OSDN -- Develop and Download Open Source Software
  • R/O
  • SSH
  • HTTPS

caitsith: Commit


Commit MetaInfo

Revision212 (tree)
Time2016-10-02 23:36:35
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- trunk/caitsith-patch/patches/ccs-patch-4.4.diff (revision 211)
+++ trunk/caitsith-patch/patches/ccs-patch-4.4.diff (revision 212)
@@ -28,8 +28,8 @@
2828 security/Makefile | 3 ++
2929 24 files changed, 150 insertions(+), 26 deletions(-)
3030
31---- linux-4.4.22.orig/fs/exec.c
32-+++ linux-4.4.22/fs/exec.c
31+--- linux-4.4.23.orig/fs/exec.c
32++++ linux-4.4.23/fs/exec.c
3333 @@ -1467,7 +1467,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.4.22.orig/fs/open.c
43-+++ linux-4.4.22/fs/open.c
42+--- linux-4.4.23.orig/fs/open.c
43++++ linux-4.4.23/fs/open.c
4444 @@ -1111,6 +1111,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.4.22.orig/fs/proc/version.c
54-+++ linux-4.4.22/fs/proc/version.c
53+--- linux-4.4.23.orig/fs/proc/version.c
54++++ linux-4.4.23/fs/proc/version.c
5555 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.4.22 2016/09/24\n");
62++ printk(KERN_INFO "Hook version: 4.4.23 2016/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.4.22.orig/include/linux/init_task.h
67-+++ linux-4.4.22/include/linux/init_task.h
66+--- linux-4.4.23.orig/include/linux/init_task.h
67++++ linux-4.4.23/include/linux/init_task.h
6868 @@ -183,6 +183,14 @@ extern struct task_group root_task_group
6969 # define INIT_KASAN(tsk)
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.4.22.orig/include/linux/sched.h
92-+++ linux-4.4.22/include/linux/sched.h
91+--- linux-4.4.23.orig/include/linux/sched.h
92++++ linux-4.4.23/include/linux/sched.h
9393 @@ -6,6 +6,8 @@
9494 #include <linux/sched/prio.h>
9595
@@ -110,8 +110,8 @@
110110 /* CPU-specific state of this task */
111111 struct thread_struct thread;
112112 /*
113---- linux-4.4.22.orig/include/linux/security.h
114-+++ linux-4.4.22/include/linux/security.h
113+--- linux-4.4.23.orig/include/linux/security.h
114++++ linux-4.4.23/include/linux/security.h
115115 @@ -53,6 +53,7 @@ struct msg_queue;
116116 struct xattr;
117117 struct xfrm_sec_ctx;
@@ -318,8 +318,8 @@
318318 }
319319 #endif /* CONFIG_SECURITY_PATH */
320320
321---- linux-4.4.22.orig/include/net/ip.h
322-+++ linux-4.4.22/include/net/ip.h
321+--- linux-4.4.23.orig/include/net/ip.h
322++++ linux-4.4.23/include/net/ip.h
323323 @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne
324324 #ifdef CONFIG_SYSCTL
325325 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -338,8 +338,8 @@
338338 return 0;
339339 }
340340 #endif
341---- linux-4.4.22.orig/kernel/fork.c
342-+++ linux-4.4.22/kernel/fork.c
341+--- linux-4.4.23.orig/kernel/fork.c
342++++ linux-4.4.23/kernel/fork.c
343343 @@ -258,6 +258,7 @@ void __put_task_struct(struct task_struc
344344 delayacct_tsk_free(tsk);
345345 put_signal_struct(tsk->signal);
@@ -366,8 +366,8 @@
366366 bad_fork_cleanup_perf:
367367 perf_event_free_task(p);
368368 bad_fork_cleanup_policy:
369---- linux-4.4.22.orig/kernel/kexec.c
370-+++ linux-4.4.22/kernel/kexec.c
369+--- linux-4.4.23.orig/kernel/kexec.c
370++++ linux-4.4.23/kernel/kexec.c
371371 @@ -17,7 +17,7 @@
372372 #include <linux/syscalls.h>
373373 #include <linux/vmalloc.h>
@@ -386,8 +386,8 @@
386386
387387 /*
388388 * Verify we have a legal set of flags
389---- linux-4.4.22.orig/kernel/module.c
390-+++ linux-4.4.22/kernel/module.c
389+--- linux-4.4.23.orig/kernel/module.c
390++++ linux-4.4.23/kernel/module.c
391391 @@ -61,6 +61,7 @@
392392 #include <linux/bsearch.h>
393393 #include <uapi/linux/module.h>
@@ -414,8 +414,8 @@
414414
415415 return 0;
416416 }
417---- linux-4.4.22.orig/kernel/ptrace.c
418-+++ linux-4.4.22/kernel/ptrace.c
417+--- linux-4.4.23.orig/kernel/ptrace.c
418++++ linux-4.4.23/kernel/ptrace.c
419419 @@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420420 {
421421 struct task_struct *child;
@@ -440,8 +440,8 @@
440440
441441 if (request == PTRACE_TRACEME) {
442442 ret = ptrace_traceme();
443---- linux-4.4.22.orig/kernel/reboot.c
444-+++ linux-4.4.22/kernel/reboot.c
443+--- linux-4.4.23.orig/kernel/reboot.c
444++++ linux-4.4.23/kernel/reboot.c
445445 @@ -16,6 +16,7 @@
446446 #include <linux/syscalls.h>
447447 #include <linux/syscore_ops.h>
@@ -459,8 +459,8 @@
459459
460460 /*
461461 * If pid namespaces are enabled and the current task is in a child
462---- linux-4.4.22.orig/kernel/sched/core.c
463-+++ linux-4.4.22/kernel/sched/core.c
462+--- linux-4.4.23.orig/kernel/sched/core.c
463++++ linux-4.4.23/kernel/sched/core.c
464464 @@ -3548,6 +3548,8 @@ int can_nice(const struct task_struct *p
465465 SYSCALL_DEFINE1(nice, int, increment)
466466 {
@@ -470,8 +470,8 @@
470470
471471 /*
472472 * Setpriority might change our priority at the same moment.
473---- linux-4.4.22.orig/kernel/signal.c
474-+++ linux-4.4.22/kernel/signal.c
473+--- linux-4.4.23.orig/kernel/signal.c
474++++ linux-4.4.23/kernel/signal.c
475475 @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476476 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477477 {
@@ -517,8 +517,8 @@
517517
518518 return do_send_specific(tgid, pid, sig, info);
519519 }
520---- linux-4.4.22.orig/kernel/sys.c
521-+++ linux-4.4.22/kernel/sys.c
520+--- linux-4.4.23.orig/kernel/sys.c
521++++ linux-4.4.23/kernel/sys.c
522522 @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523523
524524 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -548,8 +548,8 @@
548548
549549 down_write(&uts_sem);
550550 errno = -EFAULT;
551---- linux-4.4.22.orig/kernel/time/ntp.c
552-+++ linux-4.4.22/kernel/time/ntp.c
551+--- linux-4.4.23.orig/kernel/time/ntp.c
552++++ linux-4.4.23/kernel/time/ntp.c
553553 @@ -16,6 +16,7 @@
554554 #include <linux/mm.h>
555555 #include <linux/module.h>
@@ -583,8 +583,8 @@
583583
584584 if (txc->modes & ADJ_NANO) {
585585 struct timespec ts;
586---- linux-4.4.22.orig/net/ipv4/raw.c
587-+++ linux-4.4.22/net/ipv4/raw.c
586+--- linux-4.4.23.orig/net/ipv4/raw.c
587++++ linux-4.4.23/net/ipv4/raw.c
588588 @@ -739,6 +739,10 @@ static int raw_recvmsg(struct sock *sk,
589589 skb = skb_recv_datagram(sk, flags, noblock, &err);
590590 if (!skb)
@@ -596,8 +596,8 @@
596596
597597 copied = skb->len;
598598 if (len < copied) {
599---- linux-4.4.22.orig/net/ipv4/udp.c
600-+++ linux-4.4.22/net/ipv4/udp.c
599+--- linux-4.4.23.orig/net/ipv4/udp.c
600++++ linux-4.4.23/net/ipv4/udp.c
601601 @@ -1286,6 +1286,10 @@ try_again:
602602 &peeked, &off, &err);
603603 if (!skb)
@@ -609,8 +609,8 @@
609609
610610 ulen = skb->len - sizeof(struct udphdr);
611611 copied = len;
612---- linux-4.4.22.orig/net/ipv6/raw.c
613-+++ linux-4.4.22/net/ipv6/raw.c
612+--- linux-4.4.23.orig/net/ipv6/raw.c
613++++ linux-4.4.23/net/ipv6/raw.c
614614 @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
615615 skb = skb_recv_datagram(sk, flags, noblock, &err);
616616 if (!skb)
@@ -622,8 +622,8 @@
622622
623623 copied = skb->len;
624624 if (copied > len) {
625---- linux-4.4.22.orig/net/ipv6/udp.c
626-+++ linux-4.4.22/net/ipv6/udp.c
625+--- linux-4.4.23.orig/net/ipv6/udp.c
626++++ linux-4.4.23/net/ipv6/udp.c
627627 @@ -417,6 +417,10 @@ try_again:
628628 &peeked, &off, &err);
629629 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = skb->len - sizeof(struct udphdr);
637637 copied = len;
638---- linux-4.4.22.orig/net/socket.c
639-+++ linux-4.4.22/net/socket.c
638+--- linux-4.4.23.orig/net/socket.c
639++++ linux-4.4.23/net/socket.c
640640 @@ -1476,6 +1476,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
641641 if (err < 0)
642642 goto out_fd;
@@ -648,9 +648,9 @@
648648 if (upeer_sockaddr) {
649649 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
650650 &len, 2) < 0) {
651---- linux-4.4.22.orig/net/unix/af_unix.c
652-+++ linux-4.4.22/net/unix/af_unix.c
653-@@ -2147,6 +2147,10 @@ static int unix_dgram_recvmsg(struct soc
651+--- linux-4.4.23.orig/net/unix/af_unix.c
652++++ linux-4.4.23/net/unix/af_unix.c
653+@@ -2134,6 +2134,10 @@ static int unix_dgram_recvmsg(struct soc
654654 wake_up_interruptible_sync_poll(&u->peer_wait,
655655 POLLOUT | POLLWRNORM | POLLWRBAND);
656656
@@ -661,8 +661,8 @@
661661 if (msg->msg_name)
662662 unix_copy_addr(msg, skb->sk);
663663
664---- linux-4.4.22.orig/security/Kconfig
665-+++ linux-4.4.22/security/Kconfig
664+--- linux-4.4.23.orig/security/Kconfig
665++++ linux-4.4.23/security/Kconfig
666666 @@ -163,5 +163,7 @@ config DEFAULT_SECURITY
667667 default "apparmor" if DEFAULT_SECURITY_APPARMOR
668668 default "" if DEFAULT_SECURITY_DAC
@@ -671,8 +671,8 @@
671671 +
672672 endmenu
673673
674---- linux-4.4.22.orig/security/Makefile
675-+++ linux-4.4.22/security/Makefile
674+--- linux-4.4.23.orig/security/Makefile
675++++ linux-4.4.23/security/Makefile
676676 @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
677677 # Object integrity file lists
678678 subdir-$(CONFIG_INTEGRITY) += integrity
--- trunk/caitsith-patch/patches/ccs-patch-4.7.diff (revision 211)
+++ trunk/caitsith-patch/patches/ccs-patch-4.7.diff (revision 212)
@@ -28,8 +28,8 @@
2828 security/Makefile | 3 ++
2929 24 files changed, 147 insertions(+), 26 deletions(-)
3030
31---- linux-4.7.5.orig/fs/exec.c
32-+++ linux-4.7.5/fs/exec.c
31+--- linux-4.7.6.orig/fs/exec.c
32++++ linux-4.7.6/fs/exec.c
3333 @@ -1580,7 +1580,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.7.5.orig/fs/open.c
43-+++ linux-4.7.5/fs/open.c
42+--- linux-4.7.6.orig/fs/open.c
43++++ linux-4.7.6/fs/open.c
4444 @@ -1108,6 +1108,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.7.5.orig/fs/proc/version.c
54-+++ linux-4.7.5/fs/proc/version.c
53+--- linux-4.7.6.orig/fs/proc/version.c
54++++ linux-4.7.6/fs/proc/version.c
5555 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.7.5 2016/09/24\n");
62++ printk(KERN_INFO "Hook version: 4.7.6 2016/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.7.5.orig/include/linux/init_task.h
67-+++ linux-4.7.5/include/linux/init_task.h
66+--- linux-4.7.6.orig/include/linux/init_task.h
67++++ linux-4.7.6/include/linux/init_task.h
6868 @@ -183,6 +183,14 @@ extern struct task_group root_task_group
6969 # define INIT_KASAN(tsk)
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.7.5.orig/include/linux/sched.h
92-+++ linux-4.7.5/include/linux/sched.h
91+--- linux-4.7.6.orig/include/linux/sched.h
92++++ linux-4.7.6/include/linux/sched.h
9393 @@ -6,6 +6,8 @@
9494 #include <linux/sched/prio.h>
9595
@@ -110,8 +110,8 @@
110110 /* CPU-specific state of this task */
111111 struct thread_struct thread;
112112 /*
113---- linux-4.7.5.orig/include/linux/security.h
114-+++ linux-4.7.5/include/linux/security.h
113+--- linux-4.7.6.orig/include/linux/security.h
114++++ linux-4.7.6/include/linux/security.h
115115 @@ -55,6 +55,7 @@ struct msg_queue;
116116 struct xattr;
117117 struct xfrm_sec_ctx;
@@ -318,8 +318,8 @@
318318 }
319319 #endif /* CONFIG_SECURITY_PATH */
320320
321---- linux-4.7.5.orig/include/net/ip.h
322-+++ linux-4.7.5/include/net/ip.h
321+--- linux-4.7.6.orig/include/net/ip.h
322++++ linux-4.7.6/include/net/ip.h
323323 @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne
324324 #ifdef CONFIG_SYSCTL
325325 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -338,8 +338,8 @@
338338 return 0;
339339 }
340340 #endif
341---- linux-4.7.5.orig/kernel/fork.c
342-+++ linux-4.7.5/kernel/fork.c
341+--- linux-4.7.6.orig/kernel/fork.c
342++++ linux-4.7.6/kernel/fork.c
343343 @@ -267,6 +267,7 @@ void __put_task_struct(struct task_struc
344344 delayacct_tsk_free(tsk);
345345 put_signal_struct(tsk->signal);
@@ -366,8 +366,8 @@
366366 bad_fork_cleanup_perf:
367367 perf_event_free_task(p);
368368 bad_fork_cleanup_policy:
369---- linux-4.7.5.orig/kernel/kexec.c
370-+++ linux-4.7.5/kernel/kexec.c
369+--- linux-4.7.6.orig/kernel/kexec.c
370++++ linux-4.7.6/kernel/kexec.c
371371 @@ -17,7 +17,7 @@
372372 #include <linux/syscalls.h>
373373 #include <linux/vmalloc.h>
@@ -386,8 +386,8 @@
386386
387387 /*
388388 * Verify we have a legal set of flags
389---- linux-4.7.5.orig/kernel/module.c
390-+++ linux-4.7.5/kernel/module.c
389+--- linux-4.7.6.orig/kernel/module.c
390++++ linux-4.7.6/kernel/module.c
391391 @@ -62,6 +62,7 @@
392392 #include <linux/bsearch.h>
393393 #include <uapi/linux/module.h>
@@ -414,8 +414,8 @@
414414
415415 return 0;
416416 }
417---- linux-4.7.5.orig/kernel/ptrace.c
418-+++ linux-4.7.5/kernel/ptrace.c
417+--- linux-4.7.6.orig/kernel/ptrace.c
418++++ linux-4.7.6/kernel/ptrace.c
419419 @@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420420 {
421421 struct task_struct *child;
@@ -440,8 +440,8 @@
440440
441441 if (request == PTRACE_TRACEME) {
442442 ret = ptrace_traceme();
443---- linux-4.7.5.orig/kernel/reboot.c
444-+++ linux-4.7.5/kernel/reboot.c
443+--- linux-4.7.6.orig/kernel/reboot.c
444++++ linux-4.7.6/kernel/reboot.c
445445 @@ -16,6 +16,7 @@
446446 #include <linux/syscalls.h>
447447 #include <linux/syscore_ops.h>
@@ -459,8 +459,8 @@
459459
460460 /*
461461 * If pid namespaces are enabled and the current task is in a child
462---- linux-4.7.5.orig/kernel/sched/core.c
463-+++ linux-4.7.5/kernel/sched/core.c
462+--- linux-4.7.6.orig/kernel/sched/core.c
463++++ linux-4.7.6/kernel/sched/core.c
464464 @@ -3746,6 +3746,8 @@ int can_nice(const struct task_struct *p
465465 SYSCALL_DEFINE1(nice, int, increment)
466466 {
@@ -470,8 +470,8 @@
470470
471471 /*
472472 * Setpriority might change our priority at the same moment.
473---- linux-4.7.5.orig/kernel/signal.c
474-+++ linux-4.7.5/kernel/signal.c
473+--- linux-4.7.6.orig/kernel/signal.c
474++++ linux-4.7.6/kernel/signal.c
475475 @@ -2851,6 +2851,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476476 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477477 {
@@ -517,8 +517,8 @@
517517
518518 return do_send_specific(tgid, pid, sig, info);
519519 }
520---- linux-4.7.5.orig/kernel/sys.c
521-+++ linux-4.7.5/kernel/sys.c
520+--- linux-4.7.6.orig/kernel/sys.c
521++++ linux-4.7.6/kernel/sys.c
522522 @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523523
524524 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -548,8 +548,8 @@
548548
549549 down_write(&uts_sem);
550550 errno = -EFAULT;
551---- linux-4.7.5.orig/kernel/time/ntp.c
552-+++ linux-4.7.5/kernel/time/ntp.c
551+--- linux-4.7.6.orig/kernel/time/ntp.c
552++++ linux-4.7.6/kernel/time/ntp.c
553553 @@ -17,6 +17,7 @@
554554 #include <linux/module.h>
555555 #include <linux/rtc.h>
@@ -583,8 +583,8 @@
583583
584584 if (txc->modes & ADJ_NANO) {
585585 struct timespec ts;
586---- linux-4.7.5.orig/net/ipv4/raw.c
587-+++ linux-4.7.5/net/ipv4/raw.c
586+--- linux-4.7.6.orig/net/ipv4/raw.c
587++++ linux-4.7.6/net/ipv4/raw.c
588588 @@ -742,6 +742,10 @@ static int raw_recvmsg(struct sock *sk,
589589 skb = skb_recv_datagram(sk, flags, noblock, &err);
590590 if (!skb)
@@ -596,8 +596,8 @@
596596
597597 copied = skb->len;
598598 if (len < copied) {
599---- linux-4.7.5.orig/net/ipv4/udp.c
600-+++ linux-4.7.5/net/ipv4/udp.c
599+--- linux-4.7.6.orig/net/ipv4/udp.c
600++++ linux-4.7.6/net/ipv4/udp.c
601601 @@ -1272,6 +1272,8 @@ try_again:
602602 &peeked, &off, &err);
603603 if (!skb)
@@ -607,8 +607,8 @@
607607
608608 ulen = skb->len;
609609 copied = len;
610---- linux-4.7.5.orig/net/ipv6/raw.c
611-+++ linux-4.7.5/net/ipv6/raw.c
610+--- linux-4.7.6.orig/net/ipv6/raw.c
611++++ linux-4.7.6/net/ipv6/raw.c
612612 @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
613613 skb = skb_recv_datagram(sk, flags, noblock, &err);
614614 if (!skb)
@@ -620,8 +620,8 @@
620620
621621 copied = skb->len;
622622 if (copied > len) {
623---- linux-4.7.5.orig/net/ipv6/udp.c
624-+++ linux-4.7.5/net/ipv6/udp.c
623+--- linux-4.7.6.orig/net/ipv6/udp.c
624++++ linux-4.7.6/net/ipv6/udp.c
625625 @@ -348,6 +348,8 @@ try_again:
626626 &peeked, &off, &err);
627627 if (!skb)
@@ -631,8 +631,8 @@
631631
632632 ulen = skb->len;
633633 copied = len;
634---- linux-4.7.5.orig/net/socket.c
635-+++ linux-4.7.5/net/socket.c
634+--- linux-4.7.6.orig/net/socket.c
635++++ linux-4.7.6/net/socket.c
636636 @@ -1469,6 +1469,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
637637 if (err < 0)
638638 goto out_fd;
@@ -644,8 +644,8 @@
644644 if (upeer_sockaddr) {
645645 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
646646 &len, 2) < 0) {
647---- linux-4.7.5.orig/net/unix/af_unix.c
648-+++ linux-4.7.5/net/unix/af_unix.c
647+--- linux-4.7.6.orig/net/unix/af_unix.c
648++++ linux-4.7.6/net/unix/af_unix.c
649649 @@ -2139,6 +2139,10 @@ static int unix_dgram_recvmsg(struct soc
650650 POLLOUT | POLLWRNORM |
651651 POLLWRBAND);
@@ -665,8 +665,8 @@
665665 mutex_unlock(&u->iolock);
666666 out:
667667 return err;
668---- linux-4.7.5.orig/security/Kconfig
669-+++ linux-4.7.5/security/Kconfig
668+--- linux-4.7.6.orig/security/Kconfig
669++++ linux-4.7.6/security/Kconfig
670670 @@ -164,5 +164,7 @@ config DEFAULT_SECURITY
671671 default "apparmor" if DEFAULT_SECURITY_APPARMOR
672672 default "" if DEFAULT_SECURITY_DAC
@@ -675,8 +675,8 @@
675675 +
676676 endmenu
677677
678---- linux-4.7.5.orig/security/Makefile
679-+++ linux-4.7.5/security/Makefile
678+--- linux-4.7.6.orig/security/Makefile
679++++ linux-4.7.6/security/Makefile
680680 @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
681681 # Object integrity file lists
682682 subdir-$(CONFIG_INTEGRITY) += integrity
--- trunk/caitsith-tools/kernel_test/Makefile (revision 211)
+++ trunk/caitsith-tools/kernel_test/Makefile (revision 212)
@@ -9,8 +9,8 @@
99 #
1010
1111 BINDIR = '"'$(shell readlink -f /bin)'"'
12-#POLDIR = '"/sys/kernel/security/caitsith"'
13-POLDIR = '"/proc/caitsith"'
12+POLDIR = '"/sys/kernel/security/caitsith"'
13+#POLDIR = '"/proc/caitsith"'
1414
1515 .c:
1616 $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DBINDIR=$(BINDIR) -DPOLDIR=$(POLDIR) -o $@ $<
--- trunk/caitsith-tools/sbin/caitsith-init.c (revision 211)
+++ trunk/caitsith-tools/sbin/caitsith-init.c (revision 212)
@@ -117,9 +117,6 @@
117117 !S_ISDIR(buf.st_mode))
118118 security_unmount = !mount("none", "/sys/kernel/security",
119119 "securityfs", 0, NULL);
120- /* Try proc interface if securityfs interface does not exist. */
121- if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode))
122- proc_policy = "/proc/caitsith/policy";
123120
124121 /*
125122 * Open /dev/console if stdio are not connected.
@@ -139,7 +136,7 @@
139136 }
140137
141138 /* Load kernel module if needed. */
142- if (lstat(proc_policy, &buf)) {
139+ if (lstat(proc_policy, &buf) && lstat("/proc/caitsith", &buf)) {
143140 if (!access("/etc/caitsith/caitsith-load-module", X_OK)) {
144141 const pid_t pid = fork();
145142 switch (pid) {
@@ -156,6 +153,10 @@
156153 }
157154 }
158155
156+ /* Try proc interface if securityfs interface does not exist. */
157+ if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode))
158+ proc_policy = "/proc/caitsith/policy";
159+
159160 /* Stop if policy interface doesn't exist. */
160161 if (lstat(proc_policy, &buf) || !S_ISREG(buf.st_mode)) {
161162 printf("FATAL: Policy interface %s does not exist.\n",
Show on old repository browser