(empty log message)
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 150 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.4.22.orig/fs/exec.c | |
32 | -+++ linux-4.4.22/fs/exec.c | |
31 | +--- linux-4.4.23.orig/fs/exec.c | |
32 | ++++ linux-4.4.23/fs/exec.c | |
33 | 33 | @@ -1467,7 +1467,7 @@ static int exec_binprm(struct linux_binp |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.4.22.orig/fs/open.c | |
43 | -+++ linux-4.4.22/fs/open.c | |
42 | +--- linux-4.4.23.orig/fs/open.c | |
43 | ++++ linux-4.4.23/fs/open.c | |
44 | 44 | @@ -1111,6 +1111,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.4.22.orig/fs/proc/version.c | |
54 | -+++ linux-4.4.22/fs/proc/version.c | |
53 | +--- linux-4.4.23.orig/fs/proc/version.c | |
54 | ++++ linux-4.4.23/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.4.22 2016/09/24\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.4.23 2016/10/01\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.4.22.orig/include/linux/init_task.h | |
67 | -+++ linux-4.4.22/include/linux/init_task.h | |
66 | +--- linux-4.4.23.orig/include/linux/init_task.h | |
67 | ++++ linux-4.4.23/include/linux/init_task.h | |
68 | 68 | @@ -183,6 +183,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_KASAN(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.4.22.orig/include/linux/sched.h | |
92 | -+++ linux-4.4.22/include/linux/sched.h | |
91 | +--- linux-4.4.23.orig/include/linux/sched.h | |
92 | ++++ linux-4.4.23/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.4.22.orig/include/linux/security.h | |
114 | -+++ linux-4.4.22/include/linux/security.h | |
113 | +--- linux-4.4.23.orig/include/linux/security.h | |
114 | ++++ linux-4.4.23/include/linux/security.h | |
115 | 115 | @@ -53,6 +53,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.4.22.orig/include/net/ip.h | |
322 | -+++ linux-4.4.22/include/net/ip.h | |
321 | +--- linux-4.4.23.orig/include/net/ip.h | |
322 | ++++ linux-4.4.23/include/net/ip.h | |
323 | 323 | @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.4.22.orig/kernel/fork.c | |
342 | -+++ linux-4.4.22/kernel/fork.c | |
341 | +--- linux-4.4.23.orig/kernel/fork.c | |
342 | ++++ linux-4.4.23/kernel/fork.c | |
343 | 343 | @@ -258,6 +258,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.4.22.orig/kernel/kexec.c | |
370 | -+++ linux-4.4.22/kernel/kexec.c | |
369 | +--- linux-4.4.23.orig/kernel/kexec.c | |
370 | ++++ linux-4.4.23/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.4.22.orig/kernel/module.c | |
390 | -+++ linux-4.4.22/kernel/module.c | |
389 | +--- linux-4.4.23.orig/kernel/module.c | |
390 | ++++ linux-4.4.23/kernel/module.c | |
391 | 391 | @@ -61,6 +61,7 @@ |
392 | 392 | #include <linux/bsearch.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,8 +414,8 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.4.22.orig/kernel/ptrace.c | |
418 | -+++ linux-4.4.22/kernel/ptrace.c | |
417 | +--- linux-4.4.23.orig/kernel/ptrace.c | |
418 | ++++ linux-4.4.23/kernel/ptrace.c | |
419 | 419 | @@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.4.22.orig/kernel/reboot.c | |
444 | -+++ linux-4.4.22/kernel/reboot.c | |
443 | +--- linux-4.4.23.orig/kernel/reboot.c | |
444 | ++++ linux-4.4.23/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.4.22.orig/kernel/sched/core.c | |
463 | -+++ linux-4.4.22/kernel/sched/core.c | |
462 | +--- linux-4.4.23.orig/kernel/sched/core.c | |
463 | ++++ linux-4.4.23/kernel/sched/core.c | |
464 | 464 | @@ -3548,6 +3548,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.4.22.orig/kernel/signal.c | |
474 | -+++ linux-4.4.22/kernel/signal.c | |
473 | +--- linux-4.4.23.orig/kernel/signal.c | |
474 | ++++ linux-4.4.23/kernel/signal.c | |
475 | 475 | @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.4.22.orig/kernel/sys.c | |
521 | -+++ linux-4.4.22/kernel/sys.c | |
520 | +--- linux-4.4.23.orig/kernel/sys.c | |
521 | ++++ linux-4.4.23/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.4.22.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.4.22/kernel/time/ntp.c | |
551 | +--- linux-4.4.23.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.4.23/kernel/time/ntp.c | |
553 | 553 | @@ -16,6 +16,7 @@ |
554 | 554 | #include <linux/mm.h> |
555 | 555 | #include <linux/module.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.4.22.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.4.22/net/ipv4/raw.c | |
586 | +--- linux-4.4.23.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.4.23/net/ipv4/raw.c | |
588 | 588 | @@ -739,6 +739,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.4.22.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.4.22/net/ipv4/udp.c | |
599 | +--- linux-4.4.23.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.4.23/net/ipv4/udp.c | |
601 | 601 | @@ -1286,6 +1286,10 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -609,8 +609,8 @@ | ||
609 | 609 | |
610 | 610 | ulen = skb->len - sizeof(struct udphdr); |
611 | 611 | copied = len; |
612 | ---- linux-4.4.22.orig/net/ipv6/raw.c | |
613 | -+++ linux-4.4.22/net/ipv6/raw.c | |
612 | +--- linux-4.4.23.orig/net/ipv6/raw.c | |
613 | ++++ linux-4.4.23/net/ipv6/raw.c | |
614 | 614 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk |
615 | 615 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
616 | 616 | if (!skb) |
@@ -622,8 +622,8 @@ | ||
622 | 622 | |
623 | 623 | copied = skb->len; |
624 | 624 | if (copied > len) { |
625 | ---- linux-4.4.22.orig/net/ipv6/udp.c | |
626 | -+++ linux-4.4.22/net/ipv6/udp.c | |
625 | +--- linux-4.4.23.orig/net/ipv6/udp.c | |
626 | ++++ linux-4.4.23/net/ipv6/udp.c | |
627 | 627 | @@ -417,6 +417,10 @@ try_again: |
628 | 628 | &peeked, &off, &err); |
629 | 629 | if (!skb) |
@@ -635,8 +635,8 @@ | ||
635 | 635 | |
636 | 636 | ulen = skb->len - sizeof(struct udphdr); |
637 | 637 | copied = len; |
638 | ---- linux-4.4.22.orig/net/socket.c | |
639 | -+++ linux-4.4.22/net/socket.c | |
638 | +--- linux-4.4.23.orig/net/socket.c | |
639 | ++++ linux-4.4.23/net/socket.c | |
640 | 640 | @@ -1476,6 +1476,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
641 | 641 | if (err < 0) |
642 | 642 | goto out_fd; |
@@ -648,9 +648,9 @@ | ||
648 | 648 | if (upeer_sockaddr) { |
649 | 649 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
650 | 650 | &len, 2) < 0) { |
651 | ---- linux-4.4.22.orig/net/unix/af_unix.c | |
652 | -+++ linux-4.4.22/net/unix/af_unix.c | |
653 | -@@ -2147,6 +2147,10 @@ static int unix_dgram_recvmsg(struct soc | |
651 | +--- linux-4.4.23.orig/net/unix/af_unix.c | |
652 | ++++ linux-4.4.23/net/unix/af_unix.c | |
653 | +@@ -2134,6 +2134,10 @@ static int unix_dgram_recvmsg(struct soc | |
654 | 654 | wake_up_interruptible_sync_poll(&u->peer_wait, |
655 | 655 | POLLOUT | POLLWRNORM | POLLWRBAND); |
656 | 656 |
@@ -661,8 +661,8 @@ | ||
661 | 661 | if (msg->msg_name) |
662 | 662 | unix_copy_addr(msg, skb->sk); |
663 | 663 | |
664 | ---- linux-4.4.22.orig/security/Kconfig | |
665 | -+++ linux-4.4.22/security/Kconfig | |
664 | +--- linux-4.4.23.orig/security/Kconfig | |
665 | ++++ linux-4.4.23/security/Kconfig | |
666 | 666 | @@ -163,5 +163,7 @@ config DEFAULT_SECURITY |
667 | 667 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
668 | 668 | default "" if DEFAULT_SECURITY_DAC |
@@ -671,8 +671,8 @@ | ||
671 | 671 | + |
672 | 672 | endmenu |
673 | 673 | |
674 | ---- linux-4.4.22.orig/security/Makefile | |
675 | -+++ linux-4.4.22/security/Makefile | |
674 | +--- linux-4.4.23.orig/security/Makefile | |
675 | ++++ linux-4.4.23/security/Makefile | |
676 | 676 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
677 | 677 | # Object integrity file lists |
678 | 678 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 147 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.7.5.orig/fs/exec.c | |
32 | -+++ linux-4.7.5/fs/exec.c | |
31 | +--- linux-4.7.6.orig/fs/exec.c | |
32 | ++++ linux-4.7.6/fs/exec.c | |
33 | 33 | @@ -1580,7 +1580,7 @@ static int exec_binprm(struct linux_binp |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.7.5.orig/fs/open.c | |
43 | -+++ linux-4.7.5/fs/open.c | |
42 | +--- linux-4.7.6.orig/fs/open.c | |
43 | ++++ linux-4.7.6/fs/open.c | |
44 | 44 | @@ -1108,6 +1108,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.7.5.orig/fs/proc/version.c | |
54 | -+++ linux-4.7.5/fs/proc/version.c | |
53 | +--- linux-4.7.6.orig/fs/proc/version.c | |
54 | ++++ linux-4.7.6/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.7.5 2016/09/24\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.7.6 2016/10/01\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.7.5.orig/include/linux/init_task.h | |
67 | -+++ linux-4.7.5/include/linux/init_task.h | |
66 | +--- linux-4.7.6.orig/include/linux/init_task.h | |
67 | ++++ linux-4.7.6/include/linux/init_task.h | |
68 | 68 | @@ -183,6 +183,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_KASAN(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.7.5.orig/include/linux/sched.h | |
92 | -+++ linux-4.7.5/include/linux/sched.h | |
91 | +--- linux-4.7.6.orig/include/linux/sched.h | |
92 | ++++ linux-4.7.6/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.7.5.orig/include/linux/security.h | |
114 | -+++ linux-4.7.5/include/linux/security.h | |
113 | +--- linux-4.7.6.orig/include/linux/security.h | |
114 | ++++ linux-4.7.6/include/linux/security.h | |
115 | 115 | @@ -55,6 +55,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.7.5.orig/include/net/ip.h | |
322 | -+++ linux-4.7.5/include/net/ip.h | |
321 | +--- linux-4.7.6.orig/include/net/ip.h | |
322 | ++++ linux-4.7.6/include/net/ip.h | |
323 | 323 | @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.7.5.orig/kernel/fork.c | |
342 | -+++ linux-4.7.5/kernel/fork.c | |
341 | +--- linux-4.7.6.orig/kernel/fork.c | |
342 | ++++ linux-4.7.6/kernel/fork.c | |
343 | 343 | @@ -267,6 +267,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.7.5.orig/kernel/kexec.c | |
370 | -+++ linux-4.7.5/kernel/kexec.c | |
369 | +--- linux-4.7.6.orig/kernel/kexec.c | |
370 | ++++ linux-4.7.6/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.7.5.orig/kernel/module.c | |
390 | -+++ linux-4.7.5/kernel/module.c | |
389 | +--- linux-4.7.6.orig/kernel/module.c | |
390 | ++++ linux-4.7.6/kernel/module.c | |
391 | 391 | @@ -62,6 +62,7 @@ |
392 | 392 | #include <linux/bsearch.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,8 +414,8 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.7.5.orig/kernel/ptrace.c | |
418 | -+++ linux-4.7.5/kernel/ptrace.c | |
417 | +--- linux-4.7.6.orig/kernel/ptrace.c | |
418 | ++++ linux-4.7.6/kernel/ptrace.c | |
419 | 419 | @@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.7.5.orig/kernel/reboot.c | |
444 | -+++ linux-4.7.5/kernel/reboot.c | |
443 | +--- linux-4.7.6.orig/kernel/reboot.c | |
444 | ++++ linux-4.7.6/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.7.5.orig/kernel/sched/core.c | |
463 | -+++ linux-4.7.5/kernel/sched/core.c | |
462 | +--- linux-4.7.6.orig/kernel/sched/core.c | |
463 | ++++ linux-4.7.6/kernel/sched/core.c | |
464 | 464 | @@ -3746,6 +3746,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.7.5.orig/kernel/signal.c | |
474 | -+++ linux-4.7.5/kernel/signal.c | |
473 | +--- linux-4.7.6.orig/kernel/signal.c | |
474 | ++++ linux-4.7.6/kernel/signal.c | |
475 | 475 | @@ -2851,6 +2851,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.7.5.orig/kernel/sys.c | |
521 | -+++ linux-4.7.5/kernel/sys.c | |
520 | +--- linux-4.7.6.orig/kernel/sys.c | |
521 | ++++ linux-4.7.6/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.7.5.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.7.5/kernel/time/ntp.c | |
551 | +--- linux-4.7.6.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.7.6/kernel/time/ntp.c | |
553 | 553 | @@ -17,6 +17,7 @@ |
554 | 554 | #include <linux/module.h> |
555 | 555 | #include <linux/rtc.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.7.5.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.7.5/net/ipv4/raw.c | |
586 | +--- linux-4.7.6.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.7.6/net/ipv4/raw.c | |
588 | 588 | @@ -742,6 +742,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.7.5.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.7.5/net/ipv4/udp.c | |
599 | +--- linux-4.7.6.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.7.6/net/ipv4/udp.c | |
601 | 601 | @@ -1272,6 +1272,8 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len; |
609 | 609 | copied = len; |
610 | ---- linux-4.7.5.orig/net/ipv6/raw.c | |
611 | -+++ linux-4.7.5/net/ipv6/raw.c | |
610 | +--- linux-4.7.6.orig/net/ipv6/raw.c | |
611 | ++++ linux-4.7.6/net/ipv6/raw.c | |
612 | 612 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk |
613 | 613 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
614 | 614 | if (!skb) |
@@ -620,8 +620,8 @@ | ||
620 | 620 | |
621 | 621 | copied = skb->len; |
622 | 622 | if (copied > len) { |
623 | ---- linux-4.7.5.orig/net/ipv6/udp.c | |
624 | -+++ linux-4.7.5/net/ipv6/udp.c | |
623 | +--- linux-4.7.6.orig/net/ipv6/udp.c | |
624 | ++++ linux-4.7.6/net/ipv6/udp.c | |
625 | 625 | @@ -348,6 +348,8 @@ try_again: |
626 | 626 | &peeked, &off, &err); |
627 | 627 | if (!skb) |
@@ -631,8 +631,8 @@ | ||
631 | 631 | |
632 | 632 | ulen = skb->len; |
633 | 633 | copied = len; |
634 | ---- linux-4.7.5.orig/net/socket.c | |
635 | -+++ linux-4.7.5/net/socket.c | |
634 | +--- linux-4.7.6.orig/net/socket.c | |
635 | ++++ linux-4.7.6/net/socket.c | |
636 | 636 | @@ -1469,6 +1469,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
637 | 637 | if (err < 0) |
638 | 638 | goto out_fd; |
@@ -644,8 +644,8 @@ | ||
644 | 644 | if (upeer_sockaddr) { |
645 | 645 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
646 | 646 | &len, 2) < 0) { |
647 | ---- linux-4.7.5.orig/net/unix/af_unix.c | |
648 | -+++ linux-4.7.5/net/unix/af_unix.c | |
647 | +--- linux-4.7.6.orig/net/unix/af_unix.c | |
648 | ++++ linux-4.7.6/net/unix/af_unix.c | |
649 | 649 | @@ -2139,6 +2139,10 @@ static int unix_dgram_recvmsg(struct soc |
650 | 650 | POLLOUT | POLLWRNORM | |
651 | 651 | POLLWRBAND); |
@@ -665,8 +665,8 @@ | ||
665 | 665 | mutex_unlock(&u->iolock); |
666 | 666 | out: |
667 | 667 | return err; |
668 | ---- linux-4.7.5.orig/security/Kconfig | |
669 | -+++ linux-4.7.5/security/Kconfig | |
668 | +--- linux-4.7.6.orig/security/Kconfig | |
669 | ++++ linux-4.7.6/security/Kconfig | |
670 | 670 | @@ -164,5 +164,7 @@ config DEFAULT_SECURITY |
671 | 671 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
672 | 672 | default "" if DEFAULT_SECURITY_DAC |
@@ -675,8 +675,8 @@ | ||
675 | 675 | + |
676 | 676 | endmenu |
677 | 677 | |
678 | ---- linux-4.7.5.orig/security/Makefile | |
679 | -+++ linux-4.7.5/security/Makefile | |
678 | +--- linux-4.7.6.orig/security/Makefile | |
679 | ++++ linux-4.7.6/security/Makefile | |
680 | 680 | @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
681 | 681 | # Object integrity file lists |
682 | 682 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -9,8 +9,8 @@ | ||
9 | 9 | # |
10 | 10 | |
11 | 11 | BINDIR = '"'$(shell readlink -f /bin)'"' |
12 | -#POLDIR = '"/sys/kernel/security/caitsith"' | |
13 | -POLDIR = '"/proc/caitsith"' | |
12 | +POLDIR = '"/sys/kernel/security/caitsith"' | |
13 | +#POLDIR = '"/proc/caitsith"' | |
14 | 14 | |
15 | 15 | .c: |
16 | 16 | $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DBINDIR=$(BINDIR) -DPOLDIR=$(POLDIR) -o $@ $< |
@@ -117,9 +117,6 @@ | ||
117 | 117 | !S_ISDIR(buf.st_mode)) |
118 | 118 | security_unmount = !mount("none", "/sys/kernel/security", |
119 | 119 | "securityfs", 0, NULL); |
120 | - /* Try proc interface if securityfs interface does not exist. */ | |
121 | - if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode)) | |
122 | - proc_policy = "/proc/caitsith/policy"; | |
123 | 120 | |
124 | 121 | /* |
125 | 122 | * Open /dev/console if stdio are not connected. |
@@ -139,7 +136,7 @@ | ||
139 | 136 | } |
140 | 137 | |
141 | 138 | /* Load kernel module if needed. */ |
142 | - if (lstat(proc_policy, &buf)) { | |
139 | + if (lstat(proc_policy, &buf) && lstat("/proc/caitsith", &buf)) { | |
143 | 140 | if (!access("/etc/caitsith/caitsith-load-module", X_OK)) { |
144 | 141 | const pid_t pid = fork(); |
145 | 142 | switch (pid) { |
@@ -156,6 +153,10 @@ | ||
156 | 153 | } |
157 | 154 | } |
158 | 155 | |
156 | + /* Try proc interface if securityfs interface does not exist. */ | |
157 | + if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode)) | |
158 | + proc_policy = "/proc/caitsith/policy"; | |
159 | + | |
159 | 160 | /* Stop if policy interface doesn't exist. */ |
160 | 161 | if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode)) { |
161 | 162 | printf("FATAL: Policy interface %s does not exist.\n", |