/Makefile
	902	+--- linux-2.6.32-45.99.orig/security/Makefile
	903	++++ linux-2.6.32-45.99/security/Makefile
904	904	@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
905	905	# Object integrity file lists
906	906	subdir-$(CONFIG_IMA) += integrity/ima

--- trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-17.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-17.diff (revision 68)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for Fedora 17.
2	2
3		-Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/17/SRPMS/kernel-3.6.3-1.fc17.src.rpm
	3	+Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/17/SRPMS/kernel-3.6.6-1.fc17.src.rpm
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,9 +28,9 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 250 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.6.3-1.fc17.orig/fs/exec.c
32		-+++ linux-3.6.3-1.fc17/fs/exec.c
33		-@@ -1550,7 +1550,7 @@ static int do_execve_common(const char *
	31	+--- linux-3.6.6-1.fc17.orig/fs/exec.c
	32	++++ linux-3.6.6-1.fc17/fs/exec.c
	33	+@@ -1551,7 +1551,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;
36	36

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.6.3-1.fc17.orig/fs/open.c
43		-+++ linux-3.6.3-1.fc17/fs/open.c
	42	+--- linux-3.6.6-1.fc17.orig/fs/open.c
	43	++++ linux-3.6.6-1.fc17/fs/open.c
44	44	@@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.6.3-1.fc17.orig/fs/proc/version.c
54		-+++ linux-3.6.3-1.fc17/fs/proc/version.c
	53	+--- linux-3.6.6-1.fc17.orig/fs/proc/version.c
	54	++++ linux-3.6.6-1.fc17/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.6.3-1.fc17 2012/11/01\n");
	62	++ printk(KERN_INFO "Hook version: 3.6.6-1.fc17 2012/11/10\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.6.3-1.fc17.orig/include/linux/init_task.h
67		-+++ linux-3.6.3-1.fc17/include/linux/init_task.h
	66	+--- linux-3.6.6-1.fc17.orig/include/linux/init_task.h
	67	++++ linux-3.6.6-1.fc17/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.6.3-1.fc17.orig/include/linux/sched.h
92		-+++ linux-3.6.3-1.fc17/include/linux/sched.h
	91	+--- linux-3.6.6-1.fc17.orig/include/linux/sched.h
	92	++++ linux-3.6.6-1.fc17/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -99,7 +99,7 @@
99	99	struct sched_param {
100	100	int sched_priority;
101	101	};
102		-@@ -1589,6 +1591,10 @@ struct task_struct {
	102	+@@ -1592,6 +1594,10 @@ struct task_struct {
103	103	#ifdef CONFIG_UPROBES
104	104	struct uprobe_task *utask;
105	105	#endif

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.6.3-1.fc17.orig/include/linux/security.h
114		-+++ linux-3.6.3-1.fc17/include/linux/security.h
	113	+--- linux-3.6.6-1.fc17.orig/include/linux/security.h
	114	++++ linux-3.6.6-1.fc17/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.6.3-1.fc17.orig/include/net/ip.h
317		-+++ linux-3.6.3-1.fc17/include/net/ip.h
	316	+--- linux-3.6.6-1.fc17.orig/include/net/ip.h
	317	++++ linux-3.6.6-1.fc17/include/net/ip.h
318	318	@@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.6.3-1.fc17.orig/kernel/fork.c
328		-+++ linux-3.6.3-1.fc17/kernel/fork.c
	327	+--- linux-3.6.6-1.fc17.orig/kernel/fork.c
	328	++++ linux-3.6.6-1.fc17/kernel/fork.c
329	329	@@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -334,7 +334,7 @@
334	334	if (!profile_handoff_task(tsk))
335	335	free_task(tsk);
336	336	}
337		-@@ -1320,6 +1321,9 @@ static struct task_struct *copy_process(
	337	+@@ -1316,6 +1317,9 @@ static struct task_struct *copy_process(
338	338	retval = audit_alloc(p);
339	339	if (retval)
340	340	goto bad_fork_cleanup_policy;

		@@ -344,7 +344,7 @@
344	344	/* copy all the process information */
345	345	retval = copy_semundo(clone_flags, p);
346	346	if (retval)
347		-@@ -1520,6 +1524,7 @@ bad_fork_cleanup_semundo:
	347	+@@ -1516,6 +1520,7 @@ bad_fork_cleanup_semundo:
348	348	exit_sem(p);
349	349	bad_fork_cleanup_audit:
350	350	audit_free(p);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.6.3-1.fc17.orig/kernel/kexec.c
356		-+++ linux-3.6.3-1.fc17/kernel/kexec.c
	355	+--- linux-3.6.6-1.fc17.orig/kernel/kexec.c
	356	++++ linux-3.6.6-1.fc17/kernel/kexec.c
357	357	@@ -38,6 +38,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/*
373	373	* Verify we have a legal set of flags
374		---- linux-3.6.3-1.fc17.orig/kernel/module.c
375		-+++ linux-3.6.3-1.fc17/kernel/module.c
	374	+--- linux-3.6.6-1.fc17.orig/kernel/module.c
	375	++++ linux-3.6.6-1.fc17/kernel/module.c
376	376	@@ -58,6 +58,7 @@
377	377	#include <linux/jump_label.h>
378	378	#include <linux/pfn.h>

		@@ -399,9 +399,9 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.6.3-1.fc17.orig/kernel/ptrace.c
403		-+++ linux-3.6.3-1.fc17/kernel/ptrace.c
404		-@@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
	402	+--- linux-3.6.6-1.fc17.orig/kernel/ptrace.c
	403	++++ linux-3.6.6-1.fc17/kernel/ptrace.c
	404	+@@ -865,6 +865,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;
407	407	long ret;

		@@ -413,7 +413,7 @@
413	413
414	414	if (request == PTRACE_TRACEME) {
415	415	ret = ptrace_traceme();
416		-@@ -1004,6 +1009,11 @@ asmlinkage long compat_sys_ptrace(compat
	416	+@@ -1010,6 +1015,11 @@ asmlinkage long compat_sys_ptrace(compat
417	417	{
418	418	struct task_struct *child;
419	419	long ret;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.6.3-1.fc17.orig/kernel/sched/core.c
429		-+++ linux-3.6.3-1.fc17/kernel/sched/core.c
	428	+--- linux-3.6.6-1.fc17.orig/kernel/sched/core.c
	429	++++ linux-3.6.6-1.fc17/kernel/sched/core.c
430	430	@@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.6.3-1.fc17.orig/kernel/signal.c
440		-+++ linux-3.6.3-1.fc17/kernel/signal.c
	439	+--- linux-3.6.6-1.fc17.orig/kernel/signal.c
	440	++++ linux-3.6.6-1.fc17/kernel/signal.c
441	441	@@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.6.3-1.fc17.orig/kernel/sys.c
487		-+++ linux-3.6.3-1.fc17/kernel/sys.c
	486	+--- linux-3.6.6-1.fc17.orig/kernel/sys.c
	487	++++ linux-3.6.6-1.fc17/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.6.3-1.fc17.orig/kernel/time/ntp.c
527		-+++ linux-3.6.3-1.fc17/kernel/time/ntp.c
	526	+--- linux-3.6.6-1.fc17.orig/kernel/time/ntp.c
	527	++++ linux-3.6.6-1.fc17/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,8 +558,8 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.6.3-1.fc17.orig/net/ipv4/raw.c
562		-+++ linux-3.6.3-1.fc17/net/ipv4/raw.c
	561	+--- linux-3.6.6-1.fc17.orig/net/ipv4/raw.c
	562	++++ linux-3.6.6-1.fc17/net/ipv4/raw.c
563	563	@@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.6.3-1.fc17.orig/net/ipv4/udp.c
575		-+++ linux-3.6.3-1.fc17/net/ipv4/udp.c
	574	+--- linux-3.6.6-1.fc17.orig/net/ipv4/udp.c
	575	++++ linux-3.6.6-1.fc17/net/ipv4/udp.c
576	576	@@ -1193,6 +1193,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.6.3-1.fc17.orig/net/ipv6/raw.c
588		-+++ linux-3.6.3-1.fc17/net/ipv6/raw.c
	587	+--- linux-3.6.6-1.fc17.orig/net/ipv6/raw.c
	588	++++ linux-3.6.6-1.fc17/net/ipv6/raw.c
589	589	@@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.6.3-1.fc17.orig/net/ipv6/udp.c
601		-+++ linux-3.6.3-1.fc17/net/ipv6/udp.c
	600	+--- linux-3.6.6-1.fc17.orig/net/ipv6/udp.c
	601	++++ linux-3.6.6-1.fc17/net/ipv6/udp.c
602	602	@@ -363,6 +363,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.6.3-1.fc17.orig/net/socket.c
614		-+++ linux-3.6.3-1.fc17/net/socket.c
	613	+--- linux-3.6.6-1.fc17.orig/net/socket.c
	614	++++ linux-3.6.6-1.fc17/net/socket.c
615	615	@@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.6.3-1.fc17.orig/net/unix/af_unix.c
627		-+++ linux-3.6.3-1.fc17/net/unix/af_unix.c
	626	+--- linux-3.6.6-1.fc17.orig/net/unix/af_unix.c
	627	++++ linux-3.6.6-1.fc17/net/unix/af_unix.c
628	628	@@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.6.3-1.fc17.orig/security/Kconfig
640		-+++ linux-3.6.3-1.fc17/security/Kconfig
	639	+--- linux-3.6.6-1.fc17.orig/security/Kconfig
	640	++++ linux-3.6.6-1.fc17/security/Kconfig
641	641	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.6.3-1.fc17.orig/security/Makefile
650		-+++ linux-3.6.3-1.fc17/security/Makefile
	649	+--- linux-3.6.6-1.fc17.orig/security/Makefile
	650	++++ linux-3.6.6-1.fc17/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.6.3-1.fc17.orig/security/security.c
659		-+++ linux-3.6.3-1.fc17/security/security.c
	658	+--- linux-3.6.6-1.fc17.orig/security/security.c
	659	++++ linux-3.6.6-1.fc17/security/security.c
660	660	@@ -190,7 +190,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.0-vine-linux-6.1.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.0-vine-linux-6.1.diff (revision 68)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for VineLinux 6.1.
2	2
3		-Source code for this patch is http://updates.vinelinux.org/Vine-6.1/updates/SRPMS/kernel-3.0.46-1vl6.src.rpm
	3	+Source code for this patch is http://updates.vinelinux.org/Vine-6.1/updates/SRPMS/kernel-3.0.50-1vl6.src.rpm
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 247 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.0.46-1vl6.orig/fs/exec.c
32		-+++ linux-3.0.46-1vl6/fs/exec.c
	31	+--- linux-3.0.50-1vl6.orig/fs/exec.c
	32	++++ linux-3.0.50-1vl6/fs/exec.c
33	33	@@ -1495,7 +1495,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.0.46-1vl6.orig/fs/open.c
43		-+++ linux-3.0.46-1vl6/fs/open.c
	42	+--- linux-3.0.50-1vl6.orig/fs/open.c
	43	++++ linux-3.0.50-1vl6/fs/open.c
44	44	@@ -1125,6 +1125,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.0.46-1vl6.orig/fs/proc/version.c
54		-+++ linux-3.0.46-1vl6/fs/proc/version.c
	53	+--- linux-3.0.50-1vl6.orig/fs/proc/version.c
	54	++++ linux-3.0.50-1vl6/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.0.46-1vl6 2012/10/27\n");
	62	++ printk(KERN_INFO "Hook version: 3.0.50-1vl6 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.0.46-1vl6.orig/include/linux/init_task.h
67		-+++ linux-3.0.46-1vl6/include/linux/init_task.h
	66	+--- linux-3.0.50-1vl6.orig/include/linux/init_task.h
	67	++++ linux-3.0.50-1vl6/include/linux/init_task.h
68	68	@@ -142,6 +142,14 @@ extern struct task_group root_task_group
69	69	# define INIT_PERF_EVENTS(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.0.46-1vl6.orig/include/linux/sched.h
92		-+++ linux-3.0.46-1vl6/include/linux/sched.h
	91	+--- linux-3.0.50-1vl6.orig/include/linux/sched.h
	92	++++ linux-3.0.50-1vl6/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.0.46-1vl6.orig/include/linux/security.h
114		-+++ linux-3.0.46-1vl6/include/linux/security.h
	113	+--- linux-3.0.50-1vl6.orig/include/linux/security.h
	114	++++ linux-3.0.50-1vl6/include/linux/security.h
115	115	@@ -37,6 +37,7 @@
116	116	#include <linux/xfrm.h>
117	117	#include <linux/slab.h>

		@@ -310,8 +310,8 @@
310	310	}
311	311	#endif /* CONFIG_SECURITY_PATH */
312	312
313		---- linux-3.0.46-1vl6.orig/include/net/ip.h
314		-+++ linux-3.0.46-1vl6/include/net/ip.h
	313	+--- linux-3.0.50-1vl6.orig/include/net/ip.h
	314	++++ linux-3.0.50-1vl6/include/net/ip.h
315	315	@@ -216,6 +216,8 @@ extern void inet_get_local_port_range(in
316	316	extern unsigned long *sysctl_local_reserved_ports;
317	317	static inline int inet_is_reserved_local_port(int port)

		@@ -321,8 +321,8 @@
321	321	return test_bit(port, sysctl_local_reserved_ports);
322	322	}
323	323
324		---- linux-3.0.46-1vl6.orig/kernel/fork.c
325		-+++ linux-3.0.46-1vl6/kernel/fork.c
	324	+--- linux-3.0.50-1vl6.orig/kernel/fork.c
	325	++++ linux-3.0.50-1vl6/kernel/fork.c
326	326	@@ -197,6 +197,7 @@ void __put_task_struct(struct task_struc
327	327	delayacct_tsk_free(tsk);
328	328	put_signal_struct(tsk->signal);

		@@ -349,8 +349,8 @@
349	349	bad_fork_cleanup_policy:
350	350	perf_event_free_task(p);
351	351	#ifdef CONFIG_NUMA
352		---- linux-3.0.46-1vl6.orig/kernel/kexec.c
353		-+++ linux-3.0.46-1vl6/kernel/kexec.c
	352	+--- linux-3.0.50-1vl6.orig/kernel/kexec.c
	353	++++ linux-3.0.50-1vl6/kernel/kexec.c
354	354	@@ -40,6 +40,7 @@
355	355	#include <asm/io.h>
356	356	#include <asm/system.h>

		@@ -368,8 +368,8 @@
368	368
369	369	/*
370	370	* Verify we have a legal set of flags
371		---- linux-3.0.46-1vl6.orig/kernel/module.c
372		-+++ linux-3.0.46-1vl6/kernel/module.c
	371	+--- linux-3.0.50-1vl6.orig/kernel/module.c
	372	++++ linux-3.0.50-1vl6/kernel/module.c
373	373	@@ -58,6 +58,7 @@
374	374	#include <linux/jump_label.h>
375	375	#include <linux/pfn.h>

		@@ -387,7 +387,7 @@
387	387
388	388	if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
389	389	return -EFAULT;
390		-@@ -2888,6 +2891,8 @@ SYSCALL_DEFINE3(init_module, void __user
	390	+@@ -2892,6 +2895,8 @@ SYSCALL_DEFINE3(init_module, void __user
391	391	/* Must have permission */
392	392	if (!capable(CAP_SYS_MODULE) \|\| modules_disabled)
393	393	return -EPERM;

		@@ -396,8 +396,8 @@
396	396
397	397	/* Do all the hard work */
398	398	mod = load_module(umod, len, uargs);
399		---- linux-3.0.46-1vl6.orig/kernel/ptrace.c
400		-+++ linux-3.0.46-1vl6/kernel/ptrace.c
	399	+--- linux-3.0.50-1vl6.orig/kernel/ptrace.c
	400	++++ linux-3.0.50-1vl6/kernel/ptrace.c
401	401	@@ -747,6 +747,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402	402	{
403	403	struct task_struct *child;

		@@ -422,8 +422,8 @@
422	422
423	423	if (request == PTRACE_TRACEME) {
424	424	ret = ptrace_traceme();
425		---- linux-3.0.46-1vl6.orig/kernel/sched.c
426		-+++ linux-3.0.46-1vl6/kernel/sched.c
	425	+--- linux-3.0.50-1vl6.orig/kernel/sched.c
	426	++++ linux-3.0.50-1vl6/kernel/sched.c
427	427	@@ -4932,6 +4932,8 @@ int can_nice(const struct task_struct *p
428	428	SYSCALL_DEFINE1(nice, int, increment)
429	429	{

		@@ -433,8 +433,8 @@
433	433
434	434	/*
435	435	* Setpriority might change our priority at the same moment.
436		---- linux-3.0.46-1vl6.orig/kernel/signal.c
437		-+++ linux-3.0.46-1vl6/kernel/signal.c
	436	+--- linux-3.0.50-1vl6.orig/kernel/signal.c
	437	++++ linux-3.0.50-1vl6/kernel/signal.c
438	438	@@ -2620,6 +2620,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
439	439	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
440	440	{

		@@ -480,8 +480,8 @@
480	480
481	481	return do_send_specific(tgid, pid, sig, info);
482	482	}
483		---- linux-3.0.46-1vl6.orig/kernel/sys.c
484		-+++ linux-3.0.46-1vl6/kernel/sys.c
	483	+--- linux-3.0.50-1vl6.orig/kernel/sys.c
	484	++++ linux-3.0.50-1vl6/kernel/sys.c
485	485	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
486	486
487	487	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -502,7 +502,7 @@
502	502
503	503	/* Instead of trying to make the power_off code look like
504	504	* halt when pm_power_off is not set do it the easy way.
505		-@@ -1241,6 +1247,8 @@ SYSCALL_DEFINE2(sethostname, char __user
	505	+@@ -1243,6 +1249,8 @@ SYSCALL_DEFINE2(sethostname, char __user
506	506
507	507	if (len < 0 \|\| len > __NEW_UTS_LEN)
508	508	return -EINVAL;

		@@ -511,7 +511,7 @@
511	511	down_write(&uts_sem);
512	512	errno = -EFAULT;
513	513	if (!copy_from_user(tmp, name, len)) {
514		-@@ -1290,6 +1298,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
	514	+@@ -1292,6 +1300,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
515	515	return -EPERM;
516	516	if (len < 0 \|\| len > __NEW_UTS_LEN)
517	517	return -EINVAL;

		@@ -520,8 +520,8 @@
520	520
521	521	down_write(&uts_sem);
522	522	errno = -EFAULT;
523		---- linux-3.0.46-1vl6.orig/kernel/time/ntp.c
524		-+++ linux-3.0.46-1vl6/kernel/time/ntp.c
	523	+--- linux-3.0.50-1vl6.orig/kernel/time/ntp.c
	524	++++ linux-3.0.50-1vl6/kernel/time/ntp.c
525	525	@@ -15,6 +15,7 @@
526	526	#include <linux/time.h>
527	527	#include <linux/mm.h>

		@@ -555,8 +555,8 @@
555	555	if (!(txc->modes & ADJ_NANO))
556	556	delta.tv_nsec *= 1000;
557	557	result = timekeeping_inject_offset(&delta);
558		---- linux-3.0.46-1vl6.orig/net/ipv4/raw.c
559		-+++ linux-3.0.46-1vl6/net/ipv4/raw.c
	558	+--- linux-3.0.50-1vl6.orig/net/ipv4/raw.c
	559	++++ linux-3.0.50-1vl6/net/ipv4/raw.c
560	560	@@ -695,6 +695,10 @@ static int raw_recvmsg(struct kiocb *ioc
561	561	skb = skb_recv_datagram(sk, flags, noblock, &err);
562	562	if (!skb)

		@@ -568,8 +568,8 @@
568	568
569	569	copied = skb->len;
570	570	if (len < copied) {
571		---- linux-3.0.46-1vl6.orig/net/ipv4/udp.c
572		-+++ linux-3.0.46-1vl6/net/ipv4/udp.c
	571	+--- linux-3.0.50-1vl6.orig/net/ipv4/udp.c
	572	++++ linux-3.0.50-1vl6/net/ipv4/udp.c
573	573	@@ -1183,6 +1183,10 @@ try_again:
574	574	&peeked, &err);
575	575	if (!skb)

		@@ -581,8 +581,8 @@
581	581
582	582	ulen = skb->len - sizeof(struct udphdr);
583	583	if (len > ulen)
584		---- linux-3.0.46-1vl6.orig/net/ipv6/raw.c
585		-+++ linux-3.0.46-1vl6/net/ipv6/raw.c
	584	+--- linux-3.0.50-1vl6.orig/net/ipv6/raw.c
	585	++++ linux-3.0.50-1vl6/net/ipv6/raw.c
586	586	@@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
587	587	skb = skb_recv_datagram(sk, flags, noblock, &err);
588	588	if (!skb)

		@@ -594,8 +594,8 @@
594	594
595	595	copied = skb->len;
596	596	if (copied > len) {
597		---- linux-3.0.46-1vl6.orig/net/ipv6/udp.c
598		-+++ linux-3.0.46-1vl6/net/ipv6/udp.c
	597	+--- linux-3.0.50-1vl6.orig/net/ipv6/udp.c
	598	++++ linux-3.0.50-1vl6/net/ipv6/udp.c
599	599	@@ -361,6 +361,10 @@ try_again:
600	600	&peeked, &err);
601	601	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len - sizeof(struct udphdr);
609	609	if (len > ulen)
610		---- linux-3.0.46-1vl6.orig/net/socket.c
611		-+++ linux-3.0.46-1vl6/net/socket.c
	610	+--- linux-3.0.50-1vl6.orig/net/socket.c
	611	++++ linux-3.0.50-1vl6/net/socket.c
612	612	@@ -1530,6 +1530,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
613	613	if (err < 0)
614	614	goto out_fd;

		@@ -620,8 +620,8 @@
620	620	if (upeer_sockaddr) {
621	621	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
622	622	&len, 2) < 0) {
623		---- linux-3.0.46-1vl6.orig/net/unix/af_unix.c
624		-+++ linux-3.0.46-1vl6/net/unix/af_unix.c
	623	+--- linux-3.0.50-1vl6.orig/net/unix/af_unix.c
	624	++++ linux-3.0.50-1vl6/net/unix/af_unix.c
625	625	@@ -1762,6 +1762,10 @@ static int unix_dgram_recvmsg(struct kio
626	626	wake_up_interruptible_sync_poll(&u->peer_wait,
627	627	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -633,8 +633,8 @@
633	633	if (msg->msg_name)
634	634	unix_copy_addr(msg, skb->sk);
635	635
636		---- linux-3.0.46-1vl6.orig/security/Kconfig
637		-+++ linux-3.0.46-1vl6/security/Kconfig
	636	+--- linux-3.0.50-1vl6.orig/security/Kconfig
	637	++++ linux-3.0.50-1vl6/security/Kconfig
638	638	@@ -225,5 +225,7 @@ config DEFAULT_SECURITY
639	639	default "apparmor" if DEFAULT_SECURITY_APPARMOR
640	640	default "" if DEFAULT_SECURITY_DAC

		@@ -643,8 +643,8 @@
643	643	+
644	644	endmenu
645	645
646		---- linux-3.0.46-1vl6.orig/security/Makefile
647		-+++ linux-3.0.46-1vl6/security/Makefile
	646	+--- linux-3.0.50-1vl6.orig/security/Makefile
	647	++++ linux-3.0.50-1vl6/security/Makefile
648	648	@@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
649	649	# Object integrity file lists
650	650	subdir-$(CONFIG_IMA) += integrity/ima

		@@ -652,8 +652,8 @@
652	652	+
653	653	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
654	654	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
655		---- linux-3.0.46-1vl6.orig/security/security.c
656		-+++ linux-3.0.46-1vl6/security/security.c
	655	+--- linux-3.0.50-1vl6.orig/security/security.c
	656	++++ linux-3.0.50-1vl6/security/security.c
657	657	@@ -202,7 +202,10 @@ int security_syslog(int type)
658	658
659	659	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.0.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.0.diff (revision 68)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 3.0.50.
	1	+This is TOMOYO Linux patch for kernel 3.0.51.
2	2
3		-Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.50.tar.bz2
	3	+Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.51.tar.bz2
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 247 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.0.50.orig/fs/exec.c
32		-+++ linux-3.0.50/fs/exec.c
	31	+--- linux-3.0.51.orig/fs/exec.c
	32	++++ linux-3.0.51/fs/exec.c
33	33	@@ -1495,7 +1495,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.0.50.orig/fs/open.c
43		-+++ linux-3.0.50/fs/open.c
	42	+--- linux-3.0.51.orig/fs/open.c
	43	++++ linux-3.0.51/fs/open.c
44	44	@@ -1125,6 +1125,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.0.50.orig/fs/proc/version.c
54		-+++ linux-3.0.50/fs/proc/version.c
	53	+--- linux-3.0.51.orig/fs/proc/version.c
	54	++++ linux-3.0.51/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.0.50 2012/11/01\n");
	62	++ printk(KERN_INFO "Hook version: 3.0.51 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.0.50.orig/include/linux/init_task.h
67		-+++ linux-3.0.50/include/linux/init_task.h
	66	+--- linux-3.0.51.orig/include/linux/init_task.h
	67	++++ linux-3.0.51/include/linux/init_task.h
68	68	@@ -142,6 +142,14 @@ extern struct task_group root_task_group
69	69	# define INIT_PERF_EVENTS(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.0.50.orig/include/linux/sched.h
92		-+++ linux-3.0.50/include/linux/sched.h
	91	+--- linux-3.0.51.orig/include/linux/sched.h
	92	++++ linux-3.0.51/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.0.50.orig/include/linux/security.h
114		-+++ linux-3.0.50/include/linux/security.h
	113	+--- linux-3.0.51.orig/include/linux/security.h
	114	++++ linux-3.0.51/include/linux/security.h
115	115	@@ -37,6 +37,7 @@
116	116	#include <linux/xfrm.h>
117	117	#include <linux/slab.h>

		@@ -310,8 +310,8 @@
310	310	}
311	311	#endif /* CONFIG_SECURITY_PATH */
312	312
313		---- linux-3.0.50.orig/include/net/ip.h
314		-+++ linux-3.0.50/include/net/ip.h
	313	+--- linux-3.0.51.orig/include/net/ip.h
	314	++++ linux-3.0.51/include/net/ip.h
315	315	@@ -216,6 +216,8 @@ extern void inet_get_local_port_range(in
316	316	extern unsigned long *sysctl_local_reserved_ports;
317	317	static inline int inet_is_reserved_local_port(int port)

		@@ -321,8 +321,8 @@
321	321	return test_bit(port, sysctl_local_reserved_ports);
322	322	}
323	323
324		---- linux-3.0.50.orig/kernel/fork.c
325		-+++ linux-3.0.50/kernel/fork.c
	324	+--- linux-3.0.51.orig/kernel/fork.c
	325	++++ linux-3.0.51/kernel/fork.c
326	326	@@ -197,6 +197,7 @@ void __put_task_struct(struct task_struc
327	327	delayacct_tsk_free(tsk);
328	328	put_signal_struct(tsk->signal);

		@@ -349,8 +349,8 @@
349	349	bad_fork_cleanup_policy:
350	350	perf_event_free_task(p);
351	351	#ifdef CONFIG_NUMA
352		---- linux-3.0.50.orig/kernel/kexec.c
353		-+++ linux-3.0.50/kernel/kexec.c
	352	+--- linux-3.0.51.orig/kernel/kexec.c
	353	++++ linux-3.0.51/kernel/kexec.c
354	354	@@ -40,6 +40,7 @@
355	355	#include <asm/io.h>
356	356	#include <asm/system.h>

		@@ -368,8 +368,8 @@
368	368
369	369	/*
370	370	* Verify we have a legal set of flags
371		---- linux-3.0.50.orig/kernel/module.c
372		-+++ linux-3.0.50/kernel/module.c
	371	+--- linux-3.0.51.orig/kernel/module.c
	372	++++ linux-3.0.51/kernel/module.c
373	373	@@ -58,6 +58,7 @@
374	374	#include <linux/jump_label.h>
375	375	#include <linux/pfn.h>

		@@ -396,8 +396,8 @@
396	396
397	397	/* Do all the hard work */
398	398	mod = load_module(umod, len, uargs);
399		---- linux-3.0.50.orig/kernel/ptrace.c
400		-+++ linux-3.0.50/kernel/ptrace.c
	399	+--- linux-3.0.51.orig/kernel/ptrace.c
	400	++++ linux-3.0.51/kernel/ptrace.c
401	401	@@ -747,6 +747,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402	402	{
403	403	struct task_struct *child;

		@@ -422,8 +422,8 @@
422	422
423	423	if (request == PTRACE_TRACEME) {
424	424	ret = ptrace_traceme();
425		---- linux-3.0.50.orig/kernel/sched.c
426		-+++ linux-3.0.50/kernel/sched.c
	425	+--- linux-3.0.51.orig/kernel/sched.c
	426	++++ linux-3.0.51/kernel/sched.c
427	427	@@ -4932,6 +4932,8 @@ int can_nice(const struct task_struct *p
428	428	SYSCALL_DEFINE1(nice, int, increment)
429	429	{

		@@ -433,8 +433,8 @@
433	433
434	434	/*
435	435	* Setpriority might change our priority at the same moment.
436		---- linux-3.0.50.orig/kernel/signal.c
437		-+++ linux-3.0.50/kernel/signal.c
	436	+--- linux-3.0.51.orig/kernel/signal.c
	437	++++ linux-3.0.51/kernel/signal.c
438	438	@@ -2620,6 +2620,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
439	439	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
440	440	{

		@@ -480,8 +480,8 @@
480	480
481	481	return do_send_specific(tgid, pid, sig, info);
482	482	}
483		---- linux-3.0.50.orig/kernel/sys.c
484		-+++ linux-3.0.50/kernel/sys.c
	483	+--- linux-3.0.51.orig/kernel/sys.c
	484	++++ linux-3.0.51/kernel/sys.c
485	485	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
486	486
487	487	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -520,8 +520,8 @@
520	520
521	521	down_write(&uts_sem);
522	522	errno = -EFAULT;
523		---- linux-3.0.50.orig/kernel/time/ntp.c
524		-+++ linux-3.0.50/kernel/time/ntp.c
	523	+--- linux-3.0.51.orig/kernel/time/ntp.c
	524	++++ linux-3.0.51/kernel/time/ntp.c
525	525	@@ -15,6 +15,7 @@
526	526	#include <linux/time.h>
527	527	#include <linux/mm.h>

		@@ -555,8 +555,8 @@
555	555	if (!(txc->modes & ADJ_NANO))
556	556	delta.tv_nsec *= 1000;
557	557	result = timekeeping_inject_offset(&delta);
558		---- linux-3.0.50.orig/net/ipv4/raw.c
559		-+++ linux-3.0.50/net/ipv4/raw.c
	558	+--- linux-3.0.51.orig/net/ipv4/raw.c
	559	++++ linux-3.0.51/net/ipv4/raw.c
560	560	@@ -695,6 +695,10 @@ static int raw_recvmsg(struct kiocb *ioc
561	561	skb = skb_recv_datagram(sk, flags, noblock, &err);
562	562	if (!skb)

		@@ -568,8 +568,8 @@
568	568
569	569	copied = skb->len;
570	570	if (len < copied) {
571		---- linux-3.0.50.orig/net/ipv4/udp.c
572		-+++ linux-3.0.50/net/ipv4/udp.c
	571	+--- linux-3.0.51.orig/net/ipv4/udp.c
	572	++++ linux-3.0.51/net/ipv4/udp.c
573	573	@@ -1183,6 +1183,10 @@ try_again:
574	574	&peeked, &err);
575	575	if (!skb)

		@@ -581,8 +581,8 @@
581	581
582	582	ulen = skb->len - sizeof(struct udphdr);
583	583	if (len > ulen)
584		---- linux-3.0.50.orig/net/ipv6/raw.c
585		-+++ linux-3.0.50/net/ipv6/raw.c
	584	+--- linux-3.0.51.orig/net/ipv6/raw.c
	585	++++ linux-3.0.51/net/ipv6/raw.c
586	586	@@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
587	587	skb = skb_recv_datagram(sk, flags, noblock, &err);
588	588	if (!skb)

		@@ -594,8 +594,8 @@
594	594
595	595	copied = skb->len;
596	596	if (copied > len) {
597		---- linux-3.0.50.orig/net/ipv6/udp.c
598		-+++ linux-3.0.50/net/ipv6/udp.c
	597	+--- linux-3.0.51.orig/net/ipv6/udp.c
	598	++++ linux-3.0.51/net/ipv6/udp.c
599	599	@@ -361,6 +361,10 @@ try_again:
600	600	&peeked, &err);
601	601	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len - sizeof(struct udphdr);
609	609	if (len > ulen)
610		---- linux-3.0.50.orig/net/socket.c
611		-+++ linux-3.0.50/net/socket.c
	610	+--- linux-3.0.51.orig/net/socket.c
	611	++++ linux-3.0.51/net/socket.c
612	612	@@ -1530,6 +1530,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
613	613	if (err < 0)
614	614	goto out_fd;

		@@ -620,8 +620,8 @@
620	620	if (upeer_sockaddr) {
621	621	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
622	622	&len, 2) < 0) {
623		---- linux-3.0.50.orig/net/unix/af_unix.c
624		-+++ linux-3.0.50/net/unix/af_unix.c
	623	+--- linux-3.0.51.orig/net/unix/af_unix.c
	624	++++ linux-3.0.51/net/unix/af_unix.c
625	625	@@ -1762,6 +1762,10 @@ static int unix_dgram_recvmsg(struct kio
626	626	wake_up_interruptible_sync_poll(&u->peer_wait,
627	627	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -633,8 +633,8 @@
633	633	if (msg->msg_name)
634	634	unix_copy_addr(msg, skb->sk);
635	635
636		---- linux-3.0.50.orig/security/Kconfig
637		-+++ linux-3.0.50/security/Kconfig
	636	+--- linux-3.0.51.orig/security/Kconfig
	637	++++ linux-3.0.51/security/Kconfig
638	638	@@ -225,5 +225,7 @@ config DEFAULT_SECURITY
639	639	default "apparmor" if DEFAULT_SECURITY_APPARMOR
640	640	default "" if DEFAULT_SECURITY_DAC

		@@ -643,8 +643,8 @@
643	643	+
644	644	endmenu
645	645
646		---- linux-3.0.50.orig/security/Makefile
647		-+++ linux-3.0.50/security/Makefile
	646	+--- linux-3.0.51.orig/security/Makefile
	647	++++ linux-3.0.51/security/Makefile
648	648	@@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
649	649	# Object integrity file lists
650	650	subdir-$(CONFIG_IMA) += integrity/ima

		@@ -652,8 +652,8 @@
652	652	+
653	653	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
654	654	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
655		---- linux-3.0.50.orig/security/security.c
656		-+++ linux-3.0.50/security/security.c
	655	+--- linux-3.0.51.orig/security/security.c
	656	++++ linux-3.0.51/security/security.c
657	657	@@ -202,7 +202,10 @@ int security_syslog(int type)
658	658
659	659	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.4.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.4.diff (revision 68)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 3.4.17.
	1	+This is TOMOYO Linux patch for kernel 3.4.18.
2	2
3		-Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.4.17.tar.bz2
	3	+Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.4.18.tar.bz2
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 250 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.4.17.orig/fs/exec.c
32		-+++ linux-3.4.17/fs/exec.c
	31	+--- linux-3.4.18.orig/fs/exec.c
	32	++++ linux-3.4.18/fs/exec.c
33	33	@@ -1542,7 +1542,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.4.17.orig/fs/open.c
43		-+++ linux-3.4.17/fs/open.c
	42	+--- linux-3.4.18.orig/fs/open.c
	43	++++ linux-3.4.18/fs/open.c
44	44	@@ -1107,6 +1107,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.4.17.orig/fs/proc/version.c
54		-+++ linux-3.4.17/fs/proc/version.c
	53	+--- linux-3.4.18.orig/fs/proc/version.c
	54	++++ linux-3.4.18/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.4.17 2012/11/01\n");
	62	++ printk(KERN_INFO "Hook version: 3.4.18 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.4.17.orig/include/linux/init_task.h
67		-+++ linux-3.4.17/include/linux/init_task.h
	66	+--- linux-3.4.18.orig/include/linux/init_task.h
	67	++++ linux-3.4.18/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.4.17.orig/include/linux/sched.h
92		-+++ linux-3.4.17/include/linux/sched.h
	91	+--- linux-3.4.18.orig/include/linux/sched.h
	92	++++ linux-3.4.18/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.4.17.orig/include/linux/security.h
114		-+++ linux-3.4.17/include/linux/security.h
	113	+--- linux-3.4.18.orig/include/linux/security.h
	114	++++ linux-3.4.18/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.4.17.orig/include/net/ip.h
317		-+++ linux-3.4.17/include/net/ip.h
	316	+--- linux-3.4.18.orig/include/net/ip.h
	317	++++ linux-3.4.18/include/net/ip.h
318	318	@@ -217,6 +217,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.4.17.orig/kernel/fork.c
328		-+++ linux-3.4.17/kernel/fork.c
	327	+--- linux-3.4.18.orig/kernel/fork.c
	328	++++ linux-3.4.18/kernel/fork.c
329	329	@@ -199,6 +199,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.4.17.orig/kernel/kexec.c
356		-+++ linux-3.4.17/kernel/kexec.c
	355	+--- linux-3.4.18.orig/kernel/kexec.c
	356	++++ linux-3.4.18/kernel/kexec.c
357	357	@@ -38,6 +38,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/*
373	373	* Verify we have a legal set of flags
374		---- linux-3.4.17.orig/kernel/module.c
375		-+++ linux-3.4.17/kernel/module.c
	374	+--- linux-3.4.18.orig/kernel/module.c
	375	++++ linux-3.4.18/kernel/module.c
376	376	@@ -58,6 +58,7 @@
377	377	#include <linux/jump_label.h>
378	378	#include <linux/pfn.h>

		@@ -399,8 +399,8 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.4.17.orig/kernel/ptrace.c
403		-+++ linux-3.4.17/kernel/ptrace.c
	402	+--- linux-3.4.18.orig/kernel/ptrace.c
	403	++++ linux-3.4.18/kernel/ptrace.c
404	404	@@ -860,6 +860,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.4.17.orig/kernel/sched/core.c
429		-+++ linux-3.4.17/kernel/sched/core.c
	428	+--- linux-3.4.18.orig/kernel/sched/core.c
	429	++++ linux-3.4.18/kernel/sched/core.c
430	430	@@ -4060,6 +4060,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.4.17.orig/kernel/signal.c
440		-+++ linux-3.4.17/kernel/signal.c
	439	+--- linux-3.4.18.orig/kernel/signal.c
	440	++++ linux-3.4.18/kernel/signal.c
441	441	@@ -2823,6 +2823,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.4.17.orig/kernel/sys.c
487		-+++ linux-3.4.17/kernel/sys.c
	486	+--- linux-3.4.18.orig/kernel/sys.c
	487	++++ linux-3.4.18/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.4.17.orig/kernel/time/ntp.c
527		-+++ linux-3.4.17/kernel/time/ntp.c
	526	+--- linux-3.4.18.orig/kernel/time/ntp.c
	527	++++ linux-3.4.18/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,8 +558,8 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.4.17.orig/net/ipv4/raw.c
562		-+++ linux-3.4.17/net/ipv4/raw.c
	561	+--- linux-3.4.18.orig/net/ipv4/raw.c
	562	++++ linux-3.4.18/net/ipv4/raw.c
563	563	@@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.4.17.orig/net/ipv4/udp.c
575		-+++ linux-3.4.17/net/ipv4/udp.c
	574	+--- linux-3.4.18.orig/net/ipv4/udp.c
	575	++++ linux-3.4.18/net/ipv4/udp.c
576	576	@@ -1187,6 +1187,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.4.17.orig/net/ipv6/raw.c
588		-+++ linux-3.4.17/net/ipv6/raw.c
	587	+--- linux-3.4.18.orig/net/ipv6/raw.c
	588	++++ linux-3.4.18/net/ipv6/raw.c
589	589	@@ -469,6 +469,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.4.17.orig/net/ipv6/udp.c
601		-+++ linux-3.4.17/net/ipv6/udp.c
	600	+--- linux-3.4.18.orig/net/ipv6/udp.c
	601	++++ linux-3.4.18/net/ipv6/udp.c
602	602	@@ -362,6 +362,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.4.17.orig/net/socket.c
614		-+++ linux-3.4.17/net/socket.c
	613	+--- linux-3.4.18.orig/net/socket.c
	614	++++ linux-3.4.18/net/socket.c
615	615	@@ -1553,6 +1553,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.4.17.orig/net/unix/af_unix.c
627		-+++ linux-3.4.17/net/unix/af_unix.c
	626	+--- linux-3.4.18.orig/net/unix/af_unix.c
	627	++++ linux-3.4.18/net/unix/af_unix.c
628	628	@@ -1794,6 +1794,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.4.17.orig/security/Kconfig
640		-+++ linux-3.4.17/security/Kconfig
	639	+--- linux-3.4.18.orig/security/Kconfig
	640	++++ linux-3.4.18/security/Kconfig
641	641	@@ -233,5 +233,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.4.17.orig/security/Makefile
650		-+++ linux-3.4.17/security/Makefile
	649	+--- linux-3.4.18.orig/security/Makefile
	650	++++ linux-3.4.18/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.4.17.orig/security/security.c
659		-+++ linux-3.4.17/security/security.c
	658	+--- linux-3.4.18.orig/security/security.c
	659	++++ linux-3.4.18/security/security.c
660	660	@@ -186,7 +186,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.6.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.6.diff (revision 68)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 3.6.5.
	1	+This is TOMOYO Linux patch for kernel 3.6.6.
2	2
3		-Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.5.tar.bz2
	3	+Source code for this patch is http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.6.tar.bz2
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 250 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.6.5.orig/fs/exec.c
32		-+++ linux-3.6.5/fs/exec.c
	31	+--- linux-3.6.6.orig/fs/exec.c
	32	++++ linux-3.6.6/fs/exec.c
33	33	@@ -1551,7 +1551,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.6.5.orig/fs/open.c
43		-+++ linux-3.6.5/fs/open.c
	42	+--- linux-3.6.6.orig/fs/open.c
	43	++++ linux-3.6.6/fs/open.c
44	44	@@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.6.5.orig/fs/proc/version.c
54		-+++ linux-3.6.5/fs/proc/version.c
	53	+--- linux-3.6.6.orig/fs/proc/version.c
	54	++++ linux-3.6.6/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.6.5 2012/11/01\n");
	62	++ printk(KERN_INFO "Hook version: 3.6.6 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.6.5.orig/include/linux/init_task.h
67		-+++ linux-3.6.5/include/linux/init_task.h
	66	+--- linux-3.6.6.orig/include/linux/init_task.h
	67	++++ linux-3.6.6/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.6.5.orig/include/linux/sched.h
92		-+++ linux-3.6.5/include/linux/sched.h
	91	+--- linux-3.6.6.orig/include/linux/sched.h
	92	++++ linux-3.6.6/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.6.5.orig/include/linux/security.h
114		-+++ linux-3.6.5/include/linux/security.h
	113	+--- linux-3.6.6.orig/include/linux/security.h
	114	++++ linux-3.6.6/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.6.5.orig/include/net/ip.h
317		-+++ linux-3.6.5/include/net/ip.h
	316	+--- linux-3.6.6.orig/include/net/ip.h
	317	++++ linux-3.6.6/include/net/ip.h
318	318	@@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.6.5.orig/kernel/fork.c
328		-+++ linux-3.6.5/kernel/fork.c
	327	+--- linux-3.6.6.orig/kernel/fork.c
	328	++++ linux-3.6.6/kernel/fork.c
329	329	@@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.6.5.orig/kernel/kexec.c
356		-+++ linux-3.6.5/kernel/kexec.c
	355	+--- linux-3.6.6.orig/kernel/kexec.c
	356	++++ linux-3.6.6/kernel/kexec.c
357	357	@@ -38,6 +38,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/*
373	373	* Verify we have a legal set of flags
374		---- linux-3.6.5.orig/kernel/module.c
375		-+++ linux-3.6.5/kernel/module.c
	374	+--- linux-3.6.6.orig/kernel/module.c
	375	++++ linux-3.6.6/kernel/module.c
376	376	@@ -58,6 +58,7 @@
377	377	#include <linux/jump_label.h>
378	378	#include <linux/pfn.h>

		@@ -399,8 +399,8 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.6.5.orig/kernel/ptrace.c
403		-+++ linux-3.6.5/kernel/ptrace.c
	402	+--- linux-3.6.6.orig/kernel/ptrace.c
	403	++++ linux-3.6.6/kernel/ptrace.c
404	404	@@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.6.5.orig/kernel/sched/core.c
429		-+++ linux-3.6.5/kernel/sched/core.c
	428	+--- linux-3.6.6.orig/kernel/sched/core.c
	429	++++ linux-3.6.6/kernel/sched/core.c
430	430	@@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.6.5.orig/kernel/signal.c
440		-+++ linux-3.6.5/kernel/signal.c
	439	+--- linux-3.6.6.orig/kernel/signal.c
	440	++++ linux-3.6.6/kernel/signal.c
441	441	@@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.6.5.orig/kernel/sys.c
487		-+++ linux-3.6.5/kernel/sys.c
	486	+--- linux-3.6.6.orig/kernel/sys.c
	487	++++ linux-3.6.6/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.6.5.orig/kernel/time/ntp.c
527		-+++ linux-3.6.5/kernel/time/ntp.c
	526	+--- linux-3.6.6.orig/kernel/time/ntp.c
	527	++++ linux-3.6.6/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,8 +558,8 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.6.5.orig/net/ipv4/raw.c
562		-+++ linux-3.6.5/net/ipv4/raw.c
	561	+--- linux-3.6.6.orig/net/ipv4/raw.c
	562	++++ linux-3.6.6/net/ipv4/raw.c
563	563	@@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.6.5.orig/net/ipv4/udp.c
575		-+++ linux-3.6.5/net/ipv4/udp.c
	574	+--- linux-3.6.6.orig/net/ipv4/udp.c
	575	++++ linux-3.6.6/net/ipv4/udp.c
576	576	@@ -1193,6 +1193,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.6.5.orig/net/ipv6/raw.c
588		-+++ linux-3.6.5/net/ipv6/raw.c
	587	+--- linux-3.6.6.orig/net/ipv6/raw.c
	588	++++ linux-3.6.6/net/ipv6/raw.c
589	589	@@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.6.5.orig/net/ipv6/udp.c
601		-+++ linux-3.6.5/net/ipv6/udp.c
	600	+--- linux-3.6.6.orig/net/ipv6/udp.c
	601	++++ linux-3.6.6/net/ipv6/udp.c
602	602	@@ -363,6 +363,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.6.5.orig/net/socket.c
614		-+++ linux-3.6.5/net/socket.c
	613	+--- linux-3.6.6.orig/net/socket.c
	614	++++ linux-3.6.6/net/socket.c
615	615	@@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.6.5.orig/net/unix/af_unix.c
627		-+++ linux-3.6.5/net/unix/af_unix.c
	626	+--- linux-3.6.6.orig/net/unix/af_unix.c
	627	++++ linux-3.6.6/net/unix/af_unix.c
628	628	@@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.6.5.orig/security/Kconfig
640		-+++ linux-3.6.5/security/Kconfig
	639	+--- linux-3.6.6.orig/security/Kconfig
	640	++++ linux-3.6.6/security/Kconfig
641	641	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.6.5.orig/security/Makefile
650		-+++ linux-3.6.5/security/Makefile
	649	+--- linux-3.6.6.orig/security/Makefile
	650	++++ linux-3.6.6/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.6.5.orig/security/security.c
659		-+++ linux-3.6.5/security/security.c
	658	+--- linux-3.6.6.orig/security/security.c
	659	++++ linux-3.6.6/security/security.c
660	660	@@ -190,7 +190,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.5-ubuntu-12.10.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.5-ubuntu-12.10.diff (revision 68)

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 129 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 246 insertions(+), 48 deletions(-)
30	30
31		---- linux-3.5.0-17.28.orig/fs/exec.c
32		-+++ linux-3.5.0-17.28/fs/exec.c
	31	+--- linux-3.5.0-18.29.orig/fs/exec.c
	32	++++ linux-3.5.0-18.29/fs/exec.c
33	33	@@ -1554,7 +1554,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.5.0-17.28.orig/fs/open.c
43		-+++ linux-3.5.0-17.28/fs/open.c
	42	+--- linux-3.5.0-18.29.orig/fs/open.c
	43	++++ linux-3.5.0-18.29/fs/open.c
44	44	@@ -1176,6 +1176,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.5.0-17.28.orig/fs/proc/version.c
54		-+++ linux-3.5.0-17.28/fs/proc/version.c
	53	+--- linux-3.5.0-18.29.orig/fs/proc/version.c
	54	++++ linux-3.5.0-18.29/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.5.0-17.28 2012/10/13\n");
	62	++ printk(KERN_INFO "Hook version: 3.5.0-18.29 2012/11/08\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.5.0-17.28.orig/include/linux/init_task.h
67		-+++ linux-3.5.0-17.28/include/linux/init_task.h
	66	+--- linux-3.5.0-18.29.orig/include/linux/init_task.h
	67	++++ linux-3.5.0-18.29/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.5.0-17.28.orig/include/linux/sched.h
92		-+++ linux-3.5.0-17.28/include/linux/sched.h
	91	+--- linux-3.5.0-18.29.orig/include/linux/sched.h
	92	++++ linux-3.5.0-18.29/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.5.0-17.28.orig/include/linux/security.h
114		-+++ linux-3.5.0-17.28/include/linux/security.h
	113	+--- linux-3.5.0-18.29.orig/include/linux/security.h
	114	++++ linux-3.5.0-18.29/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.5.0-17.28.orig/include/net/ip.h
317		-+++ linux-3.5.0-17.28/include/net/ip.h
	316	+--- linux-3.5.0-18.29.orig/include/net/ip.h
	317	++++ linux-3.5.0-18.29/include/net/ip.h
318	318	@@ -200,6 +200,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.5.0-17.28.orig/kernel/fork.c
328		-+++ linux-3.5.0-17.28/kernel/fork.c
	327	+--- linux-3.5.0-18.29.orig/kernel/fork.c
	328	++++ linux-3.5.0-18.29/kernel/fork.c
329	329	@@ -237,6 +237,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.5.0-17.28.orig/kernel/kexec.c
356		-+++ linux-3.5.0-17.28/kernel/kexec.c
	355	+--- linux-3.5.0-18.29.orig/kernel/kexec.c
	356	++++ linux-3.5.0-18.29/kernel/kexec.c
357	357	@@ -38,6 +38,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/* Processes in containers must not be allowed to load a new
373	373	* kernel, even if they have CAP_SYS_BOOT */
374		---- linux-3.5.0-17.28.orig/kernel/module.c
375		-+++ linux-3.5.0-17.28/kernel/module.c
	374	+--- linux-3.5.0-18.29.orig/kernel/module.c
	375	++++ linux-3.5.0-18.29/kernel/module.c
376	376	@@ -58,6 +58,7 @@
377	377	#include <linux/jump_label.h>
378	378	#include <linux/pfn.h>

		@@ -399,8 +399,8 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.5.0-17.28.orig/kernel/ptrace.c
403		-+++ linux-3.5.0-17.28/kernel/ptrace.c
	402	+--- linux-3.5.0-18.29.orig/kernel/ptrace.c
	403	++++ linux-3.5.0-18.29/kernel/ptrace.c
404	404	@@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.5.0-17.28.orig/kernel/sched/core.c
429		-+++ linux-3.5.0-17.28/kernel/sched/core.c
	428	+--- linux-3.5.0-18.29.orig/kernel/sched/core.c
	429	++++ linux-3.5.0-18.29/kernel/sched/core.c
430	430	@@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.5.0-17.28.orig/kernel/signal.c
440		-+++ linux-3.5.0-17.28/kernel/signal.c
	439	+--- linux-3.5.0-18.29.orig/kernel/signal.c
	440	++++ linux-3.5.0-18.29/kernel/signal.c
441	441	@@ -2841,6 +2841,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.5.0-17.28.orig/kernel/sys.c
487		-+++ linux-3.5.0-17.28/kernel/sys.c
	486	+--- linux-3.5.0-18.29.orig/kernel/sys.c
	487	++++ linux-3.5.0-18.29/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -496,7 +496,7 @@
496	496
497	497	/* normalize: avoid signed division (rounding problems) */
498	498	error = -ESRCH;
499		-@@ -446,6 +450,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
	499	+@@ -447,6 +451,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
500	500	magic2 != LINUX_REBOOT_MAGIC2B &&
501	501	magic2 != LINUX_REBOOT_MAGIC2C))
502	502	return -EINVAL;

		@@ -505,7 +505,7 @@
505	505
506	506	/*
507	507	* If pid namespaces are enabled and the current task is in a child
508		-@@ -1372,6 +1378,8 @@ SYSCALL_DEFINE2(sethostname, char __user
	508	+@@ -1373,6 +1379,8 @@ SYSCALL_DEFINE2(sethostname, char __user
509	509
510	510	if (len < 0 \|\| len > __NEW_UTS_LEN)
511	511	return -EINVAL;

		@@ -514,7 +514,7 @@
514	514	down_write(&uts_sem);
515	515	errno = -EFAULT;
516	516	if (!copy_from_user(tmp, name, len)) {
517		-@@ -1422,6 +1430,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
	517	+@@ -1423,6 +1431,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
518	518	return -EPERM;
519	519	if (len < 0 \|\| len > __NEW_UTS_LEN)
520	520	return -EINVAL;

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.5.0-17.28.orig/kernel/time/ntp.c
527		-+++ linux-3.5.0-17.28/kernel/time/ntp.c
	526	+--- linux-3.5.0-18.29.orig/kernel/time/ntp.c
	527	++++ linux-3.5.0-18.29/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,9 +558,9 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.5.0-17.28.orig/net/ipv4/raw.c
562		-+++ linux-3.5.0-17.28/net/ipv4/raw.c
563		-@@ -697,6 +697,10 @@ static int raw_recvmsg(struct kiocb *ioc
	561	+--- linux-3.5.0-18.29.orig/net/ipv4/raw.c
	562	++++ linux-3.5.0-18.29/net/ipv4/raw.c
	563	+@@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)
566	566	goto out;

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.5.0-17.28.orig/net/ipv4/udp.c
575		-+++ linux-3.5.0-17.28/net/ipv4/udp.c
	574	+--- linux-3.5.0-18.29.orig/net/ipv4/udp.c
	575	++++ linux-3.5.0-18.29/net/ipv4/udp.c
576	576	@@ -1188,6 +1188,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,9 +584,9 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.5.0-17.28.orig/net/ipv6/raw.c
588		-+++ linux-3.5.0-17.28/net/ipv6/raw.c
589		-@@ -470,6 +470,10 @@ static int rawv6_recvmsg(struct kiocb *i
	587	+--- linux-3.5.0-18.29.orig/net/ipv6/raw.c
	588	++++ linux-3.5.0-18.29/net/ipv6/raw.c
	589	+@@ -469,6 +469,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)
592	592	goto out;

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.5.0-17.28.orig/net/ipv6/udp.c
601		-+++ linux-3.5.0-17.28/net/ipv6/udp.c
	600	+--- linux-3.5.0-18.29.orig/net/ipv6/udp.c
	601	++++ linux-3.5.0-18.29/net/ipv6/udp.c
602	602	@@ -362,6 +362,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.5.0-17.28.orig/net/socket.c
614		-+++ linux-3.5.0-17.28/net/socket.c
	613	+--- linux-3.5.0-18.29.orig/net/socket.c
	614	++++ linux-3.5.0-18.29/net/socket.c
615	615	@@ -1552,6 +1552,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.5.0-17.28.orig/net/unix/af_unix.c
627		-+++ linux-3.5.0-17.28/net/unix/af_unix.c
	626	+--- linux-3.5.0-18.29.orig/net/unix/af_unix.c
	627	++++ linux-3.5.0-18.29/net/unix/af_unix.c
628	628	@@ -1804,6 +1804,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.5.0-17.28.orig/security/Kconfig
640		-+++ linux-3.5.0-17.28/security/Kconfig
	639	+--- linux-3.5.0-18.29.orig/security/Kconfig
	640	++++ linux-3.5.0-18.29/security/Kconfig
641	641	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.5.0-17.28.orig/security/Makefile
650		-+++ linux-3.5.0-17.28/security/Makefile
	649	+--- linux-3.5.0-18.29.orig/security/Makefile
	650	++++ linux-3.5.0-18.29/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.5.0-17.28.orig/security/security.c
659		-+++ linux-3.5.0-17.28/security/security.c
	658	+--- linux-3.5.0-18.29.orig/security/security.c
	659	++++ linux-3.5.0-18.29/security/security.c
660	660	@@ -198,7 +198,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.3.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.3.diff (revision 68)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for CentOS 6.3.
2	2
3		-Source code for this patch is http://vault.centos.org/6.3/updates/Source/SPackages/kernel-279.11.1.el6.src.rpm
	3	+Source code for this patch is http://vault.centos.org/6.3/updates/Source/SPackages/kernel-2.6.32-279.14.1.el6.src.rpm
4	4	---
5	5	fs/compat.c \| 2 +-
6	6	fs/compat_ioctl.c \| 3 +++

		@@ -37,8 +37,8 @@
37	37	security/Makefile \| 3 +++
38	38	33 files changed, 205 insertions(+), 2 deletions(-)
39	39
40		---- linux-2.6.32-279.11.1.el6.orig/fs/compat.c
41		-+++ linux-2.6.32-279.11.1.el6/fs/compat.c
	40	+--- linux-2.6.32-279.14.1.el6.orig/fs/compat.c
	41	++++ linux-2.6.32-279.14.1.el6/fs/compat.c
42	42	@@ -1550,7 +1550,7 @@ int compat_do_execve(char * filename,
43	43	if (retval < 0)
44	44	goto out;

		@@ -48,8 +48,8 @@
48	48	if (retval < 0)
49	49	goto out;
50	50
51		---- linux-2.6.32-279.11.1.el6.orig/fs/compat_ioctl.c
52		-+++ linux-2.6.32-279.11.1.el6/fs/compat_ioctl.c
	51	+--- linux-2.6.32-279.14.1.el6.orig/fs/compat_ioctl.c
	52	++++ linux-2.6.32-279.14.1.el6/fs/compat_ioctl.c
53	53	@@ -114,6 +114,7 @@
54	54	#ifdef CONFIG_SPARC
55	55	#include <asm/fbio.h>

		@@ -67,8 +67,8 @@
67	67	if (error)
68	68	goto out_fput;
69	69
70		---- linux-2.6.32-279.11.1.el6.orig/fs/exec.c
71		-+++ linux-2.6.32-279.11.1.el6/fs/exec.c
	70	+--- linux-2.6.32-279.14.1.el6.orig/fs/exec.c
	71	++++ linux-2.6.32-279.14.1.el6/fs/exec.c
72	72	@@ -1435,7 +1435,7 @@ int do_execve(char * filename,
73	73	goto out;
74	74

		@@ -78,8 +78,8 @@
78	78	if (retval < 0)
79	79	goto out;
80	80
81		---- linux-2.6.32-279.11.1.el6.orig/fs/fcntl.c
82		-+++ linux-2.6.32-279.11.1.el6/fs/fcntl.c
	81	+--- linux-2.6.32-279.14.1.el6.orig/fs/fcntl.c
	82	++++ linux-2.6.32-279.14.1.el6/fs/fcntl.c
83	83	@@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
84	84	goto out;
85	85

		@@ -98,8 +98,8 @@
98	98	if (err) {
99	99	fput(filp);
100	100	return err;
101		---- linux-2.6.32-279.11.1.el6.orig/fs/ioctl.c
102		-+++ linux-2.6.32-279.11.1.el6/fs/ioctl.c
	101	+--- linux-2.6.32-279.14.1.el6.orig/fs/ioctl.c
	102	++++ linux-2.6.32-279.14.1.el6/fs/ioctl.c
103	103	@@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
104	104	goto out;
105	105

		@@ -109,8 +109,8 @@
109	109	if (error)
110	110	goto out_fput;
111	111
112		---- linux-2.6.32-279.11.1.el6.orig/fs/namei.c
113		-+++ linux-2.6.32-279.11.1.el6/fs/namei.c
	112	+--- linux-2.6.32-279.14.1.el6.orig/fs/namei.c
	113	++++ linux-2.6.32-279.14.1.el6/fs/namei.c
114	114	@@ -1741,6 +1741,11 @@ int may_open(struct path *path, int acc_
115	115	if (flag & O_NOATIME && !is_owner_or_cap(inode))
116	116	return -EPERM;

		@@ -198,8 +198,8 @@
198	198	if (error)
199	199	goto exit6;
200	200	error = vfs_rename(old_dir->d_inode, old_dentry,
201		---- linux-2.6.32-279.11.1.el6.orig/fs/namespace.c
202		-+++ linux-2.6.32-279.11.1.el6/fs/namespace.c
	201	+--- linux-2.6.32-279.14.1.el6.orig/fs/namespace.c
	202	++++ linux-2.6.32-279.14.1.el6/fs/namespace.c
203	203	@@ -1053,6 +1053,8 @@ static int do_umount(struct vfsmount *mn
204	204	LIST_HEAD(umount_list);
205	205

		@@ -236,8 +236,8 @@
236	236	if (error) {
237	237	path_put(&old);
238	238	goto out1;
239		---- linux-2.6.32-279.11.1.el6.orig/fs/open.c
240		-+++ linux-2.6.32-279.11.1.el6/fs/open.c
	239	+--- linux-2.6.32-279.14.1.el6.orig/fs/open.c
	240	++++ linux-2.6.32-279.14.1.el6/fs/open.c
241	241	@@ -113,6 +113,8 @@ static long do_sys_truncate(const char _
242	242	error = locks_verify_truncate(inode, NULL, length);
243	243	if (!error)

		@@ -346,8 +346,8 @@
346	346	if (capable(CAP_SYS_TTY_CONFIG)) {
347	347	tty_vhangup_self();
348	348	return 0;
349		---- linux-2.6.32-279.11.1.el6.orig/fs/proc/version.c
350		-+++ linux-2.6.32-279.11.1.el6/fs/proc/version.c
	349	+--- linux-2.6.32-279.14.1.el6.orig/fs/proc/version.c
	350	++++ linux-2.6.32-279.14.1.el6/fs/proc/version.c
351	351	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
352	352	return 0;
353	353	}

		@@ -355,12 +355,12 @@
355	355	+
356	356	+static int __init ccs_show_version(void)
357	357	+{
358		-+ printk(KERN_INFO "Hook version: 2.6.32-279.11.1.el6 2012/10/17\n");
	358	++ printk(KERN_INFO "Hook version: 2.6.32-279.14.1.el6 2012/11/08\n");
359	359	+ return 0;
360	360	+}
361	361	+module_init(ccs_show_version);
362		---- linux-2.6.32-279.11.1.el6.orig/fs/stat.c
363		-+++ linux-2.6.32-279.11.1.el6/fs/stat.c
	362	+--- linux-2.6.32-279.14.1.el6.orig/fs/stat.c
	363	++++ linux-2.6.32-279.14.1.el6/fs/stat.c
364	364	@@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st
365	365	int retval;
366	366

		@@ -370,8 +370,8 @@
370	370	if (retval)
371	371	return retval;
372	372
373		---- linux-2.6.32-279.11.1.el6.orig/include/linux/init_task.h
374		-+++ linux-2.6.32-279.11.1.el6/include/linux/init_task.h
	373	+--- linux-2.6.32-279.14.1.el6.orig/include/linux/init_task.h
	374	++++ linux-2.6.32-279.14.1.el6/include/linux/init_task.h
375	375	@@ -115,6 +115,14 @@ extern struct cred init_cred;
376	376	# define INIT_PERF_EVENTS(tsk)
377	377	#endif

		@@ -395,8 +395,8 @@
395	395	}
396	396
397	397
398		---- linux-2.6.32-279.11.1.el6.orig/include/linux/sched.h
399		-+++ linux-2.6.32-279.11.1.el6/include/linux/sched.h
	398	+--- linux-2.6.32-279.14.1.el6.orig/include/linux/sched.h
	399	++++ linux-2.6.32-279.14.1.el6/include/linux/sched.h
400	400	@@ -43,6 +43,8 @@
401	401
402	402	#ifdef __KERNEL__

		@@ -417,8 +417,8 @@
417	417	};
418	418
419	419	/* Future-safe accessor for struct task_struct's cpus_allowed. */
420		---- linux-2.6.32-279.11.1.el6.orig/include/linux/security.h
421		-+++ linux-2.6.32-279.11.1.el6/include/linux/security.h
	420	+--- linux-2.6.32-279.14.1.el6.orig/include/linux/security.h
	421	++++ linux-2.6.32-279.14.1.el6/include/linux/security.h
422	422	@@ -35,6 +35,7 @@
423	423	#include <linux/xfrm.h>
424	424	#include <linux/gfp.h>

		@@ -427,8 +427,8 @@
427	427
428	428	/* Maximum number of letters for an LSM name string */
429	429	#define SECURITY_NAME_MAX 10
430		---- linux-2.6.32-279.11.1.el6.orig/include/net/ip.h
431		-+++ linux-2.6.32-279.11.1.el6/include/net/ip.h
	430	+--- linux-2.6.32-279.14.1.el6.orig/include/net/ip.h
	431	++++ linux-2.6.32-279.14.1.el6/include/net/ip.h
432	432	@@ -30,6 +30,7 @@
433	433	#include <net/inet_sock.h>
434	434	#include <net/snmp.h>

		@@ -446,8 +446,8 @@
446	446	return test_bit(port, sysctl_local_reserved_ports);
447	447	}
448	448
449		---- linux-2.6.32-279.11.1.el6.orig/kernel/compat.c
450		-+++ linux-2.6.32-279.11.1.el6/kernel/compat.c
	449	+--- linux-2.6.32-279.14.1.el6.orig/kernel/compat.c
	450	++++ linux-2.6.32-279.14.1.el6/kernel/compat.c
451	451	@@ -924,6 +924,8 @@ asmlinkage long compat_sys_stime(compat_
452	452	err = security_settime(&tv, NULL);
453	453	if (err)

		@@ -457,8 +457,8 @@
457	457
458	458	do_settimeofday(&tv);
459	459	return 0;
460		---- linux-2.6.32-279.11.1.el6.orig/kernel/fork.c
461		-+++ linux-2.6.32-279.11.1.el6/kernel/fork.c
	460	+--- linux-2.6.32-279.14.1.el6.orig/kernel/fork.c
	461	++++ linux-2.6.32-279.14.1.el6/kernel/fork.c
462	462	@@ -169,6 +169,7 @@ void __put_task_struct(struct task_struc
463	463	exit_creds(tsk);
464	464	delayacct_tsk_free(tsk);

		@@ -485,8 +485,8 @@
485	485	bad_fork_cleanup_policy:
486	486	perf_event_free_task(p);
487	487	#ifdef CONFIG_NUMA
488		---- linux-2.6.32-279.11.1.el6.orig/kernel/kexec.c
489		-+++ linux-2.6.32-279.11.1.el6/kernel/kexec.c
	488	+--- linux-2.6.32-279.14.1.el6.orig/kernel/kexec.c
	489	++++ linux-2.6.32-279.14.1.el6/kernel/kexec.c
490	490	@@ -40,6 +40,7 @@
491	491	#include <asm/system.h>
492	492	#include <asm/sections.h>

		@@ -504,8 +504,8 @@
504	504
505	505	if (kexec_load_disabled)
506	506	return -EPERM;
507		---- linux-2.6.32-279.11.1.el6.orig/kernel/module.c
508		-+++ linux-2.6.32-279.11.1.el6/kernel/module.c
	507	+--- linux-2.6.32-279.14.1.el6.orig/kernel/module.c
	508	++++ linux-2.6.32-279.14.1.el6/kernel/module.c
509	509	@@ -56,6 +56,7 @@
510	510	#include <linux/percpu.h>
511	511	#include <linux/kmemleak.h>

		@@ -532,8 +532,8 @@
532	532
533	533	/* Only one module load at a time, please */
534	534	if (mutex_lock_interruptible(&module_mutex) != 0)
535		---- linux-2.6.32-279.11.1.el6.orig/kernel/ptrace.c
536		-+++ linux-2.6.32-279.11.1.el6/kernel/ptrace.c
	535	+--- linux-2.6.32-279.14.1.el6.orig/kernel/ptrace.c
	536	++++ linux-2.6.32-279.14.1.el6/kernel/ptrace.c
537	537	@@ -195,6 +195,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
538	538	{
539	539	struct task_struct *child;

		@@ -558,8 +558,8 @@
558	558
559	559	/*
560	560	* This lock_kernel fixes a subtle race with suid exec
561		---- linux-2.6.32-279.11.1.el6.orig/kernel/sched.c
562		-+++ linux-2.6.32-279.11.1.el6/kernel/sched.c
	561	+--- linux-2.6.32-279.14.1.el6.orig/kernel/sched.c
	562	++++ linux-2.6.32-279.14.1.el6/kernel/sched.c
563	563	@@ -6672,6 +6672,8 @@ int can_nice(const struct task_struct *p
564	564	SYSCALL_DEFINE1(nice, int, increment)
565	565	{

		@@ -569,8 +569,8 @@
569	569
570	570	/*
571	571	* Setpriority might change our priority at the same moment.
572		---- linux-2.6.32-279.11.1.el6.orig/kernel/signal.c
573		-+++ linux-2.6.32-279.11.1.el6/kernel/signal.c
	572	+--- linux-2.6.32-279.14.1.el6.orig/kernel/signal.c
	573	++++ linux-2.6.32-279.14.1.el6/kernel/signal.c
574	574	@@ -2288,6 +2288,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
575	575	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
576	576	{

		@@ -616,8 +616,8 @@
616	616
617	617	return do_send_specific(tgid, pid, sig, info);
618	618	}
619		---- linux-2.6.32-279.11.1.el6.orig/kernel/sys.c
620		-+++ linux-2.6.32-279.11.1.el6/kernel/sys.c
	619	+--- linux-2.6.32-279.14.1.el6.orig/kernel/sys.c
	620	++++ linux-2.6.32-279.14.1.el6/kernel/sys.c
621	621	@@ -157,6 +157,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
622	622
623	623	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -656,8 +656,8 @@
656	656
657	657	down_write(&uts_sem);
658	658	errno = -EFAULT;
659		---- linux-2.6.32-279.11.1.el6.orig/kernel/sysctl.c
660		-+++ linux-2.6.32-279.11.1.el6/kernel/sysctl.c
	659	+--- linux-2.6.32-279.14.1.el6.orig/kernel/sysctl.c
	660	++++ linux-2.6.32-279.14.1.el6/kernel/sysctl.c
661	661	@@ -2035,6 +2035,9 @@ int do_sysctl(int __user *name, int nlen
662	662
663	663	for (head = sysctl_head_next(NULL); head;

		@@ -668,8 +668,8 @@
668	668	error = parse_table(name, nlen, oldval, oldlenp,
669	669	newval, newlen,
670	670	head->root, head->ctl_table);
671		---- linux-2.6.32-279.11.1.el6.orig/kernel/time.c
672		-+++ linux-2.6.32-279.11.1.el6/kernel/time.c
	671	+--- linux-2.6.32-279.14.1.el6.orig/kernel/time.c
	672	++++ linux-2.6.32-279.14.1.el6/kernel/time.c
673	673	@@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
674	674	err = security_settime(&tv, NULL);
675	675	if (err)

		@@ -688,8 +688,8 @@
688	688
689	689	if (tz) {
690	690	/* SMP safe, global irq locking makes it work. */
691		---- linux-2.6.32-279.11.1.el6.orig/kernel/time/ntp.c
692		-+++ linux-2.6.32-279.11.1.el6/kernel/time/ntp.c
	691	+--- linux-2.6.32-279.14.1.el6.orig/kernel/time/ntp.c
	692	++++ linux-2.6.32-279.14.1.el6/kernel/time/ntp.c
693	693	@@ -14,6 +14,7 @@
694	694	#include <linux/timex.h>
695	695	#include <linux/time.h>

		@@ -714,8 +714,8 @@
714	714
715	715	/*
716	716	* if the quartz is off by more than 10% then
717		---- linux-2.6.32-279.11.1.el6.orig/net/ipv4/raw.c
718		-+++ linux-2.6.32-279.11.1.el6/net/ipv4/raw.c
	717	+--- linux-2.6.32-279.14.1.el6.orig/net/ipv4/raw.c
	718	++++ linux-2.6.32-279.14.1.el6/net/ipv4/raw.c
719	719	@@ -77,6 +77,7 @@
720	720	#include <linux/seq_file.h>
721	721	#include <linux/netfilter.h>

		@@ -735,8 +735,8 @@
735	735
736	736	copied = skb->len;
737	737	if (len < copied) {
738		---- linux-2.6.32-279.11.1.el6.orig/net/ipv4/udp.c
739		-+++ linux-2.6.32-279.11.1.el6/net/ipv4/udp.c
	738	+--- linux-2.6.32-279.14.1.el6.orig/net/ipv4/udp.c
	739	++++ linux-2.6.32-279.14.1.el6/net/ipv4/udp.c
740	740	@@ -106,6 +106,7 @@
741	741	#include <net/xfrm.h>
742	742	#include <trace/events/udp.h>

		@@ -756,8 +756,8 @@
756	756
757	757	ulen = skb->len - sizeof(struct udphdr);
758	758	copied = len;
759		---- linux-2.6.32-279.11.1.el6.orig/net/ipv6/raw.c
760		-+++ linux-2.6.32-279.11.1.el6/net/ipv6/raw.c
	759	+--- linux-2.6.32-279.14.1.el6.orig/net/ipv6/raw.c
	760	++++ linux-2.6.32-279.14.1.el6/net/ipv6/raw.c
761	761	@@ -59,6 +59,7 @@
762	762
763	763	#include <linux/proc_fs.h>

		@@ -777,8 +777,8 @@
777	777
778	778	copied = skb->len;
779	779	if (copied > len) {
780		---- linux-2.6.32-279.11.1.el6.orig/net/ipv6/udp.c
781		-+++ linux-2.6.32-279.11.1.el6/net/ipv6/udp.c
	780	+--- linux-2.6.32-279.14.1.el6.orig/net/ipv6/udp.c
	781	++++ linux-2.6.32-279.14.1.el6/net/ipv6/udp.c
782	782	@@ -48,6 +48,7 @@
783	783	#include <linux/proc_fs.h>
784	784	#include <linux/seq_file.h>

		@@ -798,8 +798,8 @@
798	798
799	799	ulen = skb->len - sizeof(struct udphdr);
800	800	copied = len;
801		---- linux-2.6.32-279.11.1.el6.orig/net/socket.c
802		-+++ linux-2.6.32-279.11.1.el6/net/socket.c
	801	+--- linux-2.6.32-279.14.1.el6.orig/net/socket.c
	802	++++ linux-2.6.32-279.14.1.el6/net/socket.c
803	803	@@ -570,6 +570,8 @@ static inline int __sock_sendmsg(struct
804	804	struct msghdr *msg, size_t size)
805	805	{

		@@ -860,8 +860,8 @@
860	860	if (err)
861	861	goto out_put;
862	862
863		---- linux-2.6.32-279.11.1.el6.orig/net/unix/af_unix.c
864		-+++ linux-2.6.32-279.11.1.el6/net/unix/af_unix.c
	863	+--- linux-2.6.32-279.14.1.el6.orig/net/unix/af_unix.c
	864	++++ linux-2.6.32-279.14.1.el6/net/unix/af_unix.c
865	865	@@ -838,6 +838,9 @@ static int unix_bind(struct socket *sock
866	866	if (err)
867	867	goto out_mknod_dput;

		@@ -883,8 +883,8 @@
883	883	if (msg->msg_name)
884	884	unix_copy_addr(msg, skb->sk);
885	885
886		---- linux-2.6.32-279.11.1.el6.orig/security/Kconfig
887		-+++ linux-2.6.32-279.11.1.el6/security/Kconfig
	886	+--- linux-2.6.32-279.14.1.el6.orig/security/Kconfig
	887	++++ linux-2.6.32-279.14.1.el6/security/Kconfig
888	888	@@ -177,5 +177,7 @@ source security/tomoyo/Kconfig
889	889
890	890	source security/integrity/ima/Kconfig

		@@ -893,8 +893,8 @@
893	893	+
894	894	endmenu
895	895
896		---- linux-2.6.32-279.11.1.el6.orig/security/Makefile
897		-+++ linux-2.6.32-279.11.1.el6/security/Makefile
	896	+--- linux-2.6.32-279.14.1.el6.orig/security/Makefile
	897	++++ linux-2.6.32-279.14.1.el6/security/Makefile
898	898	@@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
899	899	# Object integrity file lists
900	900	subdir-$(CONFIG_IMA) += integrity/ima

--- trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-16.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-3.6-fedora-16.diff (revision 68)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for Fedora 16.
2	2
3		-Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/16/SRPMS/kernel-3.6.2-1.fc16.src.rpm
	3	+Source code for this patch is http://ftp.riken.jp/Linux/fedora/updates/16/SRPMS/kernel-3.6.6-1.fc16.src.rpm
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,9 +28,9 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 250 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.6.2-1.fc16.orig/fs/exec.c
32		-+++ linux-3.6.2-1.fc16/fs/exec.c
33		-@@ -1550,7 +1550,7 @@ static int do_execve_common(const char *
	31	+--- linux-3.6.6-1.fc16.orig/fs/exec.c
	32	++++ linux-3.6.6-1.fc16/fs/exec.c
	33	+@@ -1551,7 +1551,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;
36	36

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.6.2-1.fc16.orig/fs/open.c
43		-+++ linux-3.6.2-1.fc16/fs/open.c
	42	+--- linux-3.6.6-1.fc16.orig/fs/open.c
	43	++++ linux-3.6.6-1.fc16/fs/open.c
44	44	@@ -1077,6 +1077,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.6.2-1.fc16.orig/fs/proc/version.c
54		-+++ linux-3.6.2-1.fc16/fs/proc/version.c
	53	+--- linux-3.6.6-1.fc16.orig/fs/proc/version.c
	54	++++ linux-3.6.6-1.fc16/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.6.2-1.fc16 2012/10/27\n");
	62	++ printk(KERN_INFO "Hook version: 3.6.6-1.fc16 2012/11/10\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.6.2-1.fc16.orig/include/linux/init_task.h
67		-+++ linux-3.6.2-1.fc16/include/linux/init_task.h
	66	+--- linux-3.6.6-1.fc16.orig/include/linux/init_task.h
	67	++++ linux-3.6.6-1.fc16/include/linux/init_task.h
68	68	@@ -143,6 +143,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.6.2-1.fc16.orig/include/linux/sched.h
92		-+++ linux-3.6.2-1.fc16/include/linux/sched.h
	91	+--- linux-3.6.6-1.fc16.orig/include/linux/sched.h
	92	++++ linux-3.6.6-1.fc16/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.6.2-1.fc16.orig/include/linux/security.h
114		-+++ linux-3.6.2-1.fc16/include/linux/security.h
	113	+--- linux-3.6.6-1.fc16.orig/include/linux/security.h
	114	++++ linux-3.6.6-1.fc16/include/linux/security.h
115	115	@@ -52,6 +52,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -313,8 +313,8 @@
313	313	}
314	314	#endif /* CONFIG_SECURITY_PATH */
315	315
316		---- linux-3.6.2-1.fc16.orig/include/net/ip.h
317		-+++ linux-3.6.2-1.fc16/include/net/ip.h
	316	+--- linux-3.6.6-1.fc16.orig/include/net/ip.h
	317	++++ linux-3.6.6-1.fc16/include/net/ip.h
318	318	@@ -201,6 +201,8 @@ extern void inet_get_local_port_range(in
319	319	extern unsigned long *sysctl_local_reserved_ports;
320	320	static inline int inet_is_reserved_local_port(int port)

		@@ -324,8 +324,8 @@
324	324	return test_bit(port, sysctl_local_reserved_ports);
325	325	}
326	326
327		---- linux-3.6.2-1.fc16.orig/kernel/fork.c
328		-+++ linux-3.6.2-1.fc16/kernel/fork.c
	327	+--- linux-3.6.6-1.fc16.orig/kernel/fork.c
	328	++++ linux-3.6.6-1.fc16/kernel/fork.c
329	329	@@ -241,6 +241,7 @@ void __put_task_struct(struct task_struc
330	330	delayacct_tsk_free(tsk);
331	331	put_signal_struct(tsk->signal);

		@@ -352,8 +352,8 @@
352	352	bad_fork_cleanup_policy:
353	353	perf_event_free_task(p);
354	354	#ifdef CONFIG_NUMA
355		---- linux-3.6.2-1.fc16.orig/kernel/kexec.c
356		-+++ linux-3.6.2-1.fc16/kernel/kexec.c
	355	+--- linux-3.6.6-1.fc16.orig/kernel/kexec.c
	356	++++ linux-3.6.6-1.fc16/kernel/kexec.c
357	357	@@ -38,6 +38,7 @@
358	358	#include <asm/uaccess.h>
359	359	#include <asm/io.h>

		@@ -371,8 +371,8 @@
371	371
372	372	/*
373	373	* Verify we have a legal set of flags
374		---- linux-3.6.2-1.fc16.orig/kernel/module.c
375		-+++ linux-3.6.2-1.fc16/kernel/module.c
	374	+--- linux-3.6.6-1.fc16.orig/kernel/module.c
	375	++++ linux-3.6.6-1.fc16/kernel/module.c
376	376	@@ -58,6 +58,7 @@
377	377	#include <linux/jump_label.h>
378	378	#include <linux/pfn.h>

		@@ -390,7 +390,7 @@
390	390
391	391	if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
392	392	return -EFAULT;
393		-@@ -3020,6 +3023,8 @@ SYSCALL_DEFINE3(init_module, void __user
	393	+@@ -3024,6 +3027,8 @@ SYSCALL_DEFINE3(init_module, void __user
394	394	/* Must have permission */
395	395	if (!capable(CAP_SYS_MODULE) \|\| modules_disabled)
396	396	return -EPERM;

		@@ -399,8 +399,8 @@
399	399
400	400	/* Do all the hard work */
401	401	mod = load_module(umod, len, uargs);
402		---- linux-3.6.2-1.fc16.orig/kernel/ptrace.c
403		-+++ linux-3.6.2-1.fc16/kernel/ptrace.c
	402	+--- linux-3.6.6-1.fc16.orig/kernel/ptrace.c
	403	++++ linux-3.6.6-1.fc16/kernel/ptrace.c
404	404	@@ -859,6 +859,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405	405	{
406	406	struct task_struct *child;

		@@ -425,8 +425,8 @@
425	425
426	426	if (request == PTRACE_TRACEME) {
427	427	ret = ptrace_traceme();
428		---- linux-3.6.2-1.fc16.orig/kernel/sched/core.c
429		-+++ linux-3.6.2-1.fc16/kernel/sched/core.c
	428	+--- linux-3.6.6-1.fc16.orig/kernel/sched/core.c
	429	++++ linux-3.6.6-1.fc16/kernel/sched/core.c
430	430	@@ -4119,6 +4119,8 @@ int can_nice(const struct task_struct *p
431	431	SYSCALL_DEFINE1(nice, int, increment)
432	432	{

		@@ -436,8 +436,8 @@
436	436
437	437	/*
438	438	* Setpriority might change our priority at the same moment.
439		---- linux-3.6.2-1.fc16.orig/kernel/signal.c
440		-+++ linux-3.6.2-1.fc16/kernel/signal.c
	439	+--- linux-3.6.6-1.fc16.orig/kernel/signal.c
	440	++++ linux-3.6.6-1.fc16/kernel/signal.c
441	441	@@ -2856,6 +2856,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
442	442	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
443	443	{

		@@ -483,8 +483,8 @@
483	483
484	484	return do_send_specific(tgid, pid, sig, info);
485	485	}
486		---- linux-3.6.2-1.fc16.orig/kernel/sys.c
487		-+++ linux-3.6.2-1.fc16/kernel/sys.c
	486	+--- linux-3.6.6-1.fc16.orig/kernel/sys.c
	487	++++ linux-3.6.6-1.fc16/kernel/sys.c
488	488	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
489	489
490	490	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -505,7 +505,7 @@
505	505
506	506	/*
507	507	* If pid namespaces are enabled and the current task is in a child
508		-@@ -1373,6 +1379,8 @@ SYSCALL_DEFINE2(sethostname, char __user
	508	+@@ -1375,6 +1381,8 @@ SYSCALL_DEFINE2(sethostname, char __user
509	509
510	510	if (len < 0 \|\| len > __NEW_UTS_LEN)
511	511	return -EINVAL;

		@@ -514,7 +514,7 @@
514	514	down_write(&uts_sem);
515	515	errno = -EFAULT;
516	516	if (!copy_from_user(tmp, name, len)) {
517		-@@ -1423,6 +1431,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
	517	+@@ -1425,6 +1433,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
518	518	return -EPERM;
519	519	if (len < 0 \|\| len > __NEW_UTS_LEN)
520	520	return -EINVAL;

		@@ -523,8 +523,8 @@
523	523
524	524	down_write(&uts_sem);
525	525	errno = -EFAULT;
526		---- linux-3.6.2-1.fc16.orig/kernel/time/ntp.c
527		-+++ linux-3.6.2-1.fc16/kernel/time/ntp.c
	526	+--- linux-3.6.6-1.fc16.orig/kernel/time/ntp.c
	527	++++ linux-3.6.6-1.fc16/kernel/time/ntp.c
528	528	@@ -15,6 +15,7 @@
529	529	#include <linux/time.h>
530	530	#include <linux/mm.h>

		@@ -558,8 +558,8 @@
558	558	if (!(txc->modes & ADJ_NANO))
559	559	delta.tv_nsec *= 1000;
560	560	result = timekeeping_inject_offset(&delta);
561		---- linux-3.6.2-1.fc16.orig/net/ipv4/raw.c
562		-+++ linux-3.6.2-1.fc16/net/ipv4/raw.c
	561	+--- linux-3.6.6-1.fc16.orig/net/ipv4/raw.c
	562	++++ linux-3.6.6-1.fc16/net/ipv4/raw.c
563	563	@@ -704,6 +704,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-3.6.2-1.fc16.orig/net/ipv4/udp.c
575		-+++ linux-3.6.2-1.fc16/net/ipv4/udp.c
	574	+--- linux-3.6.6-1.fc16.orig/net/ipv4/udp.c
	575	++++ linux-3.6.6-1.fc16/net/ipv4/udp.c
576	576	@@ -1193,6 +1193,10 @@ try_again:
577	577	&peeked, &off, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	copied = len;
587		---- linux-3.6.2-1.fc16.orig/net/ipv6/raw.c
588		-+++ linux-3.6.2-1.fc16/net/ipv6/raw.c
	587	+--- linux-3.6.6-1.fc16.orig/net/ipv6/raw.c
	588	++++ linux-3.6.6-1.fc16/net/ipv6/raw.c
589	589	@@ -472,6 +472,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-3.6.2-1.fc16.orig/net/ipv6/udp.c
601		-+++ linux-3.6.2-1.fc16/net/ipv6/udp.c
	600	+--- linux-3.6.6-1.fc16.orig/net/ipv6/udp.c
	601	++++ linux-3.6.6-1.fc16/net/ipv6/udp.c
602	602	@@ -363,6 +363,10 @@ try_again:
603	603	&peeked, &off, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	copied = len;
613		---- linux-3.6.2-1.fc16.orig/net/socket.c
614		-+++ linux-3.6.2-1.fc16/net/socket.c
	613	+--- linux-3.6.6-1.fc16.orig/net/socket.c
	614	++++ linux-3.6.6-1.fc16/net/socket.c
615	615	@@ -1551,6 +1551,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-3.6.2-1.fc16.orig/net/unix/af_unix.c
627		-+++ linux-3.6.2-1.fc16/net/unix/af_unix.c
	626	+--- linux-3.6.6-1.fc16.orig/net/unix/af_unix.c
	627	++++ linux-3.6.6-1.fc16/net/unix/af_unix.c
628	628	@@ -1806,6 +1806,10 @@ static int unix_dgram_recvmsg(struct kio
629	629	wake_up_interruptible_sync_poll(&u->peer_wait,
630	630	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-3.6.2-1.fc16.orig/security/Kconfig
640		-+++ linux-3.6.2-1.fc16/security/Kconfig
	639	+--- linux-3.6.6-1.fc16.orig/security/Kconfig
	640	++++ linux-3.6.6-1.fc16/security/Kconfig
641	641	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
642	642	default "yama" if DEFAULT_SECURITY_YAMA
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-3.6.2-1.fc16.orig/security/Makefile
650		-+++ linux-3.6.2-1.fc16/security/Makefile
	649	+--- linux-3.6.6-1.fc16.orig/security/Makefile
	650	++++ linux-3.6.6-1.fc16/security/Makefile
651	651	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-3.6.2-1.fc16.orig/security/security.c
659		-+++ linux-3.6.2-1.fc16/security/security.c
	658	+--- linux-3.6.6-1.fc16.orig/security/security.c
	659	++++ linux-3.6.6-1.fc16/security/security.c
660	660	@@ -190,7 +190,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-2.6.37-suse-11.4.diff (revision 67)

+++ trunk/caitsith-patch/patches/ccs-patch-2.6.37-suse-11.4.diff (revision 68)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for openSUSE 11.4.
2	2
3		-Source code for this patch is http://download.opensuse.org/update/11.4/rpm/src/kernel-source-2.6.37.6-0.20.1.src.rpm
	3	+Source code for this patch is http://download.opensuse.org/update/11.4/rpm/src/kernel-source-2.6.37.6-24.1.src.rpm
4	4	---
5	5	fs/compat.c \| 2
6	6	fs/exec.c \| 2

		@@ -29,8 +29,8 @@
29	29	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
30	30	25 files changed, 246 insertions(+), 50 deletions(-)
31	31
32		---- linux-2.6.37.6-0.20.1.orig/fs/compat.c
33		-+++ linux-2.6.37.6-0.20.1/fs/compat.c
	32	+--- linux-2.6.37.6-24.1.orig/fs/compat.c
	33	++++ linux-2.6.37.6-24.1/fs/compat.c
34	34	@@ -1525,7 +1525,7 @@ int compat_do_execve(char * filename,
35	35	if (retval < 0)
36	36	goto out;

		@@ -40,8 +40,8 @@
40	40	if (retval < 0)
41	41	goto out;
42	42
43		---- linux-2.6.37.6-0.20.1.orig/fs/exec.c
44		-+++ linux-2.6.37.6-0.20.1/fs/exec.c
	43	+--- linux-2.6.37.6-24.1.orig/fs/exec.c
	44	++++ linux-2.6.37.6-24.1/fs/exec.c
45	45	@@ -1443,7 +1443,7 @@ int do_execve(const char * filename,
46	46	if (retval < 0)
47	47	goto out;

		@@ -51,8 +51,8 @@
51	51	if (retval < 0)
52	52	goto out;
53	53
54		---- linux-2.6.37.6-0.20.1.orig/fs/open.c
55		-+++ linux-2.6.37.6-0.20.1/fs/open.c
	54	+--- linux-2.6.37.6-24.1.orig/fs/open.c
	55	++++ linux-2.6.37.6-24.1/fs/open.c
56	56	@@ -1007,6 +1007,8 @@ EXPORT_SYMBOL(sys_close);
57	57	*/
58	58	SYSCALL_DEFINE0(vhangup)

		@@ -62,8 +62,8 @@
62	62	if (capable(CAP_SYS_TTY_CONFIG)) {
63	63	tty_vhangup_self();
64	64	return 0;
65		---- linux-2.6.37.6-0.20.1.orig/fs/proc/version.c
66		-+++ linux-2.6.37.6-0.20.1/fs/proc/version.c
	65	+--- linux-2.6.37.6-24.1.orig/fs/proc/version.c
	66	++++ linux-2.6.37.6-24.1/fs/proc/version.c
67	67	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
68	68	return 0;
69	69	}

		@@ -71,12 +71,12 @@
71	71	+
72	72	+static int __init ccs_show_version(void)
73	73	+{
74		-+ printk(KERN_INFO "Hook version: 2.6.37.6-0.20.1 2012/06/29\n");
	74	++ printk(KERN_INFO "Hook version: 2.6.37.6-24.1 2012/11/08\n");
75	75	+ return 0;
76	76	+}
77	77	+module_init(ccs_show_version);
78		---- linux-2.6.37.6-0.20.1.orig/include/linux/init_task.h
79		-+++ linux-2.6.37.6-0.20.1/include/linux/init_task.h
	78	+--- linux-2.6.37.6-24.1.orig/include/linux/init_task.h
	79	++++ linux-2.6.37.6-24.1/include/linux/init_task.h
80	80	@@ -110,6 +110,14 @@ extern struct cred init_cred;
81	81	# define INIT_PERF_EVENTS(tsk)
82	82	#endif

		@@ -100,8 +100,8 @@
100	100	}
101	101
102	102
103		---- linux-2.6.37.6-0.20.1.orig/include/linux/sched.h
104		-+++ linux-2.6.37.6-0.20.1/include/linux/sched.h
	103	+--- linux-2.6.37.6-24.1.orig/include/linux/sched.h
	104	++++ linux-2.6.37.6-24.1/include/linux/sched.h
105	105	@@ -43,6 +43,8 @@
106	106
107	107	#ifdef __KERNEL__

		@@ -122,8 +122,8 @@
122	122	};
123	123
124	124	/* Future-safe accessor for struct task_struct's cpus_allowed. */
125		---- linux-2.6.37.6-0.20.1.orig/include/linux/security.h
126		-+++ linux-2.6.37.6-0.20.1/include/linux/security.h
	125	+--- linux-2.6.37.6-24.1.orig/include/linux/security.h
	126	++++ linux-2.6.37.6-24.1/include/linux/security.h
127	127	@@ -36,6 +36,7 @@
128	128	#include <linux/xfrm.h>
129	129	#include <linux/slab.h>

		@@ -322,8 +322,8 @@
322	322	}
323	323	#endif /* CONFIG_SECURITY_PATH */
324	324
325		---- linux-2.6.37.6-0.20.1.orig/include/net/ip.h
326		-+++ linux-2.6.37.6-0.20.1/include/net/ip.h
	325	+--- linux-2.6.37.6-24.1.orig/include/net/ip.h
	326	++++ linux-2.6.37.6-24.1/include/net/ip.h
327	327	@@ -198,6 +198,8 @@ extern void inet_get_local_port_range(in
328	328	extern unsigned long *sysctl_local_reserved_ports;
329	329	static inline int inet_is_reserved_local_port(int port)

		@@ -333,8 +333,8 @@
333	333	return test_bit(port, sysctl_local_reserved_ports);
334	334	}
335	335
336		---- linux-2.6.37.6-0.20.1.orig/kernel/fork.c
337		-+++ linux-2.6.37.6-0.20.1/kernel/fork.c
	336	+--- linux-2.6.37.6-24.1.orig/kernel/fork.c
	337	++++ linux-2.6.37.6-24.1/kernel/fork.c
338	338	@@ -189,6 +189,7 @@ void __put_task_struct(struct task_struc
339	339	delayacct_tsk_free(tsk);
340	340	put_signal_struct(tsk->signal);

		@@ -361,8 +361,8 @@
361	361	bad_fork_cleanup_policy:
362	362	perf_event_free_task(p);
363	363	#ifdef CONFIG_NUMA
364		---- linux-2.6.37.6-0.20.1.orig/kernel/kexec.c
365		-+++ linux-2.6.37.6-0.20.1/kernel/kexec.c
	364	+--- linux-2.6.37.6-24.1.orig/kernel/kexec.c
	365	++++ linux-2.6.37.6-24.1/kernel/kexec.c
366	366	@@ -39,6 +39,7 @@
367	367	#include <asm/io.h>
368	368	#include <asm/system.h>

		@@ -380,8 +380,8 @@
380	380
381	381	/*
382	382	* Verify we have a legal set of flags
383		---- linux-2.6.37.6-0.20.1.orig/kernel/module.c
384		-+++ linux-2.6.37.6-0.20.1/kernel/module.c
	383	+--- linux-2.6.37.6-24.1.orig/kernel/module.c
	384	++++ linux-2.6.37.6-24.1/kernel/module.c
385	385	@@ -57,6 +57,7 @@
386	386	#include <linux/percpu.h>
387	387	#include <linux/kmemleak.h>

		@@ -408,8 +408,8 @@
408	408
409	409	/* Do all the hard work */
410	410	mod = load_module(umod, len, uargs);
411		---- linux-2.6.37.6-0.20.1.orig/kernel/ptrace.c
412		-+++ linux-2.6.37.6-0.20.1/kernel/ptrace.c
	411	+--- linux-2.6.37.6-24.1.orig/kernel/ptrace.c
	412	++++ linux-2.6.37.6-24.1/kernel/ptrace.c
413	413	@@ -713,6 +713,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
414	414	{
415	415	struct task_struct *child;

		@@ -434,8 +434,8 @@
434	434
435	435	if (request == PTRACE_TRACEME) {
436	436	ret = ptrace_traceme();
437		---- linux-2.6.37.6-0.20.1.orig/kernel/sched.c
438		-+++ linux-2.6.37.6-0.20.1/kernel/sched.c
	437	+--- linux-2.6.37.6-24.1.orig/kernel/sched.c
	438	++++ linux-2.6.37.6-24.1/kernel/sched.c
439	439	@@ -4805,6 +4805,8 @@ int can_nice(const struct task_struct *p
440	440	SYSCALL_DEFINE1(nice, int, increment)
441	441	{

		@@ -445,8 +445,8 @@
445	445
446	446	/*
447	447	* Setpriority might change our priority at the same moment.
448		---- linux-2.6.37.6-0.20.1.orig/kernel/signal.c
449		-+++ linux-2.6.37.6-0.20.1/kernel/signal.c
	448	+--- linux-2.6.37.6-24.1.orig/kernel/signal.c
	449	++++ linux-2.6.37.6-24.1/kernel/signal.c
450	450	@@ -2328,6 +2328,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
451	451	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
452	452	{

		@@ -492,8 +492,8 @@
492	492
493	493	return do_send_specific(tgid, pid, sig, info);
494	494	}
495		---- linux-2.6.37.6-0.20.1.orig/kernel/sys.c
496		-+++ linux-2.6.37.6-0.20.1/kernel/sys.c
	495	+--- linux-2.6.37.6-24.1.orig/kernel/sys.c
	496	++++ linux-2.6.37.6-24.1/kernel/sys.c
497	497	@@ -156,6 +156,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
498	498
499	499	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -532,8 +532,8 @@
532	532
533	533	down_write(&uts_sem);
534	534	errno = -EFAULT;
535		---- linux-2.6.37.6-0.20.1.orig/kernel/time/ntp.c
536		-+++ linux-2.6.37.6-0.20.1/kernel/time/ntp.c
	535	+--- linux-2.6.37.6-24.1.orig/kernel/time/ntp.c
	536	++++ linux-2.6.37.6-24.1/kernel/time/ntp.c
537	537	@@ -14,6 +14,7 @@
538	538	#include <linux/timex.h>
539	539	#include <linux/time.h>

		@@ -558,8 +558,8 @@
558	558
559	559	/*
560	560	* if the quartz is off by more than 10% then
561		---- linux-2.6.37.6-0.20.1.orig/net/ipv4/raw.c
562		-+++ linux-2.6.37.6-0.20.1/net/ipv4/raw.c
	561	+--- linux-2.6.37.6-24.1.orig/net/ipv4/raw.c
	562	++++ linux-2.6.37.6-24.1/net/ipv4/raw.c
563	563	@@ -681,6 +681,10 @@ static int raw_recvmsg(struct kiocb *ioc
564	564	skb = skb_recv_datagram(sk, flags, noblock, &err);
565	565	if (!skb)

		@@ -571,8 +571,8 @@
571	571
572	572	copied = skb->len;
573	573	if (len < copied) {
574		---- linux-2.6.37.6-0.20.1.orig/net/ipv4/udp.c
575		-+++ linux-2.6.37.6-0.20.1/net/ipv4/udp.c
	574	+--- linux-2.6.37.6-24.1.orig/net/ipv4/udp.c
	575	++++ linux-2.6.37.6-24.1/net/ipv4/udp.c
576	576	@@ -1140,6 +1140,10 @@ try_again:
577	577	&peeked, &err);
578	578	if (!skb)

		@@ -584,8 +584,8 @@
584	584
585	585	ulen = skb->len - sizeof(struct udphdr);
586	586	if (len > ulen)
587		---- linux-2.6.37.6-0.20.1.orig/net/ipv6/raw.c
588		-+++ linux-2.6.37.6-0.20.1/net/ipv6/raw.c
	587	+--- linux-2.6.37.6-24.1.orig/net/ipv6/raw.c
	588	++++ linux-2.6.37.6-24.1/net/ipv6/raw.c
589	589	@@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
590	590	skb = skb_recv_datagram(sk, flags, noblock, &err);
591	591	if (!skb)

		@@ -597,8 +597,8 @@
597	597
598	598	copied = skb->len;
599	599	if (copied > len) {
600		---- linux-2.6.37.6-0.20.1.orig/net/ipv6/udp.c
601		-+++ linux-2.6.37.6-0.20.1/net/ipv6/udp.c
	600	+--- linux-2.6.37.6-24.1.orig/net/ipv6/udp.c
	601	++++ linux-2.6.37.6-24.1/net/ipv6/udp.c
602	602	@@ -361,6 +361,10 @@ try_again:
603	603	&peeked, &err);
604	604	if (!skb)

		@@ -610,8 +610,8 @@
610	610
611	611	ulen = skb->len - sizeof(struct udphdr);
612	612	if (len > ulen)
613		---- linux-2.6.37.6-0.20.1.orig/net/socket.c
614		-+++ linux-2.6.37.6-0.20.1/net/socket.c
	613	+--- linux-2.6.37.6-24.1.orig/net/socket.c
	614	++++ linux-2.6.37.6-24.1/net/socket.c
615	615	@@ -1516,6 +1516,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
616	616	if (err < 0)
617	617	goto out_fd;

		@@ -623,8 +623,8 @@
623	623	if (upeer_sockaddr) {
624	624	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
625	625	&len, 2) < 0) {
626		---- linux-2.6.37.6-0.20.1.orig/net/unix/af_unix.c
627		-+++ linux-2.6.37.6-0.20.1/net/unix/af_unix.c
	626	+--- linux-2.6.37.6-24.1.orig/net/unix/af_unix.c
	627	++++ linux-2.6.37.6-24.1/net/unix/af_unix.c
628	628	@@ -1738,6 +1738,10 @@ static int unix_dgram_recvmsg(struct kio
629	629
630	630	wake_up_interruptible_sync(&u->peer_wait);

		@@ -636,8 +636,8 @@
636	636	if (msg->msg_name)
637	637	unix_copy_addr(msg, skb->sk);
638	638
639		---- linux-2.6.37.6-0.20.1.orig/security/Kconfig
640		-+++ linux-2.6.37.6-0.20.1/security/Kconfig
	639	+--- linux-2.6.37.6-24.1.orig/security/Kconfig
	640	++++ linux-2.6.37.6-24.1/security/Kconfig
641	641	@@ -193,5 +193,7 @@ config DEFAULT_SECURITY
642	642	default "apparmor" if DEFAULT_SECURITY_APPARMOR
643	643	default "" if DEFAULT_SECURITY_DAC

		@@ -646,8 +646,8 @@
646	646	+
647	647	endmenu
648	648
649		---- linux-2.6.37.6-0.20.1.orig/security/Makefile
650		-+++ linux-2.6.37.6-0.20.1/security/Makefile
	649	+--- linux-2.6.37.6-24.1.orig/security/Makefile
	650	++++ linux-2.6.37.6-24.1/security/Makefile
651	651	@@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
652	652	# Object integrity file lists
653	653	subdir-$(CONFIG_IMA) += integrity/ima

		@@ -655,8 +655,8 @@
655	655	+
656	656	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
657	657	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
658		---- linux-2.6.37.6-0.20.1.orig/security/security.c
659		-+++ linux-2.6.37.6-0.20.1/security/security.c
	658	+--- linux-2.6.37.6-24.1.orig/security/security.c
	659	++++ linux-2.6.37.6-24.1/security/security.c
660	660	@@ -203,7 +203,10 @@ int security_syslog(int type)
661	661
662	662	int security_settime(struct timespec ts, struct timezone tz)

--- trunk/diff.txt (revision 67)

+++ trunk/diff.txt (revision 68)

		@@ -1,6 +1,6 @@
1	1	Index: security/caitsith/internal.h
2	2	===================================================================
3		---- security/caitsith/internal.h (revision 56)
	3	+--- security/caitsith/internal.h (revision 66)
4	4	+++ security/caitsith/internal.h (working copy)
5	5	@@ -211,6 +211,7 @@
6	6	/* Index numbers for "struct ccs_condition". */

		@@ -14,9 +14,9 @@
14	14	CCS_SELF_SGID, /* current_sgid() */
15	15	CCS_SELF_FSGID, /* current_fsgid() */
16	16	CCS_SELF_PID, /* sys_getpid() */
17		-- CCS_SELF_PPID, /* sys_getppid() */
18		- /* 10 */
19		-+ CCS_SELF_PPID, /* sys_getppid() */
	17	++ /* 10 */
	18	+ CCS_SELF_PPID, /* sys_getppid() */
	19	+- /* 10 */
20	20	CCS_TASK_TYPE, /* ((u8) task->ccs_flags) &
21	21	CCS_TASK_IS_EXECUTE_HANDLER */
22	22	CCS_SELF_DOMAIN,

		@@ -24,9 +24,9 @@
24	24	CCS_OBJ_IS_SYMLINK, /* S_IFLNK */
25	25	CCS_OBJ_IS_FILE, /* S_IFREG */
26	26	CCS_OBJ_IS_BLOCK_DEV, /* S_IFBLK */
27		-- CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */
28		- /* 20 */
29		-+ CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */
	27	++ /* 20 */
	28	+ CCS_OBJ_IS_DIRECTORY, /* S_IFDIR */
	29	+- /* 20 */
30	30	CCS_OBJ_IS_CHAR_DEV, /* S_IFCHR */
31	31	CCS_OBJ_IS_FIFO, /* S_IFIFO */
32	32	CCS_MODE_SETUID, /* S_ISUID */

		@@ -34,9 +34,9 @@
34	34	CCS_MODE_OWNER_WRITE, /* S_IWUSR */
35	35	CCS_MODE_OWNER_EXECUTE, /* S_IXUSR */
36	36	CCS_MODE_GROUP_READ, /* S_IRGRP */
37		-- CCS_MODE_GROUP_WRITE, /* S_IWGRP */
38		- /* 30 */
39		-+ CCS_MODE_GROUP_WRITE, /* S_IWGRP */
	37	++ /* 30 */
	38	+ CCS_MODE_GROUP_WRITE, /* S_IWGRP */
	39	+- /* 30 */
40	40	CCS_MODE_GROUP_EXECUTE, /* S_IXGRP */
41	41	CCS_MODE_OTHERS_READ, /* S_IROTH */
42	42	CCS_MODE_OTHERS_WRITE, /* S_IWOTH */

		@@ -48,7 +48,71 @@
48	48	CCS_COND_SARG0,
49	49	CCS_COND_SARG1,
50	50	/* 40 */
51		-@@ -471,15 +471,6 @@
	51	+@@ -389,7 +389,62 @@
	52	+ #ifdef CONFIG_CAITSITH_MANUAL_DOMAIN_TRANSITION
	53	+ CCS_MAC_MANUAL_DOMAIN_TRANSITION,
	54	+ #endif
	55	+- CCS_MAX_MAC_INDEX
	56	++ CCS_MAX_MAC_INDEX,
	57	++ /* Map undefined functions to CCS_MAX_MAC_INDEX */
	58	++#ifndef CONFIG_CAITSITH_GETATTR
	59	++ CCS_MAC_GETATTR = CCS_MAX_MAC_INDEX,
	60	++#endif
	61	++#ifndef CONFIG_CAITSITH_NETWORK
	62	++ CCS_MAC_INET_STREAM_BIND = CCS_MAX_MAC_INDEX,
	63	++ CCS_MAC_INET_STREAM_LISTEN = CCS_MAX_MAC_INDEX,
	64	++ CCS_MAC_INET_STREAM_CONNECT = CCS_MAX_MAC_INDEX,
	65	++ CCS_MAC_INET_STREAM_ACCEPT = CCS_MAX_MAC_INDEX,
	66	++ CCS_MAC_INET_DGRAM_BIND = CCS_MAX_MAC_INDEX,
	67	++ CCS_MAC_INET_DGRAM_SEND = CCS_MAX_MAC_INDEX,
	68	++ CCS_MAC_INET_RAW_BIND = CCS_MAX_MAC_INDEX,
	69	++ CCS_MAC_INET_RAW_SEND = CCS_MAX_MAC_INDEX,
	70	++ CCS_MAC_UNIX_STREAM_BIND = CCS_MAX_MAC_INDEX,
	71	++ CCS_MAC_UNIX_STREAM_LISTEN = CCS_MAX_MAC_INDEX,
	72	++ CCS_MAC_UNIX_STREAM_CONNECT = CCS_MAX_MAC_INDEX,
	73	++ CCS_MAC_UNIX_STREAM_ACCEPT = CCS_MAX_MAC_INDEX,
	74	++ CCS_MAC_UNIX_DGRAM_BIND = CCS_MAX_MAC_INDEX,
	75	++ CCS_MAC_UNIX_DGRAM_SEND = CCS_MAX_MAC_INDEX,
	76	++ CCS_MAC_UNIX_SEQPACKET_BIND = CCS_MAX_MAC_INDEX,
	77	++ CCS_MAC_UNIX_SEQPACKET_LISTEN = CCS_MAX_MAC_INDEX,
	78	++ CCS_MAC_UNIX_SEQPACKET_CONNECT = CCS_MAX_MAC_INDEX,
	79	++ CCS_MAC_UNIX_SEQPACKET_ACCEPT = CCS_MAX_MAC_INDEX,
	80	++#endif
	81	++#ifndef CONFIG_CAITSITH_NETWORK_RECVMSG
	82	++ CCS_MAC_INET_DGRAM_RECV = CCS_MAX_MAC_INDEX,
	83	++ CCS_MAC_INET_RAW_RECV = CCS_MAX_MAC_INDEX,
	84	++ CCS_MAC_UNIX_DGRAM_RECV = CCS_MAX_MAC_INDEX,
	85	++#endif
	86	++#ifndef CONFIG_CAITSITH_ENVIRON
	87	++ CCS_MAC_ENVIRON = CCS_MAX_MAC_INDEX,
	88	++#endif
	89	++#ifndef CONFIG_CAITSITH_PTRACE
	90	++ CCS_MAC_PTRACE = CCS_MAX_MAC_INDEX,
	91	++#endif
	92	++#ifndef CONFIG_CAITSITH_SIGNAL
	93	++ CCS_MAC_SIGNAL = CCS_MAX_MAC_INDEX,
	94	++#endif
	95	++#ifndef CONFIG_CAITSITH_CAPABILITY
	96	++ CCS_MAC_USE_NETLINK_SOCKET = CCS_MAX_MAC_INDEX,
	97	++ CCS_MAC_USE_PACKET_SOCKET = CCS_MAX_MAC_INDEX,
	98	++ CCS_MAC_USE_REBOOT = CCS_MAX_MAC_INDEX,
	99	++ CCS_MAC_USE_VHANGUP = CCS_MAX_MAC_INDEX,
	100	++ CCS_MAC_SET_TIME = CCS_MAX_MAC_INDEX,
	101	++ CCS_MAC_SET_PRIORITY = CCS_MAX_MAC_INDEX,
	102	++ CCS_MAC_SET_HOSTNAME = CCS_MAX_MAC_INDEX,
	103	++ CCS_MAC_USE_KERNEL_MODULE = CCS_MAX_MAC_INDEX,
	104	++ CCS_MAC_USE_NEW_KERNEL = CCS_MAX_MAC_INDEX,
	105	++#endif
	106	++#ifndef CONFIG_CAITSITH_AUTO_DOMAIN_TRANSITION
	107	++ CCS_MAC_AUTO_DOMAIN_TRANSITION = CCS_MAX_MAC_INDEX,
	108	++#endif
	109	++#ifndef CONFIG_CAITSITH_MANUAL_DOMAIN_TRANSITION
	110	++ CCS_MAC_MANUAL_DOMAIN_TRANSITION = CCS_MAX_MAC_INDEX,
	111	++#endif
	112	+ } __packed;
	113	+
	114	+ /* Index numbers for statistic information. */
	115	+@@ -471,15 +526,6 @@
52	116	CCS_VALUE_TYPE_HEXADECIMAL,
53	117	} __packed;
54	118

		@@ -66,7 +130,7 @@
66	130	/*
67	131	Index: security/caitsith/policy_io.c
68	132	===================================================================
69		---- security/caitsith/policy_io.c (revision 56)
	133	+--- security/caitsith/policy_io.c (revision 66)
70	134	+++ security/caitsith/policy_io.c (working copy)
71	135	@@ -106,61 +106,6 @@
72	136	#endif

		@@ -1085,7 +1149,7 @@
1085	1149	{
1086	1150	const char *end;
1087	1151	if (!strchr(address, ':') &&
1088		-@@ -1303,397 +1717,165 @@
	1152	+@@ -1303,397 +1717,169 @@
1089	1153	if (!*end) {
1090	1154	ipv6[0].s6_addr32[0] = ipv6[0].s6_addr32[0];
1091	1155	ipv6[1].s6_addr32[0] = ipv6[0].s6_addr32[0];

		@@ -1163,21 +1227,44 @@
1163	1227	- return CCS_SELF_DOMAIN;
1164	1228	- if (!strcmp(word, "exe"))
1165	1229	- return CCS_SELF_EXE;
1166		-- }
	1230	++ if (mac == CCS_MAC_EXECUTE \|\| mac == CCS_MAC_ENVIRON) {
	1231	++ tmp->type = CCS_TYPE_STRING;
	1232	++ if (!strncmp(word, "argv[", 5)) {
	1233	++ word += 5;
	1234	++ if (ccs_parse_ulong(&tmp->argv, &word) ==
	1235	++ CCS_VALUE_TYPE_DECIMAL && !strcmp(word, "]"))
	1236	++ return CCS_ARGV_ENTRY;
	1237	++ } else if (!strncmp(word, "envp[\"", 6)) {
	1238	++ char *end = word + strlen(word) - 2;
	1239	++ if (!strcmp(end, "\"]")) {
	1240	++ *end = '\0';
	1241	++ tmp->envp = ccs_get_name(word + 6);
	1242	++ if (tmp->envp)
	1243	++ return CCS_ENVP_ENTRY;
	1244	++ }
	1245	++ }
	1246	+ }
1167	1247	- return CCS_MAX_CONDITION_KEYWORD;
1168		--}
1169		--
1170		--/**
	1248	++ return CCS_INVALID_CONDITION;
	1249	+ }
	1250	+
	1251	+ /**
1171	1252	- * ccs_parse_syscall_arg - Find index for variable's name.
1172		-- *
1173		-- * @word: Keyword to search.
	1253	++ * ccs_parse_righthand - Parse special righthand conditions.
	1254	+ *
	1255	+ * @word: Keyword to search.
1174	1256	- * @type: One of values in "enum ccs_mac_index".
1175		-- *
	1257	++ * @head: Pointer to "struct ccs_io_buffer".
	1258	++ * @tmp: Pointer to "struct ccs_cond_tmp".
	1259	+ *
1176	1260	- * Returns one of "ccs_conditions_index" value.
1177		-- */
	1261	++ * Returns one of values in "enum ccs_conditions_index".
	1262	+ */
1178	1263	-static enum ccs_conditions_index ccs_parse_syscall_arg
1179	1264	-(const char *word, const enum ccs_mac_index type)
1180		--{
	1265	++static enum ccs_conditions_index ccs_parse_righthand
	1266	++(char word, struct ccs_io_buffer head, struct ccs_cond_tmp *tmp)
	1267	+ {
1181	1268	- switch (type) {
1182	1269	- case CCS_MAC_READ:
1183	1270	- case CCS_MAC_WRITE:

		@@ -1223,22 +1310,7 @@
1223	1310	- return CCS_COND_NARG1;
1224	1311	- if (!strcmp(word, "dev_minor"))
1225	1312	- return CCS_COND_NARG2;
1226		-+ if (mac == CCS_MAC_EXECUTE \|\| mac == CCS_MAC_ENVIRON) {
1227		-+ tmp->type = CCS_TYPE_STRING;
1228		-+ if (!strncmp(word, "argv[", 5)) {
1229		-+ word += 5;
1230		-+ if (ccs_parse_ulong(&tmp->argv, &word) ==
1231		-+ CCS_VALUE_TYPE_DECIMAL && !strcmp(word, "]"))
1232		-+ return CCS_ARGV_ENTRY;
1233		-+ } else if (!strncmp(word, "envp[\"", 6)) {
1234		-+ char *end = word + strlen(word) - 2;
1235		-+ if (!strcmp(end, "\"]")) {
1236		-+ *end = '\0';
1237		-+ tmp->envp = ccs_get_name(word + 6);
1238		-+ if (tmp->envp)
1239		-+ return CCS_ENVP_ENTRY;
1240		-+ }
1241		- }
	1313	+- }
1242	1314	- break;
1243	1315	- case CCS_MAC_LINK:
1244	1316	- case CCS_MAC_RENAME:

		@@ -1271,7 +1343,27 @@
1271	1343	- if (!strcmp(word, "put_old"))
1272	1344	- return CCS_COND_SARG1;
1273	1345	- break;
1274		--#ifdef CONFIG_CAITSITH_NETWORK
	1346	++ const enum ccs_var_type type = tmp->type;
	1347	++ dprintk(KERN_WARNING "%u: tmp->left=%u type=%u\n",
	1348	++ __LINE__, tmp->left, type);
	1349	++ if (type == CCS_TYPE_ASSIGN) {
	1350	++ if (tmp->is_not)
	1351	++ goto out;
	1352	++ if (tmp->left != CCS_MAC_AUTO_DOMAIN_TRANSITION &&
	1353	++ !strcmp(word, "NULL"))
	1354	++ goto null_word;
	1355	++ tmp->path = ccs_get_dqword(word);
	1356	++ if (tmp->path && tmp->path->const_len == tmp->path->total_len)
	1357	++ return CCS_IMM_NAME_ENTRY;
	1358	++ goto out;
	1359	++ }
	1360	++ if (word[0] == '@' && word[1]) {
	1361	++ enum ccs_group_id g;
	1362	++ if (type == CCS_TYPE_NUMBER \|\| type == CCS_TYPE_FILEPERM)
	1363	++ g = CCS_NUMBER_GROUP;
	1364	++ else if (type == CCS_TYPE_STRING)
	1365	++ g = CCS_STRING_GROUP;
	1366	+ #ifdef CONFIG_CAITSITH_NETWORK
1275	1367	- case CCS_MAC_INET_STREAM_BIND:
1276	1368	- case CCS_MAC_INET_STREAM_LISTEN:
1277	1369	- case CCS_MAC_INET_STREAM_CONNECT:

		@@ -1306,7 +1398,9 @@
1306	1398	- if (!strcmp(word, "addr"))
1307	1399	- return CCS_COND_SARG0;
1308	1400	- break;
1309		--#endif
	1401	++ else if (type == CCS_TYPE_IPADDR)
	1402	++ g = CCS_IP_GROUP;
	1403	+ #endif
1310	1404	-#ifdef CONFIG_CAITSITH_ENVIRON
1311	1405	- case CCS_MAC_ENVIRON:
1312	1406	- if (!strcmp(word, "path"))

		@@ -1341,28 +1435,28 @@
1341	1435	-#endif
1342	1436	- default:
1343	1437	- break;
	1438	++ else
	1439	++ goto out;
	1440	++ head->w.data = word + 1;
	1441	++ tmp->group = ccs_get_group(head, g);
	1442	++ if (tmp->group)
	1443	++ return CCS_IMM_GROUP;
	1444	++ goto out;
1344	1445	}
1345	1446	- return CCS_MAX_CONDITION_KEYWORD;
1346		-+ return CCS_INVALID_CONDITION;
1347		- }
1348		-
1349		- /**
	1447	+-}
	1448	+-
	1449	+-/**
1350	1450	- * ccs_parse_path_attributes - Find index for variable's name.
1351		-+ * ccs_parse_righthand - Parse special righthand conditions.
1352		- *
1353		- * @word: Keyword to search.
	1451	+- *
	1452	+- * @word: Keyword to search.
1354	1453	- * @type: One of values in "enum ccs_mac_index".
1355		-+ * @head: Pointer to "struct ccs_io_buffer".
1356		-+ * @tmp: Pointer to "struct ccs_cond_tmp".
1357		- *
	1454	+- *
1358	1455	- * Returns one of "ccs_conditions_index" value.
1359		-+ * Returns one of values in "enum ccs_conditions_index".
1360		- */
	1456	+- */
1361	1457	-static enum ccs_conditions_index ccs_parse_path_attribute
1362	1458	-(char *word, const enum ccs_mac_index type)
1363		-+static enum ccs_conditions_index ccs_parse_righthand
1364		-+(char word, struct ccs_io_buffer head, struct ccs_cond_tmp *tmp)
1365		- {
	1459	+-{
1366	1460	- u8 i;
1367	1461	- enum ccs_conditions_index start;
1368	1462	- switch (type) {

		@@ -1428,44 +1522,6 @@
1428	1522	- break;
1429	1523	- default:
1430	1524	- break;
1431		-+ const enum ccs_var_type type = tmp->type;
1432		-+ dprintk(KERN_WARNING "%u: tmp->left=%u type=%u\n",
1433		-+ __LINE__, tmp->left, type);
1434		-+ if (type == CCS_TYPE_ASSIGN) {
1435		-+ if (tmp->is_not)
1436		-+ goto out;
1437		-+ if (tmp->left != CCS_MAC_AUTO_DOMAIN_TRANSITION &&
1438		-+ !strcmp(word, "NULL"))
1439		-+ goto null_word;
1440		-+ tmp->path = ccs_get_dqword(word);
1441		-+ if (tmp->path && tmp->path->const_len == tmp->path->total_len)
1442		-+ return CCS_IMM_NAME_ENTRY;
1443		-+ goto out;
1444		- }
1445		-- goto out;
1446		--path1_parent:
1447		-- if (strncmp(word, ".parent", 7))
1448		-+ if (word[0] == '@' && word[1]) {
1449		-+ enum ccs_group_id g;
1450		-+ if (type == CCS_TYPE_NUMBER \|\| type == CCS_TYPE_FILEPERM)
1451		-+ g = CCS_NUMBER_GROUP;
1452		-+ else if (type == CCS_TYPE_STRING)
1453		-+ g = CCS_STRING_GROUP;
1454		-+ else if (type == CCS_TYPE_IPADDR)
1455		-+ g = CCS_IP_GROUP;
1456		-+ else
1457		-+ goto out;
1458		-+ head->w.data = word + 1;
1459		-+ tmp->group = ccs_get_group(head, g);
1460		-+ if (tmp->group)
1461		-+ return CCS_IMM_GROUP;
1462		- goto out;
1463		--path1:
1464		-- start = CCS_PATH_ATTRIBUTE_START;
1465		-- goto check;
1466		--path2_parent:
1467		-- if (strncmp(word, ".parent", 7))
1468		-+ }
1469	1525	+ if (type == CCS_TYPE_NUMBER \|\| type == CCS_TYPE_FILEPERM) {
1470	1526	+ tmp->radix = ccs_parse_values(word, tmp->value);
1471	1527	+ if (tmp->radix == CCS_VALUE_TYPE_INVALID)

		@@ -1474,7 +1530,10 @@
1474	1530	+ return CCS_IMM_NUMBER_ENTRY2;
1475	1531	+ else
1476	1532	+ return CCS_IMM_NUMBER_ENTRY1;
1477		-+ }
	1533	+ }
	1534	+- goto out;
	1535	+-path1_parent:
	1536	+- if (strncmp(word, ".parent", 7))
1478	1537	+ if (type == CCS_TYPE_STRING) {
1479	1538	+ dprintk(KERN_WARNING "%u: word='%s'\n", __LINE__, word);
1480	1539	+ if (!strcmp(word, "NULL"))

		@@ -1485,6 +1544,12 @@
1485	1544	+ if (tmp->path)
1486	1545	+ return CCS_IMM_NAME_ENTRY;
1487	1546	goto out;
	1547	+-path1:
	1548	+- start = CCS_PATH_ATTRIBUTE_START;
	1549	+- goto check;
	1550	+-path2_parent:
	1551	+- if (strncmp(word, ".parent", 7))
	1552	+- goto out;
1488	1553	-path2:
1489	1554	- start = CCS_PATH_ATTRIBUTE_START + 32;
1490	1555	-check:

		@@ -1495,8 +1560,10 @@
1495	1560	- if (!strcmp(word, ccs_path_attribute[i]))
1496	1561	- return start + i;
1497	1562	+ }
	1563	++#ifdef CONFIG_CAITSITH_NETWORK
1498	1564	+ if (type == CCS_TYPE_IPADDR)
1499	1565	+ return ccs_parse_ipaddr(word, tmp->ipv6);
	1566	++#endif
1500	1567	out:
1501	1568	- return CCS_MAX_CONDITION_KEYWORD;
1502	1569	+ dprintk(KERN_WARNING "%u: righthand failed\n", __LINE__);

		@@ -1596,7 +1663,7 @@
1596	1663	* ccs_parse_cond - Parse single condition.
1597	1664	*
1598	1665	* @tmp: Pointer to "struct ccs_cond_tmp".
1599		-@@ -1704,10 +1886,12 @@
	1666	+@@ -1704,10 +1890,12 @@
1600	1667	static bool ccs_parse_cond(struct ccs_cond_tmp *tmp,
1601	1668	struct ccs_io_buffer *head)
1602	1669	{

		@@ -1611,7 +1678,7 @@
1611	1678	right = strchr(left, '=');
1612	1679	if (!right \|\| right == left)
1613	1680	return false;
1614		-@@ -1717,155 +1901,29 @@
	1681	+@@ -1717,155 +1905,29 @@
1615	1682	*(right - 2) = '\0';
1616	1683	if (!left \|\| !right)
1617	1684	return false;

		@@ -1788,7 +1855,7 @@
1788	1855	}
1789	1856
1790	1857	/**
1791		-@@ -1899,8 +1957,10 @@
	1858	+@@ -1899,8 +1961,10 @@
1792	1859	condp = (union ccs_condition_element *) (entry + 1);
1793	1860	while (1) {
1794	1861	memset(&tmp, 0, sizeof(tmp));

		@@ -1801,7 +1868,7 @@
1801	1868	while (*pos == ' ')
1802	1869	pos++;
1803	1870	if (!*pos)
1804		-@@ -1984,8 +2044,8 @@
	1871	+@@ -1984,8 +2048,8 @@
1805	1872	entry->size = (void ) condp - (void ) entry;
1806	1873	return ccs_commit_condition(entry);
1807	1874	out:

		@@ -1812,7 +1879,7 @@
1812	1879	tmp.path ? tmp.path->name : "",
1813	1880	tmp.group ? tmp.group->group_name->name : "");
1814	1881	ccs_put_name(tmp.envp);
1815		-@@ -2342,51 +2402,25 @@
	1882	+@@ -2342,51 +2406,25 @@
1816	1883	}
1817	1884
1818	1885	/**

		@@ -1876,7 +1943,7 @@
1876	1943	}
1877	1944
1878	1945	/**
1879		-@@ -2424,32 +2458,8 @@
	1946	+@@ -2424,32 +2462,8 @@
1880	1947	condp++;
1881	1948	ccs_set_string(head, "\"]");
1882	1949	break;

		@@ -1910,7 +1977,7 @@
1910	1977	}
1911	1978	ccs_set_string(head, is_not ? "!=" : "=");
1912	1979	switch (right) {
1913		-@@ -2503,7 +2513,7 @@
	1980	+@@ -2503,7 +2517,7 @@
1914	1981	break;
1915	1982	#endif
1916	1983	default:

		@@ -1919,7 +1986,7 @@
1919	1986	}
1920	1987	}
1921	1988	head->r.cond = NULL;
1922		-@@ -2688,12 +2698,12 @@
	1989	+@@ -2688,12 +2702,12 @@
1923	1990	} else {
1924	1991	#ifdef CONFIG_CAITSITH_NETWORK
1925	1992	switch (ccs_parse_ipaddr(word, e.address.ip)) {

		@@ -1936,7 +2003,7 @@
1936	2003	e.address.is_ipv6 = true;
1937	2004	break;
1938	2005	default:
1939		-@@ -3407,36 +3417,62 @@
	2006	+@@ -3407,36 +3421,62 @@
1940	2007	goto no_obj_info;
1941	2008	ccs_get_attributes(r);
1942	2009	for (i = 0; i < CCS_MAX_PATH_STAT; i++) {

		@@ -2020,7 +2087,7 @@
2020	2087	}
2021	2088	no_obj_info:
2022	2089	if (pos < ccs_buffer_len - 1)
2023		-@@ -3553,6 +3589,9 @@
	2090	+@@ -3553,6 +3593,9 @@
2024	2091	case CCS_MAC_MOUNT:
2025	2092	pos = 0;
2026	2093	for (i = 0; i < 4; i++) {

		@@ -2030,7 +2097,7 @@
2030	2097	if (i == 3)
2031	2098	pos += snprintf(buf + pos, pos < len ?
2032	2099	len - pos : 0, " flags=0x%lX",
2033		-@@ -3560,8 +3599,7 @@
	2100	+@@ -3560,8 +3603,7 @@
2034	2101	if (!r->param.s[i])
2035	2102	continue;
2036	2103	pos += snprintf(buf + pos, pos < len ? len - pos : 0,

旧リポジトリブラウザで表示