(empty log message)
@@ -398,8 +398,36 @@ | ||
398 | 398 | ffffffff811c8f10 T d_absolute_path |
399 | 399 | </pre> |
400 | 400 | |
401 | -<p>Please proceed if these addresses are correct. Otherwise, please contact the author since CaitSith module will not work even if you continue.</p> | |
401 | +<p>Please proceed if these addresses are correct.</p> | |
402 | 402 | |
403 | +<p>You might find some gap between guessed addresses from caitsith_test.ko and actual addresses from System.map file (like some examples shown below) if your kernel configuration uses CONFIG_RANDOMIZE_BASE=y. In this case, although guessed addresses will randomly change for every reboot, please proceed as long as the gap between guessed address and actual address is same for all guessed symbols. Otherwise, please contact the author since CaitSith module will not work even if you continue.</p> | |
404 | + | |
405 | +<ul> | |
406 | +<li>Actual addresses from System.map file<br> | |
407 | +<pre class="command"> | |
408 | +# for i in security_hook_heads find_task_by_vpid find_task_by_pid_ns d_absolute_path; do grep $i /boot/System.map-${VERSION}; done | |
409 | +</pre> | |
410 | +<pre class="output">ffffffff81cdac40 D security_hook_heads | |
411 | +ffffffff810b50a0 T find_task_by_vpid | |
412 | +ffffffff810b5030 T find_task_by_pid_ns | |
413 | +ffffffff812789f0 T d_absolute_path</pre></li> | |
414 | +<li>Guessed addresses from one reboot. (Gap for this boot is 0x21000000)<br> | |
415 | +<pre class="output">security_hook_heads=ffffffffa2cdac40 | |
416 | +find_task_by_vpid=ffffffffa20b50a0 | |
417 | +find_task_by_pid_ns=ffffffffa20b5030 | |
418 | +d_absolute_path=ffffffffa22789f0</pre></li> | |
419 | +<li>Guessed addresses from another reboot. (Gap for this boot is 0x9000000)<br> | |
420 | +<pre class="output">security_hook_heads=ffffffff8acdac40 | |
421 | +find_task_by_vpid=ffffffff8a0b50a0 | |
422 | +find_task_by_pid_ns=ffffffff8a0b5030 | |
423 | +d_absolute_path=ffffffff8a2789f0</pre></li> | |
424 | +<li>Guessed addresses from yet another reboot. (Gap for this boot is 0x2f000000)<br> | |
425 | +<pre class="output">security_hook_heads=ffffffffb0cdac40 | |
426 | +find_task_by_vpid=ffffffffb00b50a0 | |
427 | +find_task_by_pid_ns=ffffffffb00b5030 | |
428 | +d_absolute_path=ffffffffb02789f0</pre></li> | |
429 | +</ul> | |
430 | + | |
403 | 431 | <p>If caitsith_test.ko was not loaded successfully, error messages like below are printed. In this case, please contact the author since CaitSith module will not work even if you continue:</p> |
404 | 432 | |
405 | 433 | <pre class="command"> |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for CentOS 6. |
2 | 2 | |
3 | -Source code for this patch is http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.11.1.el6.src.rpm | |
3 | +Source code for this patch is http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.13.1.el6.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/compat.c | 2 +- |
6 | 6 | fs/compat_ioctl.c | 3 +++ |
@@ -37,8 +37,8 @@ | ||
37 | 37 | security/Makefile | 3 +++ |
38 | 38 | 33 files changed, 201 insertions(+), 2 deletions(-) |
39 | 39 | |
40 | ---- linux-2.6.32-642.11.1.el6.orig/fs/compat.c | |
41 | -+++ linux-2.6.32-642.11.1.el6/fs/compat.c | |
40 | +--- linux-2.6.32-642.13.1.el6.orig/fs/compat.c | |
41 | ++++ linux-2.6.32-642.13.1.el6/fs/compat.c | |
42 | 42 | @@ -1524,7 +1524,7 @@ int compat_do_execve(const char * filena |
43 | 43 | if (retval < 0) |
44 | 44 | goto out; |
@@ -48,8 +48,8 @@ | ||
48 | 48 | if (retval < 0) |
49 | 49 | goto out; |
50 | 50 | |
51 | ---- linux-2.6.32-642.11.1.el6.orig/fs/compat_ioctl.c | |
52 | -+++ linux-2.6.32-642.11.1.el6/fs/compat_ioctl.c | |
51 | +--- linux-2.6.32-642.13.1.el6.orig/fs/compat_ioctl.c | |
52 | ++++ linux-2.6.32-642.13.1.el6/fs/compat_ioctl.c | |
53 | 53 | @@ -114,6 +114,7 @@ |
54 | 54 | #ifdef CONFIG_SPARC |
55 | 55 | #include <asm/fbio.h> |
@@ -67,8 +67,8 @@ | ||
67 | 67 | if (error) |
68 | 68 | goto out_fput; |
69 | 69 | |
70 | ---- linux-2.6.32-642.11.1.el6.orig/fs/exec.c | |
71 | -+++ linux-2.6.32-642.11.1.el6/fs/exec.c | |
70 | +--- linux-2.6.32-642.13.1.el6.orig/fs/exec.c | |
71 | ++++ linux-2.6.32-642.13.1.el6/fs/exec.c | |
72 | 72 | @@ -1489,7 +1489,7 @@ int do_execve(const char * filename, |
73 | 73 | goto out; |
74 | 74 |
@@ -78,8 +78,8 @@ | ||
78 | 78 | if (retval < 0) |
79 | 79 | goto out; |
80 | 80 | |
81 | ---- linux-2.6.32-642.11.1.el6.orig/fs/fcntl.c | |
82 | -+++ linux-2.6.32-642.11.1.el6/fs/fcntl.c | |
81 | +--- linux-2.6.32-642.13.1.el6.orig/fs/fcntl.c | |
82 | ++++ linux-2.6.32-642.13.1.el6/fs/fcntl.c | |
83 | 83 | @@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd, |
84 | 84 | goto out; |
85 | 85 |
@@ -98,8 +98,8 @@ | ||
98 | 98 | if (err) { |
99 | 99 | fput(filp); |
100 | 100 | return err; |
101 | ---- linux-2.6.32-642.11.1.el6.orig/fs/ioctl.c | |
102 | -+++ linux-2.6.32-642.11.1.el6/fs/ioctl.c | |
101 | +--- linux-2.6.32-642.13.1.el6.orig/fs/ioctl.c | |
102 | ++++ linux-2.6.32-642.13.1.el6/fs/ioctl.c | |
103 | 103 | @@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd, |
104 | 104 | goto out; |
105 | 105 |
@@ -109,8 +109,8 @@ | ||
109 | 109 | if (error) |
110 | 110 | goto out_fput; |
111 | 111 | |
112 | ---- linux-2.6.32-642.11.1.el6.orig/fs/namei.c | |
113 | -+++ linux-2.6.32-642.11.1.el6/fs/namei.c | |
112 | +--- linux-2.6.32-642.13.1.el6.orig/fs/namei.c | |
113 | ++++ linux-2.6.32-642.13.1.el6/fs/namei.c | |
114 | 114 | @@ -2067,6 +2067,11 @@ int may_open(struct path *path, int acc_ |
115 | 115 | if (flag & O_NOATIME && !is_owner_or_cap(inode)) |
116 | 116 | return -EPERM; |
@@ -198,8 +198,8 @@ | ||
198 | 198 | if (error) |
199 | 199 | goto exit5; |
200 | 200 | error = vfs_rename(old_dir->d_inode, old_dentry, |
201 | ---- linux-2.6.32-642.11.1.el6.orig/fs/namespace.c | |
202 | -+++ linux-2.6.32-642.11.1.el6/fs/namespace.c | |
201 | +--- linux-2.6.32-642.13.1.el6.orig/fs/namespace.c | |
202 | ++++ linux-2.6.32-642.13.1.el6/fs/namespace.c | |
203 | 203 | @@ -1097,6 +1097,8 @@ static int do_umount(struct vfsmount *mn |
204 | 204 | LIST_HEAD(umount_list); |
205 | 205 |
@@ -236,8 +236,8 @@ | ||
236 | 236 | if (error) { |
237 | 237 | path_put(&old); |
238 | 238 | goto out1; |
239 | ---- linux-2.6.32-642.11.1.el6.orig/fs/open.c | |
240 | -+++ linux-2.6.32-642.11.1.el6/fs/open.c | |
239 | +--- linux-2.6.32-642.13.1.el6.orig/fs/open.c | |
240 | ++++ linux-2.6.32-642.13.1.el6/fs/open.c | |
241 | 241 | @@ -102,6 +102,8 @@ long vfs_truncate(struct path *path, lof |
242 | 242 | error = locks_verify_truncate(inode, NULL, length); |
243 | 243 | if (!error) |
@@ -328,8 +328,8 @@ | ||
328 | 328 | if (capable(CAP_SYS_TTY_CONFIG)) { |
329 | 329 | tty_vhangup_self(); |
330 | 330 | return 0; |
331 | ---- linux-2.6.32-642.11.1.el6.orig/fs/proc/version.c | |
332 | -+++ linux-2.6.32-642.11.1.el6/fs/proc/version.c | |
331 | +--- linux-2.6.32-642.13.1.el6.orig/fs/proc/version.c | |
332 | ++++ linux-2.6.32-642.13.1.el6/fs/proc/version.c | |
333 | 333 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
334 | 334 | return 0; |
335 | 335 | } |
@@ -337,12 +337,12 @@ | ||
337 | 337 | + |
338 | 338 | +static int __init ccs_show_version(void) |
339 | 339 | +{ |
340 | -+ printk(KERN_INFO "Hook version: 2.6.32-642.11.1.el6 2016/11/23\n"); | |
340 | ++ printk(KERN_INFO "Hook version: 2.6.32-642.13.1.el6 2017/01/16\n"); | |
341 | 341 | + return 0; |
342 | 342 | +} |
343 | 343 | +module_init(ccs_show_version); |
344 | ---- linux-2.6.32-642.11.1.el6.orig/fs/stat.c | |
345 | -+++ linux-2.6.32-642.11.1.el6/fs/stat.c | |
344 | +--- linux-2.6.32-642.13.1.el6.orig/fs/stat.c | |
345 | ++++ linux-2.6.32-642.13.1.el6/fs/stat.c | |
346 | 346 | @@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st |
347 | 347 | int retval; |
348 | 348 |
@@ -352,8 +352,8 @@ | ||
352 | 352 | if (retval) |
353 | 353 | return retval; |
354 | 354 | |
355 | ---- linux-2.6.32-642.11.1.el6.orig/include/linux/init_task.h | |
356 | -+++ linux-2.6.32-642.11.1.el6/include/linux/init_task.h | |
355 | +--- linux-2.6.32-642.13.1.el6.orig/include/linux/init_task.h | |
356 | ++++ linux-2.6.32-642.13.1.el6/include/linux/init_task.h | |
357 | 357 | @@ -123,6 +123,14 @@ extern struct cred init_cred; |
358 | 358 | # define INIT_PERF_EVENTS(tsk) |
359 | 359 | #endif |
@@ -377,8 +377,8 @@ | ||
377 | 377 | } |
378 | 378 | |
379 | 379 | |
380 | ---- linux-2.6.32-642.11.1.el6.orig/include/linux/sched.h | |
381 | -+++ linux-2.6.32-642.11.1.el6/include/linux/sched.h | |
380 | +--- linux-2.6.32-642.13.1.el6.orig/include/linux/sched.h | |
381 | ++++ linux-2.6.32-642.13.1.el6/include/linux/sched.h | |
382 | 382 | @@ -43,6 +43,8 @@ |
383 | 383 | |
384 | 384 | #ifdef __KERNEL__ |
@@ -399,8 +399,8 @@ | ||
399 | 399 | }; |
400 | 400 | |
401 | 401 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
402 | ---- linux-2.6.32-642.11.1.el6.orig/include/linux/security.h | |
403 | -+++ linux-2.6.32-642.11.1.el6/include/linux/security.h | |
402 | +--- linux-2.6.32-642.13.1.el6.orig/include/linux/security.h | |
403 | ++++ linux-2.6.32-642.13.1.el6/include/linux/security.h | |
404 | 404 | @@ -35,6 +35,7 @@ |
405 | 405 | #include <linux/xfrm.h> |
406 | 406 | #include <linux/gfp.h> |
@@ -409,8 +409,8 @@ | ||
409 | 409 | |
410 | 410 | /* Maximum number of letters for an LSM name string */ |
411 | 411 | #define SECURITY_NAME_MAX 10 |
412 | ---- linux-2.6.32-642.11.1.el6.orig/include/net/ip.h | |
413 | -+++ linux-2.6.32-642.11.1.el6/include/net/ip.h | |
412 | +--- linux-2.6.32-642.13.1.el6.orig/include/net/ip.h | |
413 | ++++ linux-2.6.32-642.13.1.el6/include/net/ip.h | |
414 | 414 | @@ -33,6 +33,7 @@ |
415 | 415 | #endif |
416 | 416 | #include <net/snmp.h> |
@@ -428,8 +428,8 @@ | ||
428 | 428 | return test_bit(port, sysctl_local_reserved_ports); |
429 | 429 | } |
430 | 430 | |
431 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/compat.c | |
432 | -+++ linux-2.6.32-642.11.1.el6/kernel/compat.c | |
431 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/compat.c | |
432 | ++++ linux-2.6.32-642.13.1.el6/kernel/compat.c | |
433 | 433 | @@ -1005,6 +1005,8 @@ asmlinkage long compat_sys_stime(compat_ |
434 | 434 | err = security_settime(&tv, NULL); |
435 | 435 | if (err) |
@@ -439,8 +439,8 @@ | ||
439 | 439 | |
440 | 440 | do_settimeofday(&tv); |
441 | 441 | return 0; |
442 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/fork.c | |
443 | -+++ linux-2.6.32-642.11.1.el6/kernel/fork.c | |
442 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/fork.c | |
443 | ++++ linux-2.6.32-642.13.1.el6/kernel/fork.c | |
444 | 444 | @@ -176,6 +176,7 @@ void __put_task_struct(struct task_struc |
445 | 445 | exit_creds(tsk); |
446 | 446 | delayacct_tsk_free(tsk); |
@@ -467,8 +467,8 @@ | ||
467 | 467 | bad_fork_cleanup_perf: |
468 | 468 | perf_event_free_task(p); |
469 | 469 | bad_fork_cleanup_policy: |
470 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/kexec.c | |
471 | -+++ linux-2.6.32-642.11.1.el6/kernel/kexec.c | |
470 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/kexec.c | |
471 | ++++ linux-2.6.32-642.13.1.el6/kernel/kexec.c | |
472 | 472 | @@ -41,6 +41,7 @@ |
473 | 473 | #include <asm/system.h> |
474 | 474 | #include <asm/sections.h> |
@@ -486,8 +486,8 @@ | ||
486 | 486 | |
487 | 487 | if (kexec_load_disabled) |
488 | 488 | return -EPERM; |
489 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/module.c | |
490 | -+++ linux-2.6.32-642.11.1.el6/kernel/module.c | |
489 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/module.c | |
490 | ++++ linux-2.6.32-642.13.1.el6/kernel/module.c | |
491 | 491 | @@ -56,6 +56,7 @@ |
492 | 492 | #include <linux/percpu.h> |
493 | 493 | #include <linux/kmemleak.h> |
@@ -514,8 +514,8 @@ | ||
514 | 514 | |
515 | 515 | /* Only one module load at a time, please */ |
516 | 516 | if (mutex_lock_interruptible(&module_mutex) != 0) |
517 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/ptrace.c | |
518 | -+++ linux-2.6.32-642.11.1.el6/kernel/ptrace.c | |
517 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/ptrace.c | |
518 | ++++ linux-2.6.32-642.13.1.el6/kernel/ptrace.c | |
519 | 519 | @@ -195,6 +195,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
520 | 520 | { |
521 | 521 | struct task_struct *child; |
@@ -540,8 +540,8 @@ | ||
540 | 540 | |
541 | 541 | if (request == PTRACE_TRACEME) { |
542 | 542 | ret = ptrace_traceme(); |
543 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/sched.c | |
544 | -+++ linux-2.6.32-642.11.1.el6/kernel/sched.c | |
543 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/sched.c | |
544 | ++++ linux-2.6.32-642.13.1.el6/kernel/sched.c | |
545 | 545 | @@ -6858,6 +6858,8 @@ int can_nice(const struct task_struct *p |
546 | 546 | SYSCALL_DEFINE1(nice, int, increment) |
547 | 547 | { |
@@ -551,8 +551,8 @@ | ||
551 | 551 | |
552 | 552 | /* |
553 | 553 | * Setpriority might change our priority at the same moment. |
554 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/signal.c | |
555 | -+++ linux-2.6.32-642.11.1.el6/kernel/signal.c | |
554 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/signal.c | |
555 | ++++ linux-2.6.32-642.13.1.el6/kernel/signal.c | |
556 | 556 | @@ -2312,6 +2312,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
557 | 557 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
558 | 558 | { |
@@ -598,8 +598,8 @@ | ||
598 | 598 | |
599 | 599 | return do_send_specific(tgid, pid, sig, info); |
600 | 600 | } |
601 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/sys.c | |
602 | -+++ linux-2.6.32-642.11.1.el6/kernel/sys.c | |
601 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/sys.c | |
602 | ++++ linux-2.6.32-642.13.1.el6/kernel/sys.c | |
603 | 603 | @@ -157,6 +157,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
604 | 604 | |
605 | 605 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -638,8 +638,8 @@ | ||
638 | 638 | |
639 | 639 | down_write(&uts_sem); |
640 | 640 | errno = -EFAULT; |
641 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/sysctl.c | |
642 | -+++ linux-2.6.32-642.11.1.el6/kernel/sysctl.c | |
641 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/sysctl.c | |
642 | ++++ linux-2.6.32-642.13.1.el6/kernel/sysctl.c | |
643 | 643 | @@ -2130,6 +2130,9 @@ int do_sysctl(int __user *name, int nlen |
644 | 644 | |
645 | 645 | for (head = sysctl_head_next(NULL); head; |
@@ -650,8 +650,8 @@ | ||
650 | 650 | error = parse_table(name, nlen, oldval, oldlenp, |
651 | 651 | newval, newlen, |
652 | 652 | head->root, head->ctl_table); |
653 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/time.c | |
654 | -+++ linux-2.6.32-642.11.1.el6/kernel/time.c | |
653 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/time.c | |
654 | ++++ linux-2.6.32-642.13.1.el6/kernel/time.c | |
655 | 655 | @@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *, |
656 | 656 | err = security_settime(&tv, NULL); |
657 | 657 | if (err) |
@@ -670,8 +670,8 @@ | ||
670 | 670 | |
671 | 671 | if (tz) { |
672 | 672 | /* SMP safe, global irq locking makes it work. */ |
673 | ---- linux-2.6.32-642.11.1.el6.orig/kernel/time/ntp.c | |
674 | -+++ linux-2.6.32-642.11.1.el6/kernel/time/ntp.c | |
673 | +--- linux-2.6.32-642.13.1.el6.orig/kernel/time/ntp.c | |
674 | ++++ linux-2.6.32-642.13.1.el6/kernel/time/ntp.c | |
675 | 675 | @@ -14,6 +14,7 @@ |
676 | 676 | #include <linux/timex.h> |
677 | 677 | #include <linux/time.h> |
@@ -696,8 +696,8 @@ | ||
696 | 696 | |
697 | 697 | /* |
698 | 698 | * if the quartz is off by more than 10% then |
699 | ---- linux-2.6.32-642.11.1.el6.orig/net/ipv4/raw.c | |
700 | -+++ linux-2.6.32-642.11.1.el6/net/ipv4/raw.c | |
699 | +--- linux-2.6.32-642.13.1.el6.orig/net/ipv4/raw.c | |
700 | ++++ linux-2.6.32-642.13.1.el6/net/ipv4/raw.c | |
701 | 701 | @@ -77,6 +77,7 @@ |
702 | 702 | #include <linux/seq_file.h> |
703 | 703 | #include <linux/netfilter.h> |
@@ -717,8 +717,8 @@ | ||
717 | 717 | |
718 | 718 | copied = skb->len; |
719 | 719 | if (len < copied) { |
720 | ---- linux-2.6.32-642.11.1.el6.orig/net/ipv4/udp.c | |
721 | -+++ linux-2.6.32-642.11.1.el6/net/ipv4/udp.c | |
720 | +--- linux-2.6.32-642.13.1.el6.orig/net/ipv4/udp.c | |
721 | ++++ linux-2.6.32-642.13.1.el6/net/ipv4/udp.c | |
722 | 722 | @@ -108,6 +108,7 @@ |
723 | 723 | #include <trace/events/udp.h> |
724 | 724 | #include <net/busy_poll.h> |
@@ -738,8 +738,8 @@ | ||
738 | 738 | |
739 | 739 | ulen = skb->len - sizeof(struct udphdr); |
740 | 740 | copied = len; |
741 | ---- linux-2.6.32-642.11.1.el6.orig/net/ipv6/raw.c | |
742 | -+++ linux-2.6.32-642.11.1.el6/net/ipv6/raw.c | |
741 | +--- linux-2.6.32-642.13.1.el6.orig/net/ipv6/raw.c | |
742 | ++++ linux-2.6.32-642.13.1.el6/net/ipv6/raw.c | |
743 | 743 | @@ -59,6 +59,7 @@ |
744 | 744 | |
745 | 745 | #include <linux/proc_fs.h> |
@@ -759,8 +759,8 @@ | ||
759 | 759 | |
760 | 760 | copied = skb->len; |
761 | 761 | if (copied > len) { |
762 | ---- linux-2.6.32-642.11.1.el6.orig/net/ipv6/udp.c | |
763 | -+++ linux-2.6.32-642.11.1.el6/net/ipv6/udp.c | |
762 | +--- linux-2.6.32-642.13.1.el6.orig/net/ipv6/udp.c | |
763 | ++++ linux-2.6.32-642.13.1.el6/net/ipv6/udp.c | |
764 | 764 | @@ -50,6 +50,7 @@ |
765 | 765 | #include <linux/proc_fs.h> |
766 | 766 | #include <linux/seq_file.h> |
@@ -780,8 +780,8 @@ | ||
780 | 780 | |
781 | 781 | ulen = skb->len - sizeof(struct udphdr); |
782 | 782 | copied = len; |
783 | ---- linux-2.6.32-642.11.1.el6.orig/net/socket.c | |
784 | -+++ linux-2.6.32-642.11.1.el6/net/socket.c | |
783 | +--- linux-2.6.32-642.13.1.el6.orig/net/socket.c | |
784 | ++++ linux-2.6.32-642.13.1.el6/net/socket.c | |
785 | 785 | @@ -578,6 +578,8 @@ static inline int __sock_sendmsg(struct |
786 | 786 | struct msghdr *msg, size_t size) |
787 | 787 | { |
@@ -842,8 +842,8 @@ | ||
842 | 842 | if (err) |
843 | 843 | goto out_put; |
844 | 844 | |
845 | ---- linux-2.6.32-642.11.1.el6.orig/net/unix/af_unix.c | |
846 | -+++ linux-2.6.32-642.11.1.el6/net/unix/af_unix.c | |
845 | +--- linux-2.6.32-642.13.1.el6.orig/net/unix/af_unix.c | |
846 | ++++ linux-2.6.32-642.13.1.el6/net/unix/af_unix.c | |
847 | 847 | @@ -981,6 +981,9 @@ static int unix_bind(struct socket *sock |
848 | 848 | mode = S_IFSOCK | |
849 | 849 | (SOCK_INODE(sock)->i_mode & ~current_umask()); |
@@ -865,8 +865,8 @@ | ||
865 | 865 | if (msg->msg_name) |
866 | 866 | unix_copy_addr(msg, skb->sk); |
867 | 867 | |
868 | ---- linux-2.6.32-642.11.1.el6.orig/security/Kconfig | |
869 | -+++ linux-2.6.32-642.11.1.el6/security/Kconfig | |
868 | +--- linux-2.6.32-642.13.1.el6.orig/security/Kconfig | |
869 | ++++ linux-2.6.32-642.13.1.el6/security/Kconfig | |
870 | 870 | @@ -177,5 +177,7 @@ source security/tomoyo/Kconfig |
871 | 871 | |
872 | 872 | source security/integrity/ima/Kconfig |
@@ -875,8 +875,8 @@ | ||
875 | 875 | + |
876 | 876 | endmenu |
877 | 877 | |
878 | ---- linux-2.6.32-642.11.1.el6.orig/security/Makefile | |
879 | -+++ linux-2.6.32-642.11.1.el6/security/Makefile | |
878 | +--- linux-2.6.32-642.13.1.el6.orig/security/Makefile | |
879 | ++++ linux-2.6.32-642.13.1.el6/security/Makefile | |
880 | 880 | @@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
881 | 881 | # Object integrity file lists |
882 | 882 | subdir-$(CONFIG_IMA) += integrity/ima |
@@ -1,6 +1,6 @@ | ||
1 | 1 | This is TOMOYO Linux patch for CentOS 7. |
2 | 2 | |
3 | -Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.2.2.el7.src.rpm | |
3 | +Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.6.1.el7.src.rpm | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 111 +++++++++++++++++++++++++++++++++++++++++----- |
29 | 29 | 24 files changed, 248 insertions(+), 37 deletions(-) |
30 | 30 | |
31 | ---- linux-3.10.0-514.2.2.el7.orig/fs/exec.c | |
32 | -+++ linux-3.10.0-514.2.2.el7/fs/exec.c | |
31 | +--- linux-3.10.0-514.6.1.el7.orig/fs/exec.c | |
32 | ++++ linux-3.10.0-514.6.1.el7/fs/exec.c | |
33 | 33 | @@ -1580,7 +1580,7 @@ static int do_execve_common(struct filen |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.10.0-514.2.2.el7.orig/fs/open.c | |
43 | -+++ linux-3.10.0-514.2.2.el7/fs/open.c | |
42 | +--- linux-3.10.0-514.6.1.el7.orig/fs/open.c | |
43 | ++++ linux-3.10.0-514.6.1.el7/fs/open.c | |
44 | 44 | @@ -1120,6 +1120,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.10.0-514.2.2.el7.orig/fs/proc/version.c | |
54 | -+++ linux-3.10.0-514.2.2.el7/fs/proc/version.c | |
53 | +--- linux-3.10.0-514.6.1.el7.orig/fs/proc/version.c | |
54 | ++++ linux-3.10.0-514.6.1.el7/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.10.0-514.2.2.el7 2016/12/23\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.10.0-514.6.1.el7 2017/01/22\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.10.0-514.2.2.el7.orig/include/linux/init_task.h | |
67 | -+++ linux-3.10.0-514.2.2.el7/include/linux/init_task.h | |
66 | +--- linux-3.10.0-514.6.1.el7.orig/include/linux/init_task.h | |
67 | ++++ linux-3.10.0-514.6.1.el7/include/linux/init_task.h | |
68 | 68 | @@ -164,6 +164,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_RT_MUTEXES(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.10.0-514.2.2.el7.orig/include/linux/sched.h | |
92 | -+++ linux-3.10.0-514.2.2.el7/include/linux/sched.h | |
91 | +--- linux-3.10.0-514.6.1.el7.orig/include/linux/sched.h | |
92 | ++++ linux-3.10.0-514.6.1.el7/include/linux/sched.h | |
93 | 93 | @@ -4,6 +4,8 @@ |
94 | 94 | #include <uapi/linux/sched.h> |
95 | 95 | #include <linux/rh_kabi.h> |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.10.0-514.2.2.el7.orig/include/linux/security.h | |
114 | -+++ linux-3.10.0-514.2.2.el7/include/linux/security.h | |
113 | +--- linux-3.10.0-514.6.1.el7.orig/include/linux/security.h | |
114 | ++++ linux-3.10.0-514.6.1.el7/include/linux/security.h | |
115 | 115 | @@ -54,6 +54,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -323,8 +323,8 @@ | ||
323 | 323 | } |
324 | 324 | #endif /* CONFIG_SECURITY_PATH */ |
325 | 325 | |
326 | ---- linux-3.10.0-514.2.2.el7.orig/include/net/ip.h | |
327 | -+++ linux-3.10.0-514.2.2.el7/include/net/ip.h | |
326 | +--- linux-3.10.0-514.6.1.el7.orig/include/net/ip.h | |
327 | ++++ linux-3.10.0-514.6.1.el7/include/net/ip.h | |
328 | 328 | @@ -228,6 +228,8 @@ void inet_get_local_port_range(struct ne |
329 | 329 | extern unsigned long *sysctl_local_reserved_ports; |
330 | 330 | static inline int inet_is_reserved_local_port(int port) |
@@ -334,8 +334,8 @@ | ||
334 | 334 | return test_bit(port, sysctl_local_reserved_ports); |
335 | 335 | } |
336 | 336 | |
337 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/fork.c | |
338 | -+++ linux-3.10.0-514.2.2.el7/kernel/fork.c | |
337 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/fork.c | |
338 | ++++ linux-3.10.0-514.6.1.el7/kernel/fork.c | |
339 | 339 | @@ -270,6 +270,7 @@ void __put_task_struct(struct task_struc |
340 | 340 | delayacct_tsk_free(tsk); |
341 | 341 | put_signal_struct(tsk->signal); |
@@ -362,8 +362,8 @@ | ||
362 | 362 | bad_fork_cleanup_perf: |
363 | 363 | perf_event_free_task(p); |
364 | 364 | bad_fork_cleanup_policy: |
365 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/kexec.c | |
366 | -+++ linux-3.10.0-514.2.2.el7/kernel/kexec.c | |
365 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/kexec.c | |
366 | ++++ linux-3.10.0-514.6.1.el7/kernel/kexec.c | |
367 | 367 | @@ -1250,6 +1250,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon |
368 | 368 | /* We only trust the superuser with rebooting the system. */ |
369 | 369 | if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) |
@@ -373,8 +373,8 @@ | ||
373 | 373 | |
374 | 374 | if (get_securelevel() > 0) |
375 | 375 | return -EPERM; |
376 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/module.c | |
377 | -+++ linux-3.10.0-514.2.2.el7/kernel/module.c | |
376 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/module.c | |
377 | ++++ linux-3.10.0-514.6.1.el7/kernel/module.c | |
378 | 378 | @@ -62,6 +62,7 @@ |
379 | 379 | #include <linux/bsearch.h> |
380 | 380 | #include <uapi/linux/module.h> |
@@ -401,8 +401,8 @@ | ||
401 | 401 | |
402 | 402 | return 0; |
403 | 403 | } |
404 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/ptrace.c | |
405 | -+++ linux-3.10.0-514.2.2.el7/kernel/ptrace.c | |
404 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/ptrace.c | |
405 | ++++ linux-3.10.0-514.6.1.el7/kernel/ptrace.c | |
406 | 406 | @@ -1038,6 +1038,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
407 | 407 | { |
408 | 408 | struct task_struct *child; |
@@ -427,9 +427,9 @@ | ||
427 | 427 | |
428 | 428 | if (request == PTRACE_TRACEME) { |
429 | 429 | ret = ptrace_traceme(); |
430 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/sched/core.c | |
431 | -+++ linux-3.10.0-514.2.2.el7/kernel/sched/core.c | |
432 | -@@ -4175,6 +4175,8 @@ int can_nice(const struct task_struct *p | |
430 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/sched/core.c | |
431 | ++++ linux-3.10.0-514.6.1.el7/kernel/sched/core.c | |
432 | +@@ -4197,6 +4197,8 @@ int can_nice(const struct task_struct *p | |
433 | 433 | SYSCALL_DEFINE1(nice, int, increment) |
434 | 434 | { |
435 | 435 | long nice, retval; |
@@ -438,8 +438,8 @@ | ||
438 | 438 | |
439 | 439 | /* |
440 | 440 | * Setpriority might change our priority at the same moment. |
441 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/signal.c | |
442 | -+++ linux-3.10.0-514.2.2.el7/kernel/signal.c | |
441 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/signal.c | |
442 | ++++ linux-3.10.0-514.6.1.el7/kernel/signal.c | |
443 | 443 | @@ -2914,6 +2914,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
444 | 444 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
445 | 445 | { |
@@ -485,8 +485,8 @@ | ||
485 | 485 | |
486 | 486 | return do_send_specific(tgid, pid, sig, info); |
487 | 487 | } |
488 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/sys.c | |
489 | -+++ linux-3.10.0-514.2.2.el7/kernel/sys.c | |
488 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/sys.c | |
489 | ++++ linux-3.10.0-514.6.1.el7/kernel/sys.c | |
490 | 490 | @@ -192,6 +192,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
491 | 491 | |
492 | 492 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -525,8 +525,8 @@ | ||
525 | 525 | |
526 | 526 | down_write(&uts_sem); |
527 | 527 | errno = -EFAULT; |
528 | ---- linux-3.10.0-514.2.2.el7.orig/kernel/time/ntp.c | |
529 | -+++ linux-3.10.0-514.2.2.el7/kernel/time/ntp.c | |
528 | +--- linux-3.10.0-514.6.1.el7.orig/kernel/time/ntp.c | |
529 | ++++ linux-3.10.0-514.6.1.el7/kernel/time/ntp.c | |
530 | 530 | @@ -16,6 +16,7 @@ |
531 | 531 | #include <linux/mm.h> |
532 | 532 | #include <linux/module.h> |
@@ -560,8 +560,8 @@ | ||
560 | 560 | |
561 | 561 | return 0; |
562 | 562 | } |
563 | ---- linux-3.10.0-514.2.2.el7.orig/net/ipv4/raw.c | |
564 | -+++ linux-3.10.0-514.2.2.el7/net/ipv4/raw.c | |
563 | +--- linux-3.10.0-514.6.1.el7.orig/net/ipv4/raw.c | |
564 | ++++ linux-3.10.0-514.6.1.el7/net/ipv4/raw.c | |
565 | 565 | @@ -702,6 +702,10 @@ static int raw_recvmsg(struct kiocb *ioc |
566 | 566 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
567 | 567 | if (!skb) |
@@ -573,8 +573,8 @@ | ||
573 | 573 | |
574 | 574 | copied = skb->len; |
575 | 575 | if (len < copied) { |
576 | ---- linux-3.10.0-514.2.2.el7.orig/net/ipv4/udp.c | |
577 | -+++ linux-3.10.0-514.2.2.el7/net/ipv4/udp.c | |
576 | +--- linux-3.10.0-514.6.1.el7.orig/net/ipv4/udp.c | |
577 | ++++ linux-3.10.0-514.6.1.el7/net/ipv4/udp.c | |
578 | 578 | @@ -1268,6 +1268,10 @@ try_again: |
579 | 579 | &peeked, &off, &err); |
580 | 580 | if (!skb) |
@@ -586,8 +586,8 @@ | ||
586 | 586 | |
587 | 587 | ulen = skb->len - sizeof(struct udphdr); |
588 | 588 | copied = len; |
589 | ---- linux-3.10.0-514.2.2.el7.orig/net/ipv6/raw.c | |
590 | -+++ linux-3.10.0-514.2.2.el7/net/ipv6/raw.c | |
589 | +--- linux-3.10.0-514.6.1.el7.orig/net/ipv6/raw.c | |
590 | ++++ linux-3.10.0-514.6.1.el7/net/ipv6/raw.c | |
591 | 591 | @@ -468,6 +468,10 @@ static int rawv6_recvmsg(struct kiocb *i |
592 | 592 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
593 | 593 | if (!skb) |
@@ -599,8 +599,8 @@ | ||
599 | 599 | |
600 | 600 | copied = skb->len; |
601 | 601 | if (copied > len) { |
602 | ---- linux-3.10.0-514.2.2.el7.orig/net/ipv6/udp.c | |
603 | -+++ linux-3.10.0-514.2.2.el7/net/ipv6/udp.c | |
602 | +--- linux-3.10.0-514.6.1.el7.orig/net/ipv6/udp.c | |
603 | ++++ linux-3.10.0-514.6.1.el7/net/ipv6/udp.c | |
604 | 604 | @@ -416,6 +416,10 @@ try_again: |
605 | 605 | &peeked, &off, &err); |
606 | 606 | if (!skb) |
@@ -612,8 +612,8 @@ | ||
612 | 612 | |
613 | 613 | ulen = skb->len - sizeof(struct udphdr); |
614 | 614 | copied = len; |
615 | ---- linux-3.10.0-514.2.2.el7.orig/net/socket.c | |
616 | -+++ linux-3.10.0-514.2.2.el7/net/socket.c | |
615 | +--- linux-3.10.0-514.6.1.el7.orig/net/socket.c | |
616 | ++++ linux-3.10.0-514.6.1.el7/net/socket.c | |
617 | 617 | @@ -1608,6 +1608,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
618 | 618 | if (err < 0) |
619 | 619 | goto out_fd; |
@@ -625,8 +625,8 @@ | ||
625 | 625 | if (upeer_sockaddr) { |
626 | 626 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
627 | 627 | &len, 2) < 0) { |
628 | ---- linux-3.10.0-514.2.2.el7.orig/net/unix/af_unix.c | |
629 | -+++ linux-3.10.0-514.2.2.el7/net/unix/af_unix.c | |
628 | +--- linux-3.10.0-514.6.1.el7.orig/net/unix/af_unix.c | |
629 | ++++ linux-3.10.0-514.6.1.el7/net/unix/af_unix.c | |
630 | 630 | @@ -2137,6 +2137,10 @@ static int unix_dgram_recvmsg(struct kio |
631 | 631 | wake_up_interruptible_sync_poll(&u->peer_wait, |
632 | 632 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -638,8 +638,8 @@ | ||
638 | 638 | if (msg->msg_name) |
639 | 639 | unix_copy_addr(msg, skb->sk); |
640 | 640 | |
641 | ---- linux-3.10.0-514.2.2.el7.orig/security/Kconfig | |
642 | -+++ linux-3.10.0-514.2.2.el7/security/Kconfig | |
641 | +--- linux-3.10.0-514.6.1.el7.orig/security/Kconfig | |
642 | ++++ linux-3.10.0-514.6.1.el7/security/Kconfig | |
643 | 643 | @@ -175,5 +175,7 @@ config DEFAULT_SECURITY |
644 | 644 | default "yama" if DEFAULT_SECURITY_YAMA |
645 | 645 | default "" if DEFAULT_SECURITY_DAC |
@@ -648,8 +648,8 @@ | ||
648 | 648 | + |
649 | 649 | endmenu |
650 | 650 | |
651 | ---- linux-3.10.0-514.2.2.el7.orig/security/Makefile | |
652 | -+++ linux-3.10.0-514.2.2.el7/security/Makefile | |
651 | +--- linux-3.10.0-514.6.1.el7.orig/security/Makefile | |
652 | ++++ linux-3.10.0-514.6.1.el7/security/Makefile | |
653 | 653 | @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
654 | 654 | # Object integrity file lists |
655 | 655 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -657,8 +657,8 @@ | ||
657 | 657 | + |
658 | 658 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
659 | 659 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
660 | ---- linux-3.10.0-514.2.2.el7.orig/security/security.c | |
661 | -+++ linux-3.10.0-514.2.2.el7/security/security.c | |
660 | +--- linux-3.10.0-514.6.1.el7.orig/security/security.c | |
661 | ++++ linux-3.10.0-514.6.1.el7/security/security.c | |
662 | 662 | @@ -203,7 +203,10 @@ int security_syslog(int type) |
663 | 663 | |
664 | 664 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -29,8 +29,8 @@ | ||
29 | 29 | security/security.c | 107 ++++++++++++++++++++++++++++++++++++++++------ |
30 | 30 | 25 files changed, 236 insertions(+), 37 deletions(-) |
31 | 31 | |
32 | ---- linux-3.13.0-106.153.orig/fs/exec.c | |
33 | -+++ linux-3.13.0-106.153/fs/exec.c | |
32 | +--- linux-3.13.0-107.154.orig/fs/exec.c | |
33 | ++++ linux-3.13.0-107.154/fs/exec.c | |
34 | 34 | @@ -1456,7 +1456,7 @@ static int exec_binprm(struct linux_binp |
35 | 35 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
36 | 36 | rcu_read_unlock(); |
@@ -40,8 +40,8 @@ | ||
40 | 40 | if (ret >= 0) { |
41 | 41 | audit_bprm(bprm); |
42 | 42 | trace_sched_process_exec(current, old_pid, bprm); |
43 | ---- linux-3.13.0-106.153.orig/fs/open.c | |
44 | -+++ linux-3.13.0-106.153/fs/open.c | |
43 | +--- linux-3.13.0-107.154.orig/fs/open.c | |
44 | ++++ linux-3.13.0-107.154/fs/open.c | |
45 | 45 | @@ -1088,6 +1088,8 @@ EXPORT_SYMBOL(sys_close); |
46 | 46 | */ |
47 | 47 | SYSCALL_DEFINE0(vhangup) |
@@ -51,8 +51,8 @@ | ||
51 | 51 | if (capable(CAP_SYS_TTY_CONFIG)) { |
52 | 52 | tty_vhangup_self(); |
53 | 53 | return 0; |
54 | ---- linux-3.13.0-106.153.orig/fs/proc/version.c | |
55 | -+++ linux-3.13.0-106.153/fs/proc/version.c | |
54 | +--- linux-3.13.0-107.154.orig/fs/proc/version.c | |
55 | ++++ linux-3.13.0-107.154/fs/proc/version.c | |
56 | 56 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
57 | 57 | return 0; |
58 | 58 | } |
@@ -60,12 +60,12 @@ | ||
60 | 60 | + |
61 | 61 | +static int __init ccs_show_version(void) |
62 | 62 | +{ |
63 | -+ printk(KERN_INFO "Hook version: 3.13.0-106.153 2016/12/23\n"); | |
63 | ++ printk(KERN_INFO "Hook version: 3.13.0-107.154 2017/01/16\n"); | |
64 | 64 | + return 0; |
65 | 65 | +} |
66 | 66 | +module_init(ccs_show_version); |
67 | ---- linux-3.13.0-106.153.orig/include/linux/init_task.h | |
68 | -+++ linux-3.13.0-106.153/include/linux/init_task.h | |
67 | +--- linux-3.13.0-107.154.orig/include/linux/init_task.h | |
68 | ++++ linux-3.13.0-107.154/include/linux/init_task.h | |
69 | 69 | @@ -155,6 +155,14 @@ extern struct task_group root_task_group |
70 | 70 | |
71 | 71 | #define INIT_TASK_COMM "swapper" |
@@ -89,8 +89,8 @@ | ||
89 | 89 | } |
90 | 90 | |
91 | 91 | |
92 | ---- linux-3.13.0-106.153.orig/include/linux/sched.h | |
93 | -+++ linux-3.13.0-106.153/include/linux/sched.h | |
92 | +--- linux-3.13.0-107.154.orig/include/linux/sched.h | |
93 | ++++ linux-3.13.0-107.154/include/linux/sched.h | |
94 | 94 | @@ -4,6 +4,8 @@ |
95 | 95 | #include <uapi/linux/sched.h> |
96 | 96 |
@@ -111,8 +111,8 @@ | ||
111 | 111 | }; |
112 | 112 | |
113 | 113 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
114 | ---- linux-3.13.0-106.153.orig/include/linux/security.h | |
115 | -+++ linux-3.13.0-106.153/include/linux/security.h | |
114 | +--- linux-3.13.0-107.154.orig/include/linux/security.h | |
115 | ++++ linux-3.13.0-107.154/include/linux/security.h | |
116 | 116 | @@ -53,6 +53,7 @@ struct msg_queue; |
117 | 117 | struct xattr; |
118 | 118 | struct xfrm_sec_ctx; |
@@ -314,8 +314,8 @@ | ||
314 | 314 | } |
315 | 315 | #endif /* CONFIG_SECURITY_PATH */ |
316 | 316 | |
317 | ---- linux-3.13.0-106.153.orig/include/net/ip.h | |
318 | -+++ linux-3.13.0-106.153/include/net/ip.h | |
317 | +--- linux-3.13.0-107.154.orig/include/net/ip.h | |
318 | ++++ linux-3.13.0-107.154/include/net/ip.h | |
319 | 319 | @@ -225,6 +225,8 @@ void inet_get_local_port_range(struct ne |
320 | 320 | extern unsigned long *sysctl_local_reserved_ports; |
321 | 321 | static inline int inet_is_reserved_local_port(int port) |
@@ -325,8 +325,8 @@ | ||
325 | 325 | return test_bit(port, sysctl_local_reserved_ports); |
326 | 326 | } |
327 | 327 | |
328 | ---- linux-3.13.0-106.153.orig/kernel/fork.c | |
329 | -+++ linux-3.13.0-106.153/kernel/fork.c | |
328 | +--- linux-3.13.0-107.154.orig/kernel/fork.c | |
329 | ++++ linux-3.13.0-107.154/kernel/fork.c | |
330 | 330 | @@ -248,6 +248,7 @@ void __put_task_struct(struct task_struc |
331 | 331 | delayacct_tsk_free(tsk); |
332 | 332 | put_signal_struct(tsk->signal); |
@@ -353,8 +353,8 @@ | ||
353 | 353 | bad_fork_cleanup_perf: |
354 | 354 | perf_event_free_task(p); |
355 | 355 | bad_fork_cleanup_policy: |
356 | ---- linux-3.13.0-106.153.orig/kernel/kexec.c | |
357 | -+++ linux-3.13.0-106.153/kernel/kexec.c | |
356 | +--- linux-3.13.0-107.154.orig/kernel/kexec.c | |
357 | ++++ linux-3.13.0-107.154/kernel/kexec.c | |
358 | 358 | @@ -38,6 +38,7 @@ |
359 | 359 | #include <asm/uaccess.h> |
360 | 360 | #include <asm/io.h> |
@@ -372,8 +372,8 @@ | ||
372 | 372 | |
373 | 373 | /* |
374 | 374 | * Verify we have a legal set of flags |
375 | ---- linux-3.13.0-106.153.orig/kernel/module.c | |
376 | -+++ linux-3.13.0-106.153/kernel/module.c | |
375 | +--- linux-3.13.0-107.154.orig/kernel/module.c | |
376 | ++++ linux-3.13.0-107.154/kernel/module.c | |
377 | 377 | @@ -63,6 +63,7 @@ |
378 | 378 | #include <linux/fips.h> |
379 | 379 | #include <uapi/linux/module.h> |
@@ -400,8 +400,8 @@ | ||
400 | 400 | |
401 | 401 | return 0; |
402 | 402 | } |
403 | ---- linux-3.13.0-106.153.orig/kernel/ptrace.c | |
404 | -+++ linux-3.13.0-106.153/kernel/ptrace.c | |
403 | +--- linux-3.13.0-107.154.orig/kernel/ptrace.c | |
404 | ++++ linux-3.13.0-107.154/kernel/ptrace.c | |
405 | 405 | @@ -1055,6 +1055,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
406 | 406 | { |
407 | 407 | struct task_struct *child; |
@@ -426,8 +426,8 @@ | ||
426 | 426 | |
427 | 427 | if (request == PTRACE_TRACEME) { |
428 | 428 | ret = ptrace_traceme(); |
429 | ---- linux-3.13.0-106.153.orig/kernel/reboot.c | |
430 | -+++ linux-3.13.0-106.153/kernel/reboot.c | |
429 | +--- linux-3.13.0-107.154.orig/kernel/reboot.c | |
430 | ++++ linux-3.13.0-107.154/kernel/reboot.c | |
431 | 431 | @@ -16,6 +16,7 @@ |
432 | 432 | #include <linux/syscalls.h> |
433 | 433 | #include <linux/syscore_ops.h> |
@@ -445,8 +445,8 @@ | ||
445 | 445 | |
446 | 446 | /* |
447 | 447 | * If pid namespaces are enabled and the current task is in a child |
448 | ---- linux-3.13.0-106.153.orig/kernel/sched/core.c | |
449 | -+++ linux-3.13.0-106.153/kernel/sched/core.c | |
448 | +--- linux-3.13.0-107.154.orig/kernel/sched/core.c | |
449 | ++++ linux-3.13.0-107.154/kernel/sched/core.c | |
450 | 450 | @@ -2922,6 +2922,8 @@ int can_nice(const struct task_struct *p |
451 | 451 | SYSCALL_DEFINE1(nice, int, increment) |
452 | 452 | { |
@@ -456,8 +456,8 @@ | ||
456 | 456 | |
457 | 457 | /* |
458 | 458 | * Setpriority might change our priority at the same moment. |
459 | ---- linux-3.13.0-106.153.orig/kernel/signal.c | |
460 | -+++ linux-3.13.0-106.153/kernel/signal.c | |
459 | +--- linux-3.13.0-107.154.orig/kernel/signal.c | |
460 | ++++ linux-3.13.0-107.154/kernel/signal.c | |
461 | 461 | @@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
462 | 462 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
463 | 463 | { |
@@ -503,8 +503,8 @@ | ||
503 | 503 | |
504 | 504 | return do_send_specific(tgid, pid, sig, info); |
505 | 505 | } |
506 | ---- linux-3.13.0-106.153.orig/kernel/sys.c | |
507 | -+++ linux-3.13.0-106.153/kernel/sys.c | |
506 | +--- linux-3.13.0-107.154.orig/kernel/sys.c | |
507 | ++++ linux-3.13.0-107.154/kernel/sys.c | |
508 | 508 | @@ -171,6 +171,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
509 | 509 | |
510 | 510 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -534,8 +534,8 @@ | ||
534 | 534 | |
535 | 535 | down_write(&uts_sem); |
536 | 536 | errno = -EFAULT; |
537 | ---- linux-3.13.0-106.153.orig/kernel/time/ntp.c | |
538 | -+++ linux-3.13.0-106.153/kernel/time/ntp.c | |
537 | +--- linux-3.13.0-107.154.orig/kernel/time/ntp.c | |
538 | ++++ linux-3.13.0-107.154/kernel/time/ntp.c | |
539 | 539 | @@ -16,6 +16,7 @@ |
540 | 540 | #include <linux/mm.h> |
541 | 541 | #include <linux/module.h> |
@@ -569,8 +569,8 @@ | ||
569 | 569 | |
570 | 570 | /* |
571 | 571 | * Check for potential multiplication overflows that can |
572 | ---- linux-3.13.0-106.153.orig/net/ipv4/raw.c | |
573 | -+++ linux-3.13.0-106.153/net/ipv4/raw.c | |
572 | +--- linux-3.13.0-107.154.orig/net/ipv4/raw.c | |
573 | ++++ linux-3.13.0-107.154/net/ipv4/raw.c | |
574 | 574 | @@ -706,6 +706,10 @@ static int raw_recvmsg(struct kiocb *ioc |
575 | 575 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
576 | 576 | if (!skb) |
@@ -582,8 +582,8 @@ | ||
582 | 582 | |
583 | 583 | copied = skb->len; |
584 | 584 | if (len < copied) { |
585 | ---- linux-3.13.0-106.153.orig/net/ipv4/udp.c | |
586 | -+++ linux-3.13.0-106.153/net/ipv4/udp.c | |
585 | +--- linux-3.13.0-107.154.orig/net/ipv4/udp.c | |
586 | ++++ linux-3.13.0-107.154/net/ipv4/udp.c | |
587 | 587 | @@ -1247,6 +1247,10 @@ try_again: |
588 | 588 | &peeked, &off, &err); |
589 | 589 | if (!skb) |
@@ -595,8 +595,8 @@ | ||
595 | 595 | |
596 | 596 | ulen = skb->len - sizeof(struct udphdr); |
597 | 597 | copied = len; |
598 | ---- linux-3.13.0-106.153.orig/net/ipv6/raw.c | |
599 | -+++ linux-3.13.0-106.153/net/ipv6/raw.c | |
598 | +--- linux-3.13.0-107.154.orig/net/ipv6/raw.c | |
599 | ++++ linux-3.13.0-107.154/net/ipv6/raw.c | |
600 | 600 | @@ -474,6 +474,10 @@ static int rawv6_recvmsg(struct kiocb *i |
601 | 601 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
602 | 602 | if (!skb) |
@@ -608,8 +608,8 @@ | ||
608 | 608 | |
609 | 609 | copied = skb->len; |
610 | 610 | if (copied > len) { |
611 | ---- linux-3.13.0-106.153.orig/net/ipv6/udp.c | |
612 | -+++ linux-3.13.0-106.153/net/ipv6/udp.c | |
611 | +--- linux-3.13.0-107.154.orig/net/ipv6/udp.c | |
612 | ++++ linux-3.13.0-107.154/net/ipv6/udp.c | |
613 | 613 | @@ -404,6 +404,10 @@ try_again: |
614 | 614 | &peeked, &off, &err); |
615 | 615 | if (!skb) |
@@ -621,8 +621,8 @@ | ||
621 | 621 | |
622 | 622 | ulen = skb->len - sizeof(struct udphdr); |
623 | 623 | copied = len; |
624 | ---- linux-3.13.0-106.153.orig/net/socket.c | |
625 | -+++ linux-3.13.0-106.153/net/socket.c | |
624 | +--- linux-3.13.0-107.154.orig/net/socket.c | |
625 | ++++ linux-3.13.0-107.154/net/socket.c | |
626 | 626 | @@ -1616,6 +1616,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
627 | 627 | if (err < 0) |
628 | 628 | goto out_fd; |
@@ -634,8 +634,8 @@ | ||
634 | 634 | if (upeer_sockaddr) { |
635 | 635 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
636 | 636 | &len, 2) < 0) { |
637 | ---- linux-3.13.0-106.153.orig/net/unix/af_unix.c | |
638 | -+++ linux-3.13.0-106.153/net/unix/af_unix.c | |
637 | +--- linux-3.13.0-107.154.orig/net/unix/af_unix.c | |
638 | ++++ linux-3.13.0-107.154/net/unix/af_unix.c | |
639 | 639 | @@ -1973,6 +1973,10 @@ static int unix_dgram_recvmsg(struct kio |
640 | 640 | wake_up_interruptible_sync_poll(&u->peer_wait, |
641 | 641 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -647,8 +647,8 @@ | ||
647 | 647 | if (msg->msg_name) |
648 | 648 | unix_copy_addr(msg, skb->sk); |
649 | 649 | |
650 | ---- linux-3.13.0-106.153.orig/security/Kconfig | |
651 | -+++ linux-3.13.0-106.153/security/Kconfig | |
650 | +--- linux-3.13.0-107.154.orig/security/Kconfig | |
651 | ++++ linux-3.13.0-107.154/security/Kconfig | |
652 | 652 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
653 | 653 | default "yama" if DEFAULT_SECURITY_YAMA |
654 | 654 | default "" if DEFAULT_SECURITY_DAC |
@@ -657,8 +657,8 @@ | ||
657 | 657 | + |
658 | 658 | endmenu |
659 | 659 | |
660 | ---- linux-3.13.0-106.153.orig/security/Makefile | |
661 | -+++ linux-3.13.0-106.153/security/Makefile | |
660 | +--- linux-3.13.0-107.154.orig/security/Makefile | |
661 | ++++ linux-3.13.0-107.154/security/Makefile | |
662 | 662 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
663 | 663 | # Object integrity file lists |
664 | 664 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -666,8 +666,8 @@ | ||
666 | 666 | + |
667 | 667 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
668 | 668 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
669 | ---- linux-3.13.0-106.153.orig/security/security.c | |
670 | -+++ linux-3.13.0-106.153/security/security.c | |
669 | +--- linux-3.13.0-107.154.orig/security/security.c | |
670 | ++++ linux-3.13.0-107.154/security/security.c | |
671 | 671 | @@ -203,7 +203,10 @@ int security_syslog(int type) |
672 | 672 | |
673 | 673 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 3.18.46. | |
1 | +This is TOMOYO Linux patch for kernel 3.18.47. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.46.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.47.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -29,8 +29,8 @@ | ||
29 | 29 | security/security.c | 111 +++++++++++++++++++++++++++++++++++++++++----- |
30 | 30 | 25 files changed, 252 insertions(+), 37 deletions(-) |
31 | 31 | |
32 | ---- linux-3.18.46.orig/fs/exec.c | |
33 | -+++ linux-3.18.46/fs/exec.c | |
32 | +--- linux-3.18.47.orig/fs/exec.c | |
33 | ++++ linux-3.18.47/fs/exec.c | |
34 | 34 | @@ -1436,7 +1436,7 @@ static int exec_binprm(struct linux_binp |
35 | 35 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
36 | 36 | rcu_read_unlock(); |
@@ -40,8 +40,8 @@ | ||
40 | 40 | if (ret >= 0) { |
41 | 41 | audit_bprm(bprm); |
42 | 42 | trace_sched_process_exec(current, old_pid, bprm); |
43 | ---- linux-3.18.46.orig/fs/open.c | |
44 | -+++ linux-3.18.46/fs/open.c | |
43 | +--- linux-3.18.47.orig/fs/open.c | |
44 | ++++ linux-3.18.47/fs/open.c | |
45 | 45 | @@ -1091,6 +1091,8 @@ EXPORT_SYMBOL(sys_close); |
46 | 46 | */ |
47 | 47 | SYSCALL_DEFINE0(vhangup) |
@@ -51,8 +51,8 @@ | ||
51 | 51 | if (capable(CAP_SYS_TTY_CONFIG)) { |
52 | 52 | tty_vhangup_self(); |
53 | 53 | return 0; |
54 | ---- linux-3.18.46.orig/fs/proc/version.c | |
55 | -+++ linux-3.18.46/fs/proc/version.c | |
54 | +--- linux-3.18.47.orig/fs/proc/version.c | |
55 | ++++ linux-3.18.47/fs/proc/version.c | |
56 | 56 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
57 | 57 | return 0; |
58 | 58 | } |
@@ -60,12 +60,12 @@ | ||
60 | 60 | + |
61 | 61 | +static int __init ccs_show_version(void) |
62 | 62 | +{ |
63 | -+ printk(KERN_INFO "Hook version: 3.18.46 2016/12/29\n"); | |
63 | ++ printk(KERN_INFO "Hook version: 3.18.47 2017/01/22\n"); | |
64 | 64 | + return 0; |
65 | 65 | +} |
66 | 66 | +fs_initcall(ccs_show_version); |
67 | ---- linux-3.18.46.orig/include/linux/init_task.h | |
68 | -+++ linux-3.18.46/include/linux/init_task.h | |
67 | +--- linux-3.18.47.orig/include/linux/init_task.h | |
68 | ++++ linux-3.18.47/include/linux/init_task.h | |
69 | 69 | @@ -166,6 +166,14 @@ extern struct task_group root_task_group |
70 | 70 | # define INIT_RT_MUTEXES(tsk) |
71 | 71 | #endif |
@@ -89,8 +89,8 @@ | ||
89 | 89 | } |
90 | 90 | |
91 | 91 | |
92 | ---- linux-3.18.46.orig/include/linux/sched.h | |
93 | -+++ linux-3.18.46/include/linux/sched.h | |
92 | +--- linux-3.18.47.orig/include/linux/sched.h | |
93 | ++++ linux-3.18.47/include/linux/sched.h | |
94 | 94 | @@ -6,6 +6,8 @@ |
95 | 95 | #include <linux/sched/prio.h> |
96 | 96 |
@@ -111,8 +111,8 @@ | ||
111 | 111 | }; |
112 | 112 | |
113 | 113 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
114 | ---- linux-3.18.46.orig/include/linux/security.h | |
115 | -+++ linux-3.18.46/include/linux/security.h | |
114 | +--- linux-3.18.47.orig/include/linux/security.h | |
115 | ++++ linux-3.18.47/include/linux/security.h | |
116 | 116 | @@ -53,6 +53,7 @@ struct msg_queue; |
117 | 117 | struct xattr; |
118 | 118 | struct xfrm_sec_ctx; |
@@ -324,8 +324,8 @@ | ||
324 | 324 | } |
325 | 325 | #endif /* CONFIG_SECURITY_PATH */ |
326 | 326 | |
327 | ---- linux-3.18.46.orig/include/net/ip.h | |
328 | -+++ linux-3.18.46/include/net/ip.h | |
327 | +--- linux-3.18.47.orig/include/net/ip.h | |
328 | ++++ linux-3.18.47/include/net/ip.h | |
329 | 329 | @@ -216,6 +216,8 @@ void inet_get_local_port_range(struct ne |
330 | 330 | #ifdef CONFIG_SYSCTL |
331 | 331 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -344,8 +344,8 @@ | ||
344 | 344 | return 0; |
345 | 345 | } |
346 | 346 | #endif |
347 | ---- linux-3.18.46.orig/kernel/fork.c | |
348 | -+++ linux-3.18.46/kernel/fork.c | |
347 | +--- linux-3.18.47.orig/kernel/fork.c | |
348 | ++++ linux-3.18.47/kernel/fork.c | |
349 | 349 | @@ -246,6 +246,7 @@ void __put_task_struct(struct task_struc |
350 | 350 | delayacct_tsk_free(tsk); |
351 | 351 | put_signal_struct(tsk->signal); |
@@ -372,8 +372,8 @@ | ||
372 | 372 | bad_fork_cleanup_perf: |
373 | 373 | perf_event_free_task(p); |
374 | 374 | bad_fork_cleanup_policy: |
375 | ---- linux-3.18.46.orig/kernel/kexec.c | |
376 | -+++ linux-3.18.46/kernel/kexec.c | |
375 | +--- linux-3.18.47.orig/kernel/kexec.c | |
376 | ++++ linux-3.18.47/kernel/kexec.c | |
377 | 377 | @@ -41,6 +41,7 @@ |
378 | 378 | #include <asm/uaccess.h> |
379 | 379 | #include <asm/io.h> |
@@ -391,8 +391,8 @@ | ||
391 | 391 | |
392 | 392 | /* |
393 | 393 | * Verify we have a legal set of flags |
394 | ---- linux-3.18.46.orig/kernel/module.c | |
395 | -+++ linux-3.18.46/kernel/module.c | |
394 | +--- linux-3.18.47.orig/kernel/module.c | |
395 | ++++ linux-3.18.47/kernel/module.c | |
396 | 396 | @@ -62,6 +62,7 @@ |
397 | 397 | #include <linux/bsearch.h> |
398 | 398 | #include <uapi/linux/module.h> |
@@ -419,8 +419,8 @@ | ||
419 | 419 | |
420 | 420 | return 0; |
421 | 421 | } |
422 | ---- linux-3.18.46.orig/kernel/ptrace.c | |
423 | -+++ linux-3.18.46/kernel/ptrace.c | |
422 | +--- linux-3.18.47.orig/kernel/ptrace.c | |
423 | ++++ linux-3.18.47/kernel/ptrace.c | |
424 | 424 | @@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
425 | 425 | { |
426 | 426 | struct task_struct *child; |
@@ -445,8 +445,8 @@ | ||
445 | 445 | |
446 | 446 | if (request == PTRACE_TRACEME) { |
447 | 447 | ret = ptrace_traceme(); |
448 | ---- linux-3.18.46.orig/kernel/reboot.c | |
449 | -+++ linux-3.18.46/kernel/reboot.c | |
448 | +--- linux-3.18.47.orig/kernel/reboot.c | |
449 | ++++ linux-3.18.47/kernel/reboot.c | |
450 | 450 | @@ -16,6 +16,7 @@ |
451 | 451 | #include <linux/syscalls.h> |
452 | 452 | #include <linux/syscore_ops.h> |
@@ -464,8 +464,8 @@ | ||
464 | 464 | |
465 | 465 | /* |
466 | 466 | * If pid namespaces are enabled and the current task is in a child |
467 | ---- linux-3.18.46.orig/kernel/sched/core.c | |
468 | -+++ linux-3.18.46/kernel/sched/core.c | |
467 | +--- linux-3.18.47.orig/kernel/sched/core.c | |
468 | ++++ linux-3.18.47/kernel/sched/core.c | |
469 | 469 | @@ -3217,6 +3217,8 @@ int can_nice(const struct task_struct *p |
470 | 470 | SYSCALL_DEFINE1(nice, int, increment) |
471 | 471 | { |
@@ -475,8 +475,8 @@ | ||
475 | 475 | |
476 | 476 | /* |
477 | 477 | * Setpriority might change our priority at the same moment. |
478 | ---- linux-3.18.46.orig/kernel/signal.c | |
479 | -+++ linux-3.18.46/kernel/signal.c | |
478 | +--- linux-3.18.47.orig/kernel/signal.c | |
479 | ++++ linux-3.18.47/kernel/signal.c | |
480 | 480 | @@ -2887,6 +2887,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
481 | 481 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
482 | 482 | { |
@@ -522,8 +522,8 @@ | ||
522 | 522 | |
523 | 523 | return do_send_specific(tgid, pid, sig, info); |
524 | 524 | } |
525 | ---- linux-3.18.46.orig/kernel/sys.c | |
526 | -+++ linux-3.18.46/kernel/sys.c | |
525 | +--- linux-3.18.47.orig/kernel/sys.c | |
526 | ++++ linux-3.18.47/kernel/sys.c | |
527 | 527 | @@ -171,6 +171,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
528 | 528 | |
529 | 529 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -553,8 +553,8 @@ | ||
553 | 553 | |
554 | 554 | down_write(&uts_sem); |
555 | 555 | errno = -EFAULT; |
556 | ---- linux-3.18.46.orig/kernel/time/ntp.c | |
557 | -+++ linux-3.18.46/kernel/time/ntp.c | |
556 | +--- linux-3.18.47.orig/kernel/time/ntp.c | |
557 | ++++ linux-3.18.47/kernel/time/ntp.c | |
558 | 558 | @@ -16,6 +16,7 @@ |
559 | 559 | #include <linux/mm.h> |
560 | 560 | #include <linux/module.h> |
@@ -588,8 +588,8 @@ | ||
588 | 588 | |
589 | 589 | /* |
590 | 590 | * Check for potential multiplication overflows that can |
591 | ---- linux-3.18.46.orig/net/ipv4/raw.c | |
592 | -+++ linux-3.18.46/net/ipv4/raw.c | |
591 | +--- linux-3.18.47.orig/net/ipv4/raw.c | |
592 | ++++ linux-3.18.47/net/ipv4/raw.c | |
593 | 593 | @@ -711,6 +711,10 @@ static int raw_recvmsg(struct kiocb *ioc |
594 | 594 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
595 | 595 | if (!skb) |
@@ -601,8 +601,8 @@ | ||
601 | 601 | |
602 | 602 | copied = skb->len; |
603 | 603 | if (len < copied) { |
604 | ---- linux-3.18.46.orig/net/ipv4/udp.c | |
605 | -+++ linux-3.18.46/net/ipv4/udp.c | |
604 | +--- linux-3.18.47.orig/net/ipv4/udp.c | |
605 | ++++ linux-3.18.47/net/ipv4/udp.c | |
606 | 606 | @@ -1263,6 +1263,10 @@ try_again: |
607 | 607 | &peeked, &off, &err); |
608 | 608 | if (!skb) |
@@ -614,8 +614,8 @@ | ||
614 | 614 | |
615 | 615 | ulen = skb->len - sizeof(struct udphdr); |
616 | 616 | copied = len; |
617 | ---- linux-3.18.46.orig/net/ipv6/raw.c | |
618 | -+++ linux-3.18.46/net/ipv6/raw.c | |
617 | +--- linux-3.18.47.orig/net/ipv6/raw.c | |
618 | ++++ linux-3.18.47/net/ipv6/raw.c | |
619 | 619 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct kiocb *i |
620 | 620 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
621 | 621 | if (!skb) |
@@ -627,8 +627,8 @@ | ||
627 | 627 | |
628 | 628 | copied = skb->len; |
629 | 629 | if (copied > len) { |
630 | ---- linux-3.18.46.orig/net/ipv6/udp.c | |
631 | -+++ linux-3.18.46/net/ipv6/udp.c | |
630 | +--- linux-3.18.47.orig/net/ipv6/udp.c | |
631 | ++++ linux-3.18.47/net/ipv6/udp.c | |
632 | 632 | @@ -403,6 +403,10 @@ try_again: |
633 | 633 | &peeked, &off, &err); |
634 | 634 | if (!skb) |
@@ -640,8 +640,8 @@ | ||
640 | 640 | |
641 | 641 | ulen = skb->len - sizeof(struct udphdr); |
642 | 642 | copied = len; |
643 | ---- linux-3.18.46.orig/net/socket.c | |
644 | -+++ linux-3.18.46/net/socket.c | |
643 | +--- linux-3.18.47.orig/net/socket.c | |
644 | ++++ linux-3.18.47/net/socket.c | |
645 | 645 | @@ -1637,6 +1637,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
646 | 646 | if (err < 0) |
647 | 647 | goto out_fd; |
@@ -653,8 +653,8 @@ | ||
653 | 653 | if (upeer_sockaddr) { |
654 | 654 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
655 | 655 | &len, 2) < 0) { |
656 | ---- linux-3.18.46.orig/net/unix/af_unix.c | |
657 | -+++ linux-3.18.46/net/unix/af_unix.c | |
656 | +--- linux-3.18.47.orig/net/unix/af_unix.c | |
657 | ++++ linux-3.18.47/net/unix/af_unix.c | |
658 | 658 | @@ -1990,6 +1990,10 @@ static int unix_dgram_recvmsg(struct kio |
659 | 659 | wake_up_interruptible_sync_poll(&u->peer_wait, |
660 | 660 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -666,8 +666,8 @@ | ||
666 | 666 | if (msg->msg_name) |
667 | 667 | unix_copy_addr(msg, skb->sk); |
668 | 668 | |
669 | ---- linux-3.18.46.orig/security/Kconfig | |
670 | -+++ linux-3.18.46/security/Kconfig | |
669 | +--- linux-3.18.47.orig/security/Kconfig | |
670 | ++++ linux-3.18.47/security/Kconfig | |
671 | 671 | @@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
672 | 672 | default "yama" if DEFAULT_SECURITY_YAMA |
673 | 673 | default "" if DEFAULT_SECURITY_DAC |
@@ -676,8 +676,8 @@ | ||
676 | 676 | + |
677 | 677 | endmenu |
678 | 678 | |
679 | ---- linux-3.18.46.orig/security/Makefile | |
680 | -+++ linux-3.18.46/security/Makefile | |
679 | +--- linux-3.18.47.orig/security/Makefile | |
680 | ++++ linux-3.18.47/security/Makefile | |
681 | 681 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
682 | 682 | # Object integrity file lists |
683 | 683 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -685,8 +685,8 @@ | ||
685 | 685 | + |
686 | 686 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
687 | 687 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/ |
688 | ---- linux-3.18.46.orig/security/security.c | |
689 | -+++ linux-3.18.46/security/security.c | |
688 | +--- linux-3.18.47.orig/security/security.c | |
689 | ++++ linux-3.18.47/security/security.c | |
690 | 690 | @@ -203,7 +203,10 @@ int security_syslog(int type) |
691 | 691 | |
692 | 692 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 134 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 247 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.2.82-1.orig/fs/exec.c | |
32 | -+++ linux-3.2.82-1/fs/exec.c | |
31 | +--- linux-3.2.84-1.orig/fs/exec.c | |
32 | ++++ linux-3.2.84-1/fs/exec.c | |
33 | 33 | @@ -1571,7 +1571,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.2.82-1.orig/fs/open.c | |
43 | -+++ linux-3.2.82-1/fs/open.c | |
42 | +--- linux-3.2.84-1.orig/fs/open.c | |
43 | ++++ linux-3.2.84-1/fs/open.c | |
44 | 44 | @@ -1106,6 +1106,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.2.82-1.orig/fs/proc/version.c | |
54 | -+++ linux-3.2.82-1/fs/proc/version.c | |
53 | +--- linux-3.2.84-1.orig/fs/proc/version.c | |
54 | ++++ linux-3.2.84-1/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.2.82-1 2016/10/23\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.2.84-1 2017/01/16\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.2.82-1.orig/include/linux/init_task.h | |
67 | -+++ linux-3.2.82-1/include/linux/init_task.h | |
66 | +--- linux-3.2.84-1.orig/include/linux/init_task.h | |
67 | ++++ linux-3.2.84-1/include/linux/init_task.h | |
68 | 68 | @@ -144,6 +144,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.2.82-1.orig/include/linux/sched.h | |
92 | -+++ linux-3.2.82-1/include/linux/sched.h | |
91 | +--- linux-3.2.84-1.orig/include/linux/sched.h | |
92 | ++++ linux-3.2.84-1/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.2.82-1.orig/include/linux/security.h | |
114 | -+++ linux-3.2.82-1/include/linux/security.h | |
113 | +--- linux-3.2.84-1.orig/include/linux/security.h | |
114 | ++++ linux-3.2.84-1/include/linux/security.h | |
115 | 115 | @@ -38,6 +38,7 @@ |
116 | 116 | #include <linux/slab.h> |
117 | 117 | #include <linux/xattr.h> |
@@ -310,8 +310,8 @@ | ||
310 | 310 | } |
311 | 311 | #endif /* CONFIG_SECURITY_PATH */ |
312 | 312 | |
313 | ---- linux-3.2.82-1.orig/include/net/ip.h | |
314 | -+++ linux-3.2.82-1/include/net/ip.h | |
313 | +--- linux-3.2.84-1.orig/include/net/ip.h | |
314 | ++++ linux-3.2.84-1/include/net/ip.h | |
315 | 315 | @@ -218,6 +218,8 @@ extern void inet_get_local_port_range(in |
316 | 316 | extern unsigned long *sysctl_local_reserved_ports; |
317 | 317 | static inline int inet_is_reserved_local_port(int port) |
@@ -321,8 +321,8 @@ | ||
321 | 321 | return test_bit(port, sysctl_local_reserved_ports); |
322 | 322 | } |
323 | 323 | |
324 | ---- linux-3.2.82-1.orig/kernel/fork.c | |
325 | -+++ linux-3.2.82-1/kernel/fork.c | |
324 | +--- linux-3.2.84-1.orig/kernel/fork.c | |
325 | ++++ linux-3.2.84-1/kernel/fork.c | |
326 | 326 | @@ -195,6 +195,7 @@ void __put_task_struct(struct task_struc |
327 | 327 | delayacct_tsk_free(tsk); |
328 | 328 | put_signal_struct(tsk->signal); |
@@ -349,8 +349,8 @@ | ||
349 | 349 | bad_fork_cleanup_perf: |
350 | 350 | perf_event_free_task(p); |
351 | 351 | bad_fork_cleanup_policy: |
352 | ---- linux-3.2.82-1.orig/kernel/kexec.c | |
353 | -+++ linux-3.2.82-1/kernel/kexec.c | |
352 | +--- linux-3.2.84-1.orig/kernel/kexec.c | |
353 | ++++ linux-3.2.84-1/kernel/kexec.c | |
354 | 354 | @@ -39,6 +39,7 @@ |
355 | 355 | #include <asm/io.h> |
356 | 356 | #include <asm/system.h> |
@@ -368,8 +368,8 @@ | ||
368 | 368 | |
369 | 369 | /* |
370 | 370 | * Verify we have a legal set of flags |
371 | ---- linux-3.2.82-1.orig/kernel/module.c | |
372 | -+++ linux-3.2.82-1/kernel/module.c | |
371 | +--- linux-3.2.84-1.orig/kernel/module.c | |
372 | ++++ linux-3.2.84-1/kernel/module.c | |
373 | 373 | @@ -58,6 +58,7 @@ |
374 | 374 | #include <linux/jump_label.h> |
375 | 375 | #include <linux/pfn.h> |
@@ -396,8 +396,8 @@ | ||
396 | 396 | |
397 | 397 | /* Do all the hard work */ |
398 | 398 | mod = load_module(umod, len, uargs); |
399 | ---- linux-3.2.82-1.orig/kernel/ptrace.c | |
400 | -+++ linux-3.2.82-1/kernel/ptrace.c | |
399 | +--- linux-3.2.84-1.orig/kernel/ptrace.c | |
400 | ++++ linux-3.2.84-1/kernel/ptrace.c | |
401 | 401 | @@ -928,6 +928,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
402 | 402 | { |
403 | 403 | struct task_struct *child; |
@@ -422,9 +422,9 @@ | ||
422 | 422 | |
423 | 423 | if (request == PTRACE_TRACEME) { |
424 | 424 | ret = ptrace_traceme(); |
425 | ---- linux-3.2.82-1.orig/kernel/sched.c | |
426 | -+++ linux-3.2.82-1/kernel/sched.c | |
427 | -@@ -5333,6 +5333,8 @@ int can_nice(const struct task_struct *p | |
425 | +--- linux-3.2.84-1.orig/kernel/sched.c | |
426 | ++++ linux-3.2.84-1/kernel/sched.c | |
427 | +@@ -5342,6 +5342,8 @@ int can_nice(const struct task_struct *p | |
428 | 428 | SYSCALL_DEFINE1(nice, int, increment) |
429 | 429 | { |
430 | 430 | long nice, retval; |
@@ -433,8 +433,8 @@ | ||
433 | 433 | |
434 | 434 | /* |
435 | 435 | * Setpriority might change our priority at the same moment. |
436 | ---- linux-3.2.82-1.orig/kernel/signal.c | |
437 | -+++ linux-3.2.82-1/kernel/signal.c | |
436 | +--- linux-3.2.84-1.orig/kernel/signal.c | |
437 | ++++ linux-3.2.84-1/kernel/signal.c | |
438 | 438 | @@ -2748,6 +2748,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
439 | 439 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
440 | 440 | { |
@@ -480,8 +480,8 @@ | ||
480 | 480 | |
481 | 481 | return do_send_specific(tgid, pid, sig, info); |
482 | 482 | } |
483 | ---- linux-3.2.82-1.orig/kernel/sys.c | |
484 | -+++ linux-3.2.82-1/kernel/sys.c | |
483 | +--- linux-3.2.84-1.orig/kernel/sys.c | |
484 | ++++ linux-3.2.84-1/kernel/sys.c | |
485 | 485 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
486 | 486 | |
487 | 487 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -520,8 +520,8 @@ | ||
520 | 520 | |
521 | 521 | down_write(&uts_sem); |
522 | 522 | errno = -EFAULT; |
523 | ---- linux-3.2.82-1.orig/kernel/time/ntp.c | |
524 | -+++ linux-3.2.82-1/kernel/time/ntp.c | |
523 | +--- linux-3.2.84-1.orig/kernel/time/ntp.c | |
524 | ++++ linux-3.2.84-1/kernel/time/ntp.c | |
525 | 525 | @@ -15,6 +15,7 @@ |
526 | 526 | #include <linux/time.h> |
527 | 527 | #include <linux/mm.h> |
@@ -555,8 +555,8 @@ | ||
555 | 555 | if (!(txc->modes & ADJ_NANO)) |
556 | 556 | delta.tv_nsec *= 1000; |
557 | 557 | result = timekeeping_inject_offset(&delta); |
558 | ---- linux-3.2.82-1.orig/net/ipv4/raw.c | |
559 | -+++ linux-3.2.82-1/net/ipv4/raw.c | |
558 | +--- linux-3.2.84-1.orig/net/ipv4/raw.c | |
559 | ++++ linux-3.2.84-1/net/ipv4/raw.c | |
560 | 560 | @@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc |
561 | 561 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
562 | 562 | if (!skb) |
@@ -568,8 +568,8 @@ | ||
568 | 568 | |
569 | 569 | copied = skb->len; |
570 | 570 | if (len < copied) { |
571 | ---- linux-3.2.82-1.orig/net/ipv4/udp.c | |
572 | -+++ linux-3.2.82-1/net/ipv4/udp.c | |
571 | +--- linux-3.2.84-1.orig/net/ipv4/udp.c | |
572 | ++++ linux-3.2.84-1/net/ipv4/udp.c | |
573 | 573 | @@ -1185,6 +1185,10 @@ try_again: |
574 | 574 | &peeked, &err); |
575 | 575 | if (!skb) |
@@ -581,8 +581,8 @@ | ||
581 | 581 | |
582 | 582 | ulen = skb->len - sizeof(struct udphdr); |
583 | 583 | copied = len; |
584 | ---- linux-3.2.82-1.orig/net/ipv6/raw.c | |
585 | -+++ linux-3.2.82-1/net/ipv6/raw.c | |
584 | +--- linux-3.2.84-1.orig/net/ipv6/raw.c | |
585 | ++++ linux-3.2.84-1/net/ipv6/raw.c | |
586 | 586 | @@ -465,6 +465,10 @@ static int rawv6_recvmsg(struct kiocb *i |
587 | 587 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
588 | 588 | if (!skb) |
@@ -594,8 +594,8 @@ | ||
594 | 594 | |
595 | 595 | copied = skb->len; |
596 | 596 | if (copied > len) { |
597 | ---- linux-3.2.82-1.orig/net/ipv6/udp.c | |
598 | -+++ linux-3.2.82-1/net/ipv6/udp.c | |
597 | +--- linux-3.2.84-1.orig/net/ipv6/udp.c | |
598 | ++++ linux-3.2.84-1/net/ipv6/udp.c | |
599 | 599 | @@ -359,6 +359,10 @@ try_again: |
600 | 600 | &peeked, &err); |
601 | 601 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len - sizeof(struct udphdr); |
609 | 609 | copied = len; |
610 | ---- linux-3.2.82-1.orig/net/socket.c | |
611 | -+++ linux-3.2.82-1/net/socket.c | |
610 | +--- linux-3.2.84-1.orig/net/socket.c | |
611 | ++++ linux-3.2.84-1/net/socket.c | |
612 | 612 | @@ -1531,6 +1531,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
613 | 613 | if (err < 0) |
614 | 614 | goto out_fd; |
@@ -620,8 +620,8 @@ | ||
620 | 620 | if (upeer_sockaddr) { |
621 | 621 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
622 | 622 | &len, 2) < 0) { |
623 | ---- linux-3.2.82-1.orig/net/unix/af_unix.c | |
624 | -+++ linux-3.2.82-1/net/unix/af_unix.c | |
623 | +--- linux-3.2.84-1.orig/net/unix/af_unix.c | |
624 | ++++ linux-3.2.84-1/net/unix/af_unix.c | |
625 | 625 | @@ -1957,6 +1957,10 @@ static int unix_dgram_recvmsg(struct kio |
626 | 626 | wake_up_interruptible_sync_poll(&u->peer_wait, |
627 | 627 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -633,9 +633,9 @@ | ||
633 | 633 | if (msg->msg_name) |
634 | 634 | unix_copy_addr(msg, skb->sk); |
635 | 635 | |
636 | ---- linux-3.2.82-1.orig/security/Kconfig | |
637 | -+++ linux-3.2.82-1/security/Kconfig | |
638 | -@@ -227,5 +227,7 @@ config DEFAULT_SECURITY | |
636 | +--- linux-3.2.84-1.orig/security/Kconfig | |
637 | ++++ linux-3.2.84-1/security/Kconfig | |
638 | +@@ -236,5 +236,7 @@ config DEFAULT_SECURITY | |
639 | 639 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
640 | 640 | default "" if DEFAULT_SECURITY_DAC |
641 | 641 |
@@ -643,8 +643,8 @@ | ||
643 | 643 | + |
644 | 644 | endmenu |
645 | 645 | |
646 | ---- linux-3.2.82-1.orig/security/Makefile | |
647 | -+++ linux-3.2.82-1/security/Makefile | |
646 | +--- linux-3.2.84-1.orig/security/Makefile | |
647 | ++++ linux-3.2.84-1/security/Makefile | |
648 | 648 | @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
649 | 649 | # Object integrity file lists |
650 | 650 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -652,8 +652,8 @@ | ||
652 | 652 | + |
653 | 653 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
654 | 654 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
655 | ---- linux-3.2.82-1.orig/security/security.c | |
656 | -+++ linux-3.2.82-1/security/security.c | |
655 | +--- linux-3.2.84-1.orig/security/security.c | |
656 | ++++ linux-3.2.84-1/security/security.c | |
657 | 657 | @@ -203,7 +203,10 @@ int security_syslog(int type) |
658 | 658 | |
659 | 659 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/security.c | 132 +++++++++++++++++++++++++++++++++++++--------- |
29 | 29 | 24 files changed, 245 insertions(+), 49 deletions(-) |
30 | 30 | |
31 | ---- linux-3.2.0-119.162.orig/fs/exec.c | |
32 | -+++ linux-3.2.0-119.162/fs/exec.c | |
31 | +--- linux-3.2.0-120.163.orig/fs/exec.c | |
32 | ++++ linux-3.2.0-120.163/fs/exec.c | |
33 | 33 | @@ -1582,7 +1582,7 @@ static int do_execve_common(const char * |
34 | 34 | if (retval < 0) |
35 | 35 | goto out; |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (retval < 0) |
40 | 40 | goto out; |
41 | 41 | |
42 | ---- linux-3.2.0-119.162.orig/fs/open.c | |
43 | -+++ linux-3.2.0-119.162/fs/open.c | |
42 | +--- linux-3.2.0-120.163.orig/fs/open.c | |
43 | ++++ linux-3.2.0-120.163/fs/open.c | |
44 | 44 | @@ -1129,6 +1129,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-3.2.0-119.162.orig/fs/proc/version.c | |
54 | -+++ linux-3.2.0-119.162/fs/proc/version.c | |
53 | +--- linux-3.2.0-120.163.orig/fs/proc/version.c | |
54 | ++++ linux-3.2.0-120.163/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 3.2.0-119.162 2016/12/23\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 3.2.0-120.163 2017/01/16\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +module_init(ccs_show_version); |
66 | ---- linux-3.2.0-119.162.orig/include/linux/init_task.h | |
67 | -+++ linux-3.2.0-119.162/include/linux/init_task.h | |
66 | +--- linux-3.2.0-120.163.orig/include/linux/init_task.h | |
67 | ++++ linux-3.2.0-120.163/include/linux/init_task.h | |
68 | 68 | @@ -144,6 +144,14 @@ extern struct task_group root_task_group |
69 | 69 | |
70 | 70 | #define INIT_TASK_COMM "swapper" |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-3.2.0-119.162.orig/include/linux/sched.h | |
92 | -+++ linux-3.2.0-119.162/include/linux/sched.h | |
91 | +--- linux-3.2.0-120.163.orig/include/linux/sched.h | |
92 | ++++ linux-3.2.0-120.163/include/linux/sched.h | |
93 | 93 | @@ -44,6 +44,8 @@ |
94 | 94 | |
95 | 95 | #ifdef __KERNEL__ |
@@ -110,8 +110,8 @@ | ||
110 | 110 | }; |
111 | 111 | |
112 | 112 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 | ---- linux-3.2.0-119.162.orig/include/linux/security.h | |
114 | -+++ linux-3.2.0-119.162/include/linux/security.h | |
113 | +--- linux-3.2.0-120.163.orig/include/linux/security.h | |
114 | ++++ linux-3.2.0-120.163/include/linux/security.h | |
115 | 115 | @@ -38,6 +38,7 @@ |
116 | 116 | #include <linux/slab.h> |
117 | 117 | #include <linux/xattr.h> |
@@ -308,8 +308,8 @@ | ||
308 | 308 | } |
309 | 309 | #endif /* CONFIG_SECURITY_PATH */ |
310 | 310 | |
311 | ---- linux-3.2.0-119.162.orig/include/net/ip.h | |
312 | -+++ linux-3.2.0-119.162/include/net/ip.h | |
311 | +--- linux-3.2.0-120.163.orig/include/net/ip.h | |
312 | ++++ linux-3.2.0-120.163/include/net/ip.h | |
313 | 313 | @@ -218,6 +218,8 @@ extern void inet_get_local_port_range(in |
314 | 314 | extern unsigned long *sysctl_local_reserved_ports; |
315 | 315 | static inline int inet_is_reserved_local_port(int port) |
@@ -319,8 +319,8 @@ | ||
319 | 319 | return test_bit(port, sysctl_local_reserved_ports); |
320 | 320 | } |
321 | 321 | |
322 | ---- linux-3.2.0-119.162.orig/kernel/fork.c | |
323 | -+++ linux-3.2.0-119.162/kernel/fork.c | |
322 | +--- linux-3.2.0-120.163.orig/kernel/fork.c | |
323 | ++++ linux-3.2.0-120.163/kernel/fork.c | |
324 | 324 | @@ -198,6 +198,7 @@ void __put_task_struct(struct task_struc |
325 | 325 | delayacct_tsk_free(tsk); |
326 | 326 | put_signal_struct(tsk->signal); |
@@ -347,8 +347,8 @@ | ||
347 | 347 | bad_fork_cleanup_perf: |
348 | 348 | perf_event_free_task(p); |
349 | 349 | bad_fork_cleanup_policy: |
350 | ---- linux-3.2.0-119.162.orig/kernel/kexec.c | |
351 | -+++ linux-3.2.0-119.162/kernel/kexec.c | |
350 | +--- linux-3.2.0-120.163.orig/kernel/kexec.c | |
351 | ++++ linux-3.2.0-120.163/kernel/kexec.c | |
352 | 352 | @@ -39,6 +39,7 @@ |
353 | 353 | #include <asm/io.h> |
354 | 354 | #include <asm/system.h> |
@@ -366,8 +366,8 @@ | ||
366 | 366 | |
367 | 367 | /* Processes in containers must not be allowed to load a new |
368 | 368 | * kernel, even if they have CAP_SYS_BOOT */ |
369 | ---- linux-3.2.0-119.162.orig/kernel/module.c | |
370 | -+++ linux-3.2.0-119.162/kernel/module.c | |
369 | +--- linux-3.2.0-120.163.orig/kernel/module.c | |
370 | ++++ linux-3.2.0-120.163/kernel/module.c | |
371 | 371 | @@ -58,6 +58,7 @@ |
372 | 372 | #include <linux/jump_label.h> |
373 | 373 | #include <linux/pfn.h> |
@@ -394,8 +394,8 @@ | ||
394 | 394 | |
395 | 395 | /* Do all the hard work */ |
396 | 396 | mod = load_module(umod, len, uargs); |
397 | ---- linux-3.2.0-119.162.orig/kernel/ptrace.c | |
398 | -+++ linux-3.2.0-119.162/kernel/ptrace.c | |
397 | +--- linux-3.2.0-120.163.orig/kernel/ptrace.c | |
398 | ++++ linux-3.2.0-120.163/kernel/ptrace.c | |
399 | 399 | @@ -931,6 +931,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
400 | 400 | { |
401 | 401 | struct task_struct *child; |
@@ -420,8 +420,8 @@ | ||
420 | 420 | |
421 | 421 | if (request == PTRACE_TRACEME) { |
422 | 422 | ret = ptrace_traceme(); |
423 | ---- linux-3.2.0-119.162.orig/kernel/sched.c | |
424 | -+++ linux-3.2.0-119.162/kernel/sched.c | |
423 | +--- linux-3.2.0-120.163.orig/kernel/sched.c | |
424 | ++++ linux-3.2.0-120.163/kernel/sched.c | |
425 | 425 | @@ -5317,6 +5317,8 @@ int can_nice(const struct task_struct *p |
426 | 426 | SYSCALL_DEFINE1(nice, int, increment) |
427 | 427 | { |
@@ -431,8 +431,8 @@ | ||
431 | 431 | |
432 | 432 | /* |
433 | 433 | * Setpriority might change our priority at the same moment. |
434 | ---- linux-3.2.0-119.162.orig/kernel/signal.c | |
435 | -+++ linux-3.2.0-119.162/kernel/signal.c | |
434 | +--- linux-3.2.0-120.163.orig/kernel/signal.c | |
435 | ++++ linux-3.2.0-120.163/kernel/signal.c | |
436 | 436 | @@ -2755,6 +2755,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
437 | 437 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
438 | 438 | { |
@@ -478,8 +478,8 @@ | ||
478 | 478 | |
479 | 479 | return do_send_specific(tgid, pid, sig, info); |
480 | 480 | } |
481 | ---- linux-3.2.0-119.162.orig/kernel/sys.c | |
482 | -+++ linux-3.2.0-119.162/kernel/sys.c | |
481 | +--- linux-3.2.0-120.163.orig/kernel/sys.c | |
482 | ++++ linux-3.2.0-120.163/kernel/sys.c | |
483 | 483 | @@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
484 | 484 | |
485 | 485 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -518,8 +518,8 @@ | ||
518 | 518 | |
519 | 519 | down_write(&uts_sem); |
520 | 520 | errno = -EFAULT; |
521 | ---- linux-3.2.0-119.162.orig/kernel/time/ntp.c | |
522 | -+++ linux-3.2.0-119.162/kernel/time/ntp.c | |
521 | +--- linux-3.2.0-120.163.orig/kernel/time/ntp.c | |
522 | ++++ linux-3.2.0-120.163/kernel/time/ntp.c | |
523 | 523 | @@ -15,6 +15,7 @@ |
524 | 524 | #include <linux/time.h> |
525 | 525 | #include <linux/mm.h> |
@@ -553,8 +553,8 @@ | ||
553 | 553 | if (!(txc->modes & ADJ_NANO)) |
554 | 554 | delta.tv_nsec *= 1000; |
555 | 555 | result = timekeeping_inject_offset(&delta); |
556 | ---- linux-3.2.0-119.162.orig/net/ipv4/raw.c | |
557 | -+++ linux-3.2.0-119.162/net/ipv4/raw.c | |
556 | +--- linux-3.2.0-120.163.orig/net/ipv4/raw.c | |
557 | ++++ linux-3.2.0-120.163/net/ipv4/raw.c | |
558 | 558 | @@ -697,6 +697,10 @@ static int raw_recvmsg(struct kiocb *ioc |
559 | 559 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
560 | 560 | if (!skb) |
@@ -566,8 +566,8 @@ | ||
566 | 566 | |
567 | 567 | copied = skb->len; |
568 | 568 | if (len < copied) { |
569 | ---- linux-3.2.0-119.162.orig/net/ipv4/udp.c | |
570 | -+++ linux-3.2.0-119.162/net/ipv4/udp.c | |
569 | +--- linux-3.2.0-120.163.orig/net/ipv4/udp.c | |
570 | ++++ linux-3.2.0-120.163/net/ipv4/udp.c | |
571 | 571 | @@ -1183,6 +1183,10 @@ try_again: |
572 | 572 | &peeked, &err); |
573 | 573 | if (!skb) |
@@ -579,8 +579,8 @@ | ||
579 | 579 | |
580 | 580 | ulen = skb->len - sizeof(struct udphdr); |
581 | 581 | copied = len; |
582 | ---- linux-3.2.0-119.162.orig/net/ipv6/raw.c | |
583 | -+++ linux-3.2.0-119.162/net/ipv6/raw.c | |
582 | +--- linux-3.2.0-120.163.orig/net/ipv6/raw.c | |
583 | ++++ linux-3.2.0-120.163/net/ipv6/raw.c | |
584 | 584 | @@ -465,6 +465,10 @@ static int rawv6_recvmsg(struct kiocb *i |
585 | 585 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
586 | 586 | if (!skb) |
@@ -592,8 +592,8 @@ | ||
592 | 592 | |
593 | 593 | copied = skb->len; |
594 | 594 | if (copied > len) { |
595 | ---- linux-3.2.0-119.162.orig/net/ipv6/udp.c | |
596 | -+++ linux-3.2.0-119.162/net/ipv6/udp.c | |
595 | +--- linux-3.2.0-120.163.orig/net/ipv6/udp.c | |
596 | ++++ linux-3.2.0-120.163/net/ipv6/udp.c | |
597 | 597 | @@ -359,6 +359,10 @@ try_again: |
598 | 598 | &peeked, &err); |
599 | 599 | if (!skb) |
@@ -605,8 +605,8 @@ | ||
605 | 605 | |
606 | 606 | ulen = skb->len - sizeof(struct udphdr); |
607 | 607 | copied = len; |
608 | ---- linux-3.2.0-119.162.orig/net/socket.c | |
609 | -+++ linux-3.2.0-119.162/net/socket.c | |
608 | +--- linux-3.2.0-120.163.orig/net/socket.c | |
609 | ++++ linux-3.2.0-120.163/net/socket.c | |
610 | 610 | @@ -1531,6 +1531,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
611 | 611 | if (err < 0) |
612 | 612 | goto out_fd; |
@@ -618,8 +618,8 @@ | ||
618 | 618 | if (upeer_sockaddr) { |
619 | 619 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
620 | 620 | &len, 2) < 0) { |
621 | ---- linux-3.2.0-119.162.orig/net/unix/af_unix.c | |
622 | -+++ linux-3.2.0-119.162/net/unix/af_unix.c | |
621 | +--- linux-3.2.0-120.163.orig/net/unix/af_unix.c | |
622 | ++++ linux-3.2.0-120.163/net/unix/af_unix.c | |
623 | 623 | @@ -1957,6 +1957,10 @@ static int unix_dgram_recvmsg(struct kio |
624 | 624 | wake_up_interruptible_sync_poll(&u->peer_wait, |
625 | 625 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -631,8 +631,8 @@ | ||
631 | 631 | if (msg->msg_name) |
632 | 632 | unix_copy_addr(msg, skb->sk); |
633 | 633 | |
634 | ---- linux-3.2.0-119.162.orig/security/Kconfig | |
635 | -+++ linux-3.2.0-119.162/security/Kconfig | |
634 | +--- linux-3.2.0-120.163.orig/security/Kconfig | |
635 | ++++ linux-3.2.0-120.163/security/Kconfig | |
636 | 636 | @@ -233,5 +233,7 @@ config DEFAULT_SECURITY |
637 | 637 | default "yama" if DEFAULT_SECURITY_YAMA |
638 | 638 | default "" if DEFAULT_SECURITY_DAC |
@@ -641,8 +641,8 @@ | ||
641 | 641 | + |
642 | 642 | endmenu |
643 | 643 | |
644 | ---- linux-3.2.0-119.162.orig/security/Makefile | |
645 | -+++ linux-3.2.0-119.162/security/Makefile | |
644 | +--- linux-3.2.0-120.163.orig/security/Makefile | |
645 | ++++ linux-3.2.0-120.163/security/Makefile | |
646 | 646 | @@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
647 | 647 | # Object integrity file lists |
648 | 648 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -650,8 +650,8 @@ | ||
650 | 650 | + |
651 | 651 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
652 | 652 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
653 | ---- linux-3.2.0-119.162.orig/security/security.c | |
654 | -+++ linux-3.2.0-119.162/security/security.c | |
653 | +--- linux-3.2.0-120.163.orig/security/security.c | |
654 | ++++ linux-3.2.0-120.163/security/security.c | |
655 | 655 | @@ -206,7 +206,10 @@ int security_syslog(int type) |
656 | 656 | |
657 | 657 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 4.1.37. | |
1 | +This is TOMOYO Linux patch for kernel 4.1.38. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.1.37.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.1.38.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 |
6 | 6 | fs/open.c | 2 |
@@ -29,8 +29,8 @@ | ||
29 | 29 | security/security.c | 110 ++++++++++++++++++++++++++++++++++++++++------ |
30 | 30 | 25 files changed, 248 insertions(+), 37 deletions(-) |
31 | 31 | |
32 | ---- linux-4.1.37.orig/fs/exec.c | |
33 | -+++ linux-4.1.37/fs/exec.c | |
32 | +--- linux-4.1.38.orig/fs/exec.c | |
33 | ++++ linux-4.1.38/fs/exec.c | |
34 | 34 | @@ -1461,7 +1461,7 @@ static int exec_binprm(struct linux_binp |
35 | 35 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
36 | 36 | rcu_read_unlock(); |
@@ -40,8 +40,8 @@ | ||
40 | 40 | if (ret >= 0) { |
41 | 41 | audit_bprm(bprm); |
42 | 42 | trace_sched_process_exec(current, old_pid, bprm); |
43 | ---- linux-4.1.37.orig/fs/open.c | |
44 | -+++ linux-4.1.37/fs/open.c | |
43 | +--- linux-4.1.38.orig/fs/open.c | |
44 | ++++ linux-4.1.38/fs/open.c | |
45 | 45 | @@ -1107,6 +1107,8 @@ EXPORT_SYMBOL(sys_close); |
46 | 46 | */ |
47 | 47 | SYSCALL_DEFINE0(vhangup) |
@@ -51,8 +51,8 @@ | ||
51 | 51 | if (capable(CAP_SYS_TTY_CONFIG)) { |
52 | 52 | tty_vhangup_self(); |
53 | 53 | return 0; |
54 | ---- linux-4.1.37.orig/fs/proc/version.c | |
55 | -+++ linux-4.1.37/fs/proc/version.c | |
54 | +--- linux-4.1.38.orig/fs/proc/version.c | |
55 | ++++ linux-4.1.38/fs/proc/version.c | |
56 | 56 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
57 | 57 | return 0; |
58 | 58 | } |
@@ -60,12 +60,12 @@ | ||
60 | 60 | + |
61 | 61 | +static int __init ccs_show_version(void) |
62 | 62 | +{ |
63 | -+ printk(KERN_INFO "Hook version: 4.1.37 2016/12/29\n"); | |
63 | ++ printk(KERN_INFO "Hook version: 4.1.38 2017/01/22\n"); | |
64 | 64 | + return 0; |
65 | 65 | +} |
66 | 66 | +fs_initcall(ccs_show_version); |
67 | ---- linux-4.1.37.orig/include/linux/init_task.h | |
68 | -+++ linux-4.1.37/include/linux/init_task.h | |
67 | +--- linux-4.1.38.orig/include/linux/init_task.h | |
68 | ++++ linux-4.1.38/include/linux/init_task.h | |
69 | 69 | @@ -182,6 +182,14 @@ extern struct task_group root_task_group |
70 | 70 | # define INIT_KASAN(tsk) |
71 | 71 | #endif |
@@ -89,8 +89,8 @@ | ||
89 | 89 | } |
90 | 90 | |
91 | 91 | |
92 | ---- linux-4.1.37.orig/include/linux/sched.h | |
93 | -+++ linux-4.1.37/include/linux/sched.h | |
92 | +--- linux-4.1.38.orig/include/linux/sched.h | |
93 | ++++ linux-4.1.38/include/linux/sched.h | |
94 | 94 | @@ -6,6 +6,8 @@ |
95 | 95 | #include <linux/sched/prio.h> |
96 | 96 |
@@ -111,8 +111,8 @@ | ||
111 | 111 | }; |
112 | 112 | |
113 | 113 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
114 | ---- linux-4.1.37.orig/include/linux/security.h | |
115 | -+++ linux-4.1.37/include/linux/security.h | |
114 | +--- linux-4.1.38.orig/include/linux/security.h | |
115 | ++++ linux-4.1.38/include/linux/security.h | |
116 | 116 | @@ -53,6 +53,7 @@ struct msg_queue; |
117 | 117 | struct xattr; |
118 | 118 | struct xfrm_sec_ctx; |
@@ -319,8 +319,8 @@ | ||
319 | 319 | } |
320 | 320 | #endif /* CONFIG_SECURITY_PATH */ |
321 | 321 | |
322 | ---- linux-4.1.37.orig/include/net/ip.h | |
323 | -+++ linux-4.1.37/include/net/ip.h | |
322 | +--- linux-4.1.38.orig/include/net/ip.h | |
323 | ++++ linux-4.1.38/include/net/ip.h | |
324 | 324 | @@ -217,6 +217,8 @@ void inet_get_local_port_range(struct ne |
325 | 325 | #ifdef CONFIG_SYSCTL |
326 | 326 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -339,8 +339,8 @@ | ||
339 | 339 | return 0; |
340 | 340 | } |
341 | 341 | #endif |
342 | ---- linux-4.1.37.orig/kernel/fork.c | |
343 | -+++ linux-4.1.37/kernel/fork.c | |
342 | +--- linux-4.1.38.orig/kernel/fork.c | |
343 | ++++ linux-4.1.38/kernel/fork.c | |
344 | 344 | @@ -257,6 +257,7 @@ void __put_task_struct(struct task_struc |
345 | 345 | delayacct_tsk_free(tsk); |
346 | 346 | put_signal_struct(tsk->signal); |
@@ -367,8 +367,8 @@ | ||
367 | 367 | bad_fork_cleanup_perf: |
368 | 368 | perf_event_free_task(p); |
369 | 369 | bad_fork_cleanup_policy: |
370 | ---- linux-4.1.37.orig/kernel/kexec.c | |
371 | -+++ linux-4.1.37/kernel/kexec.c | |
370 | +--- linux-4.1.38.orig/kernel/kexec.c | |
371 | ++++ linux-4.1.38/kernel/kexec.c | |
372 | 372 | @@ -41,6 +41,7 @@ |
373 | 373 | #include <asm/uaccess.h> |
374 | 374 | #include <asm/io.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.1.37.orig/kernel/module.c | |
390 | -+++ linux-4.1.37/kernel/module.c | |
389 | +--- linux-4.1.38.orig/kernel/module.c | |
390 | ++++ linux-4.1.38/kernel/module.c | |
391 | 391 | @@ -61,6 +61,7 @@ |
392 | 392 | #include <linux/bsearch.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,8 +414,8 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.1.37.orig/kernel/ptrace.c | |
418 | -+++ linux-4.1.37/kernel/ptrace.c | |
417 | +--- linux-4.1.38.orig/kernel/ptrace.c | |
418 | ++++ linux-4.1.38/kernel/ptrace.c | |
419 | 419 | @@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.1.37.orig/kernel/reboot.c | |
444 | -+++ linux-4.1.37/kernel/reboot.c | |
443 | +--- linux-4.1.38.orig/kernel/reboot.c | |
444 | ++++ linux-4.1.38/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.1.37.orig/kernel/sched/core.c | |
463 | -+++ linux-4.1.37/kernel/sched/core.c | |
462 | +--- linux-4.1.38.orig/kernel/sched/core.c | |
463 | ++++ linux-4.1.38/kernel/sched/core.c | |
464 | 464 | @@ -3174,6 +3174,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.1.37.orig/kernel/signal.c | |
474 | -+++ linux-4.1.37/kernel/signal.c | |
473 | +--- linux-4.1.38.orig/kernel/signal.c | |
474 | ++++ linux-4.1.38/kernel/signal.c | |
475 | 475 | @@ -2901,6 +2901,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.1.37.orig/kernel/sys.c | |
521 | -+++ linux-4.1.37/kernel/sys.c | |
520 | +--- linux-4.1.38.orig/kernel/sys.c | |
521 | ++++ linux-4.1.38/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.1.37.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.1.37/kernel/time/ntp.c | |
551 | +--- linux-4.1.38.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.1.38/kernel/time/ntp.c | |
553 | 553 | @@ -16,6 +16,7 @@ |
554 | 554 | #include <linux/mm.h> |
555 | 555 | #include <linux/module.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | /* |
585 | 585 | * Check for potential multiplication overflows that can |
586 | ---- linux-4.1.37.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.1.37/net/ipv4/raw.c | |
586 | +--- linux-4.1.38.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.1.38/net/ipv4/raw.c | |
588 | 588 | @@ -729,6 +729,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.1.37.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.1.37/net/ipv4/udp.c | |
599 | +--- linux-4.1.38.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.1.38/net/ipv4/udp.c | |
601 | 601 | @@ -1274,6 +1274,10 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -609,8 +609,8 @@ | ||
609 | 609 | |
610 | 610 | ulen = skb->len - sizeof(struct udphdr); |
611 | 611 | copied = len; |
612 | ---- linux-4.1.37.orig/net/ipv6/raw.c | |
613 | -+++ linux-4.1.37/net/ipv6/raw.c | |
612 | +--- linux-4.1.38.orig/net/ipv6/raw.c | |
613 | ++++ linux-4.1.38/net/ipv6/raw.c | |
614 | 614 | @@ -477,6 +477,10 @@ static int rawv6_recvmsg(struct sock *sk |
615 | 615 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
616 | 616 | if (!skb) |
@@ -622,8 +622,8 @@ | ||
622 | 622 | |
623 | 623 | copied = skb->len; |
624 | 624 | if (copied > len) { |
625 | ---- linux-4.1.37.orig/net/ipv6/udp.c | |
626 | -+++ linux-4.1.37/net/ipv6/udp.c | |
625 | +--- linux-4.1.38.orig/net/ipv6/udp.c | |
626 | ++++ linux-4.1.38/net/ipv6/udp.c | |
627 | 627 | @@ -413,6 +413,10 @@ try_again: |
628 | 628 | &peeked, &off, &err); |
629 | 629 | if (!skb) |
@@ -635,8 +635,8 @@ | ||
635 | 635 | |
636 | 636 | ulen = skb->len - sizeof(struct udphdr); |
637 | 637 | copied = len; |
638 | ---- linux-4.1.37.orig/net/socket.c | |
639 | -+++ linux-4.1.37/net/socket.c | |
638 | +--- linux-4.1.38.orig/net/socket.c | |
639 | ++++ linux-4.1.38/net/socket.c | |
640 | 640 | @@ -1485,6 +1485,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
641 | 641 | if (err < 0) |
642 | 642 | goto out_fd; |
@@ -648,8 +648,8 @@ | ||
648 | 648 | if (upeer_sockaddr) { |
649 | 649 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
650 | 650 | &len, 2) < 0) { |
651 | ---- linux-4.1.37.orig/net/unix/af_unix.c | |
652 | -+++ linux-4.1.37/net/unix/af_unix.c | |
651 | +--- linux-4.1.38.orig/net/unix/af_unix.c | |
652 | ++++ linux-4.1.38/net/unix/af_unix.c | |
653 | 653 | @@ -1978,6 +1978,10 @@ static int unix_dgram_recvmsg(struct soc |
654 | 654 | wake_up_interruptible_sync_poll(&u->peer_wait, |
655 | 655 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -661,8 +661,8 @@ | ||
661 | 661 | if (msg->msg_name) |
662 | 662 | unix_copy_addr(msg, skb->sk); |
663 | 663 | |
664 | ---- linux-4.1.37.orig/security/Kconfig | |
665 | -+++ linux-4.1.37/security/Kconfig | |
664 | +--- linux-4.1.38.orig/security/Kconfig | |
665 | ++++ linux-4.1.38/security/Kconfig | |
666 | 666 | @@ -168,5 +168,7 @@ config DEFAULT_SECURITY |
667 | 667 | default "yama" if DEFAULT_SECURITY_YAMA |
668 | 668 | default "" if DEFAULT_SECURITY_DAC |
@@ -671,8 +671,8 @@ | ||
671 | 671 | + |
672 | 672 | endmenu |
673 | 673 | |
674 | ---- linux-4.1.37.orig/security/Makefile | |
675 | -+++ linux-4.1.37/security/Makefile | |
674 | +--- linux-4.1.38.orig/security/Makefile | |
675 | ++++ linux-4.1.38/security/Makefile | |
676 | 676 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
677 | 677 | # Object integrity file lists |
678 | 678 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -680,8 +680,8 @@ | ||
680 | 680 | + |
681 | 681 | +subdir-$(CONFIG_CCSECURITY) += ccsecurity |
682 | 682 | +obj-$(CONFIG_CCSECURITY) += ccsecurity/ |
683 | ---- linux-4.1.37.orig/security/security.c | |
684 | -+++ linux-4.1.37/security/security.c | |
683 | +--- linux-4.1.38.orig/security/security.c | |
684 | ++++ linux-4.1.38/security/security.c | |
685 | 685 | @@ -226,7 +226,10 @@ int security_syslog(int type) |
686 | 686 | |
687 | 687 | int security_settime(const struct timespec *ts, const struct timezone *tz) |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 4.10-rc1. | |
1 | +This is TOMOYO Linux patch for kernel 4.10-rc4. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.10-rc1.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.10-rc4.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 - |
6 | 6 | fs/open.c | 2 + |
@@ -28,8 +28,8 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 147 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.10-rc1.orig/fs/exec.c | |
32 | -+++ linux-4.10-rc1/fs/exec.c | |
31 | +--- linux-4.10-rc4.orig/fs/exec.c | |
32 | ++++ linux-4.10-rc4/fs/exec.c | |
33 | 33 | @@ -1642,7 +1642,7 @@ static int exec_binprm(struct linux_binp |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.10-rc1.orig/fs/open.c | |
43 | -+++ linux-4.10-rc1/fs/open.c | |
42 | +--- linux-4.10-rc4.orig/fs/open.c | |
43 | ++++ linux-4.10-rc4/fs/open.c | |
44 | 44 | @@ -1145,6 +1145,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.10-rc1.orig/fs/proc/version.c | |
54 | -+++ linux-4.10-rc1/fs/proc/version.c | |
53 | +--- linux-4.10-rc4.orig/fs/proc/version.c | |
54 | ++++ linux-4.10-rc4/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.10-rc1 2016/12/26\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.10-rc4 2017/01/16\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.10-rc1.orig/include/linux/init_task.h | |
67 | -+++ linux-4.10-rc1/include/linux/init_task.h | |
66 | +--- linux-4.10-rc4.orig/include/linux/init_task.h | |
67 | ++++ linux-4.10-rc4/include/linux/init_task.h | |
68 | 68 | @@ -193,6 +193,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_TASK_TI(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.10-rc1.orig/include/linux/sched.h | |
92 | -+++ linux-4.10-rc1/include/linux/sched.h | |
91 | +--- linux-4.10-rc4.orig/include/linux/sched.h | |
92 | ++++ linux-4.10-rc4/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -99,7 +99,7 @@ | ||
99 | 99 | struct sched_param { |
100 | 100 | int sched_priority; |
101 | 101 | }; |
102 | -@@ -1988,6 +1990,10 @@ struct task_struct { | |
102 | +@@ -1998,6 +2000,10 @@ struct task_struct { | |
103 | 103 | /* A live task holds one reference. */ |
104 | 104 | atomic_t stack_refcount; |
105 | 105 | #endif |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.10-rc1.orig/include/linux/security.h | |
114 | -+++ linux-4.10-rc1/include/linux/security.h | |
113 | +--- linux-4.10-rc4.orig/include/linux/security.h | |
114 | ++++ linux-4.10-rc4/include/linux/security.h | |
115 | 115 | @@ -55,6 +55,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.10-rc1.orig/include/net/ip.h | |
322 | -+++ linux-4.10-rc1/include/net/ip.h | |
321 | +--- linux-4.10-rc4.orig/include/net/ip.h | |
322 | ++++ linux-4.10-rc4/include/net/ip.h | |
323 | 323 | @@ -253,6 +253,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.10-rc1.orig/kernel/fork.c | |
342 | -+++ linux-4.10-rc1/kernel/fork.c | |
341 | +--- linux-4.10-rc4.orig/kernel/fork.c | |
342 | ++++ linux-4.10-rc4/kernel/fork.c | |
343 | 343 | @@ -392,6 +392,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.10-rc1.orig/kernel/kexec.c | |
370 | -+++ linux-4.10-rc1/kernel/kexec.c | |
369 | +--- linux-4.10-rc4.orig/kernel/kexec.c | |
370 | ++++ linux-4.10-rc4/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.10-rc1.orig/kernel/module.c | |
390 | -+++ linux-4.10-rc1/kernel/module.c | |
389 | +--- linux-4.10-rc4.orig/kernel/module.c | |
390 | ++++ linux-4.10-rc4/kernel/module.c | |
391 | 391 | @@ -63,6 +63,7 @@ |
392 | 392 | #include <linux/dynamic_debug.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,8 +414,8 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.10-rc1.orig/kernel/ptrace.c | |
418 | -+++ linux-4.10-rc1/kernel/ptrace.c | |
417 | +--- linux-4.10-rc4.orig/kernel/ptrace.c | |
418 | ++++ linux-4.10-rc4/kernel/ptrace.c | |
419 | 419 | @@ -1110,6 +1110,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.10-rc1.orig/kernel/reboot.c | |
444 | -+++ linux-4.10-rc1/kernel/reboot.c | |
443 | +--- linux-4.10-rc4.orig/kernel/reboot.c | |
444 | ++++ linux-4.10-rc4/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.10-rc1.orig/kernel/sched/core.c | |
463 | -+++ linux-4.10-rc1/kernel/sched/core.c | |
462 | +--- linux-4.10-rc4.orig/kernel/sched/core.c | |
463 | ++++ linux-4.10-rc4/kernel/sched/core.c | |
464 | 464 | @@ -3812,6 +3812,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.10-rc1.orig/kernel/signal.c | |
474 | -+++ linux-4.10-rc1/kernel/signal.c | |
473 | +--- linux-4.10-rc4.orig/kernel/signal.c | |
474 | ++++ linux-4.10-rc4/kernel/signal.c | |
475 | 475 | @@ -2860,6 +2860,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.10-rc1.orig/kernel/sys.c | |
521 | -+++ linux-4.10-rc1/kernel/sys.c | |
520 | +--- linux-4.10-rc4.orig/kernel/sys.c | |
521 | ++++ linux-4.10-rc4/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.10-rc1.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.10-rc1/kernel/time/ntp.c | |
551 | +--- linux-4.10-rc4.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.10-rc4/kernel/time/ntp.c | |
553 | 553 | @@ -17,6 +17,7 @@ |
554 | 554 | #include <linux/module.h> |
555 | 555 | #include <linux/rtc.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.10-rc1.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.10-rc1/net/ipv4/raw.c | |
586 | +--- linux-4.10-rc4.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.10-rc4/net/ipv4/raw.c | |
588 | 588 | @@ -746,6 +746,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.10-rc1.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.10-rc1/net/ipv4/udp.c | |
599 | +--- linux-4.10-rc4.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.10-rc4/net/ipv4/udp.c | |
601 | 601 | @@ -1436,6 +1436,8 @@ try_again: |
602 | 602 | skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len; |
609 | 609 | copied = len; |
610 | ---- linux-4.10-rc1.orig/net/ipv6/raw.c | |
611 | -+++ linux-4.10-rc1/net/ipv6/raw.c | |
610 | +--- linux-4.10-rc4.orig/net/ipv6/raw.c | |
611 | ++++ linux-4.10-rc4/net/ipv6/raw.c | |
612 | 612 | @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk |
613 | 613 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
614 | 614 | if (!skb) |
@@ -620,8 +620,8 @@ | ||
620 | 620 | |
621 | 621 | copied = skb->len; |
622 | 622 | if (copied > len) { |
623 | ---- linux-4.10-rc1.orig/net/ipv6/udp.c | |
624 | -+++ linux-4.10-rc1/net/ipv6/udp.c | |
623 | +--- linux-4.10-rc4.orig/net/ipv6/udp.c | |
624 | ++++ linux-4.10-rc4/net/ipv6/udp.c | |
625 | 625 | @@ -347,6 +347,8 @@ try_again: |
626 | 626 | skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err); |
627 | 627 | if (!skb) |
@@ -631,8 +631,8 @@ | ||
631 | 631 | |
632 | 632 | ulen = skb->len; |
633 | 633 | copied = len; |
634 | ---- linux-4.10-rc1.orig/net/socket.c | |
635 | -+++ linux-4.10-rc1/net/socket.c | |
634 | +--- linux-4.10-rc4.orig/net/socket.c | |
635 | ++++ linux-4.10-rc4/net/socket.c | |
636 | 636 | @@ -1512,6 +1512,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
637 | 637 | if (err < 0) |
638 | 638 | goto out_fd; |
@@ -644,8 +644,8 @@ | ||
644 | 644 | if (upeer_sockaddr) { |
645 | 645 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
646 | 646 | &len, 2) < 0) { |
647 | ---- linux-4.10-rc1.orig/net/unix/af_unix.c | |
648 | -+++ linux-4.10-rc1/net/unix/af_unix.c | |
647 | +--- linux-4.10-rc4.orig/net/unix/af_unix.c | |
648 | ++++ linux-4.10-rc4/net/unix/af_unix.c | |
649 | 649 | @@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc |
650 | 650 | POLLOUT | POLLWRNORM | |
651 | 651 | POLLWRBAND); |
@@ -665,8 +665,8 @@ | ||
665 | 665 | mutex_unlock(&u->iolock); |
666 | 666 | out: |
667 | 667 | return err; |
668 | ---- linux-4.10-rc1.orig/security/Kconfig | |
669 | -+++ linux-4.10-rc1/security/Kconfig | |
668 | +--- linux-4.10-rc4.orig/security/Kconfig | |
669 | ++++ linux-4.10-rc4/security/Kconfig | |
670 | 670 | @@ -204,5 +204,7 @@ config DEFAULT_SECURITY |
671 | 671 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
672 | 672 | default "" if DEFAULT_SECURITY_DAC |
@@ -675,8 +675,8 @@ | ||
675 | 675 | + |
676 | 676 | endmenu |
677 | 677 | |
678 | ---- linux-4.10-rc1.orig/security/Makefile | |
679 | -+++ linux-4.10-rc1/security/Makefile | |
678 | +--- linux-4.10-rc4.orig/security/Makefile | |
679 | ++++ linux-4.10-rc4/security/Makefile | |
680 | 680 | @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
681 | 681 | # Object integrity file lists |
682 | 682 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 4.4.39. | |
1 | +This is TOMOYO Linux patch for kernel 4.4.44. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.39.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.44.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 - |
6 | 6 | fs/open.c | 2 + |
@@ -28,9 +28,9 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 150 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.4.39.orig/fs/exec.c | |
32 | -+++ linux-4.4.39/fs/exec.c | |
33 | -@@ -1467,7 +1467,7 @@ static int exec_binprm(struct linux_binp | |
31 | +--- linux-4.4.44.orig/fs/exec.c | |
32 | ++++ linux-4.4.44/fs/exec.c | |
33 | +@@ -1487,7 +1487,7 @@ static int exec_binprm(struct linux_binp | |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
36 | 36 |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.4.39.orig/fs/open.c | |
43 | -+++ linux-4.4.39/fs/open.c | |
42 | +--- linux-4.4.44.orig/fs/open.c | |
43 | ++++ linux-4.4.44/fs/open.c | |
44 | 44 | @@ -1111,6 +1111,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.4.39.orig/fs/proc/version.c | |
54 | -+++ linux-4.4.39/fs/proc/version.c | |
53 | +--- linux-4.4.44.orig/fs/proc/version.c | |
54 | ++++ linux-4.4.44/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.4.39 2016/12/23\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.4.44 2017/01/22\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.4.39.orig/include/linux/init_task.h | |
67 | -+++ linux-4.4.39/include/linux/init_task.h | |
66 | +--- linux-4.4.44.orig/include/linux/init_task.h | |
67 | ++++ linux-4.4.44/include/linux/init_task.h | |
68 | 68 | @@ -183,6 +183,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_KASAN(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.4.39.orig/include/linux/sched.h | |
92 | -+++ linux-4.4.39/include/linux/sched.h | |
91 | +--- linux-4.4.44.orig/include/linux/sched.h | |
92 | ++++ linux-4.4.44/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -99,7 +99,7 @@ | ||
99 | 99 | struct sched_param { |
100 | 100 | int sched_priority; |
101 | 101 | }; |
102 | -@@ -1815,6 +1817,10 @@ struct task_struct { | |
102 | +@@ -1816,6 +1818,10 @@ struct task_struct { | |
103 | 103 | unsigned long task_state_change; |
104 | 104 | #endif |
105 | 105 | int pagefault_disabled; |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.4.39.orig/include/linux/security.h | |
114 | -+++ linux-4.4.39/include/linux/security.h | |
113 | +--- linux-4.4.44.orig/include/linux/security.h | |
114 | ++++ linux-4.4.44/include/linux/security.h | |
115 | 115 | @@ -53,6 +53,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.4.39.orig/include/net/ip.h | |
322 | -+++ linux-4.4.39/include/net/ip.h | |
321 | +--- linux-4.4.44.orig/include/net/ip.h | |
322 | ++++ linux-4.4.44/include/net/ip.h | |
323 | 323 | @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.4.39.orig/kernel/fork.c | |
342 | -+++ linux-4.4.39/kernel/fork.c | |
341 | +--- linux-4.4.44.orig/kernel/fork.c | |
342 | ++++ linux-4.4.44/kernel/fork.c | |
343 | 343 | @@ -258,6 +258,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -348,7 +348,7 @@ | ||
348 | 348 | if (!profile_handoff_task(tsk)) |
349 | 349 | free_task(tsk); |
350 | 350 | } |
351 | -@@ -1449,6 +1450,9 @@ static struct task_struct *copy_process( | |
351 | +@@ -1452,6 +1453,9 @@ static struct task_struct *copy_process( | |
352 | 352 | goto bad_fork_cleanup_perf; |
353 | 353 | /* copy all the process information */ |
354 | 354 | shm_init_task(p); |
@@ -358,7 +358,7 @@ | ||
358 | 358 | retval = copy_semundo(clone_flags, p); |
359 | 359 | if (retval) |
360 | 360 | goto bad_fork_cleanup_audit; |
361 | -@@ -1666,6 +1670,7 @@ bad_fork_cleanup_semundo: | |
361 | +@@ -1669,6 +1673,7 @@ bad_fork_cleanup_semundo: | |
362 | 362 | exit_sem(p); |
363 | 363 | bad_fork_cleanup_audit: |
364 | 364 | audit_free(p); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.4.39.orig/kernel/kexec.c | |
370 | -+++ linux-4.4.39/kernel/kexec.c | |
369 | +--- linux-4.4.44.orig/kernel/kexec.c | |
370 | ++++ linux-4.4.44/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.4.39.orig/kernel/module.c | |
390 | -+++ linux-4.4.39/kernel/module.c | |
389 | +--- linux-4.4.44.orig/kernel/module.c | |
390 | ++++ linux-4.4.44/kernel/module.c | |
391 | 391 | @@ -61,6 +61,7 @@ |
392 | 392 | #include <linux/bsearch.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,9 +414,9 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.4.39.orig/kernel/ptrace.c | |
418 | -+++ linux-4.4.39/kernel/ptrace.c | |
419 | -@@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
417 | +--- linux-4.4.44.orig/kernel/ptrace.c | |
418 | ++++ linux-4.4.44/kernel/ptrace.c | |
419 | +@@ -1073,6 +1073,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
422 | 422 | long ret; |
@@ -428,7 +428,7 @@ | ||
428 | 428 | |
429 | 429 | if (request == PTRACE_TRACEME) { |
430 | 430 | ret = ptrace_traceme(); |
431 | -@@ -1221,6 +1226,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
431 | +@@ -1219,6 +1224,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
432 | 432 | { |
433 | 433 | struct task_struct *child; |
434 | 434 | long ret; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.4.39.orig/kernel/reboot.c | |
444 | -+++ linux-4.4.39/kernel/reboot.c | |
443 | +--- linux-4.4.44.orig/kernel/reboot.c | |
444 | ++++ linux-4.4.44/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.4.39.orig/kernel/sched/core.c | |
463 | -+++ linux-4.4.39/kernel/sched/core.c | |
462 | +--- linux-4.4.44.orig/kernel/sched/core.c | |
463 | ++++ linux-4.4.44/kernel/sched/core.c | |
464 | 464 | @@ -3548,6 +3548,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.4.39.orig/kernel/signal.c | |
474 | -+++ linux-4.4.39/kernel/signal.c | |
473 | +--- linux-4.4.44.orig/kernel/signal.c | |
474 | ++++ linux-4.4.44/kernel/signal.c | |
475 | 475 | @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.4.39.orig/kernel/sys.c | |
521 | -+++ linux-4.4.39/kernel/sys.c | |
520 | +--- linux-4.4.44.orig/kernel/sys.c | |
521 | ++++ linux-4.4.44/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.4.39.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.4.39/kernel/time/ntp.c | |
551 | +--- linux-4.4.44.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.4.44/kernel/time/ntp.c | |
553 | 553 | @@ -16,6 +16,7 @@ |
554 | 554 | #include <linux/mm.h> |
555 | 555 | #include <linux/module.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.4.39.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.4.39/net/ipv4/raw.c | |
586 | +--- linux-4.4.44.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.4.44/net/ipv4/raw.c | |
588 | 588 | @@ -739,6 +739,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.4.39.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.4.39/net/ipv4/udp.c | |
599 | +--- linux-4.4.44.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.4.44/net/ipv4/udp.c | |
601 | 601 | @@ -1286,6 +1286,10 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -609,8 +609,8 @@ | ||
609 | 609 | |
610 | 610 | ulen = skb->len - sizeof(struct udphdr); |
611 | 611 | copied = len; |
612 | ---- linux-4.4.39.orig/net/ipv6/raw.c | |
613 | -+++ linux-4.4.39/net/ipv6/raw.c | |
612 | +--- linux-4.4.44.orig/net/ipv6/raw.c | |
613 | ++++ linux-4.4.44/net/ipv6/raw.c | |
614 | 614 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk |
615 | 615 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
616 | 616 | if (!skb) |
@@ -622,8 +622,8 @@ | ||
622 | 622 | |
623 | 623 | copied = skb->len; |
624 | 624 | if (copied > len) { |
625 | ---- linux-4.4.39.orig/net/ipv6/udp.c | |
626 | -+++ linux-4.4.39/net/ipv6/udp.c | |
625 | +--- linux-4.4.44.orig/net/ipv6/udp.c | |
626 | ++++ linux-4.4.44/net/ipv6/udp.c | |
627 | 627 | @@ -417,6 +417,10 @@ try_again: |
628 | 628 | &peeked, &off, &err); |
629 | 629 | if (!skb) |
@@ -635,8 +635,8 @@ | ||
635 | 635 | |
636 | 636 | ulen = skb->len - sizeof(struct udphdr); |
637 | 637 | copied = len; |
638 | ---- linux-4.4.39.orig/net/socket.c | |
639 | -+++ linux-4.4.39/net/socket.c | |
638 | +--- linux-4.4.44.orig/net/socket.c | |
639 | ++++ linux-4.4.44/net/socket.c | |
640 | 640 | @@ -1476,6 +1476,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
641 | 641 | if (err < 0) |
642 | 642 | goto out_fd; |
@@ -648,8 +648,8 @@ | ||
648 | 648 | if (upeer_sockaddr) { |
649 | 649 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
650 | 650 | &len, 2) < 0) { |
651 | ---- linux-4.4.39.orig/net/unix/af_unix.c | |
652 | -+++ linux-4.4.39/net/unix/af_unix.c | |
651 | +--- linux-4.4.44.orig/net/unix/af_unix.c | |
652 | ++++ linux-4.4.44/net/unix/af_unix.c | |
653 | 653 | @@ -2134,6 +2134,10 @@ static int unix_dgram_recvmsg(struct soc |
654 | 654 | wake_up_interruptible_sync_poll(&u->peer_wait, |
655 | 655 | POLLOUT | POLLWRNORM | POLLWRBAND); |
@@ -661,8 +661,8 @@ | ||
661 | 661 | if (msg->msg_name) |
662 | 662 | unix_copy_addr(msg, skb->sk); |
663 | 663 | |
664 | ---- linux-4.4.39.orig/security/Kconfig | |
665 | -+++ linux-4.4.39/security/Kconfig | |
664 | +--- linux-4.4.44.orig/security/Kconfig | |
665 | ++++ linux-4.4.44/security/Kconfig | |
666 | 666 | @@ -163,5 +163,7 @@ config DEFAULT_SECURITY |
667 | 667 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
668 | 668 | default "" if DEFAULT_SECURITY_DAC |
@@ -671,8 +671,8 @@ | ||
671 | 671 | + |
672 | 672 | endmenu |
673 | 673 | |
674 | ---- linux-4.4.39.orig/security/Makefile | |
675 | -+++ linux-4.4.39/security/Makefile | |
674 | +--- linux-4.4.44.orig/security/Makefile | |
675 | ++++ linux-4.4.44/security/Makefile | |
676 | 676 | @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
677 | 677 | # Object integrity file lists |
678 | 678 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 4.8.15. | |
1 | +This is TOMOYO Linux patch for kernel 4.8.17. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.15.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.17.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 - |
6 | 6 | fs/open.c | 2 + |
@@ -28,9 +28,9 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 147 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.8.15.orig/fs/exec.c | |
32 | -+++ linux-4.8.15/fs/exec.c | |
33 | -@@ -1616,7 +1616,7 @@ static int exec_binprm(struct linux_binp | |
31 | +--- linux-4.8.17.orig/fs/exec.c | |
32 | ++++ linux-4.8.17/fs/exec.c | |
33 | +@@ -1635,7 +1635,7 @@ static int exec_binprm(struct linux_binp | |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
36 | 36 |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.8.15.orig/fs/open.c | |
43 | -+++ linux-4.8.15/fs/open.c | |
42 | +--- linux-4.8.17.orig/fs/open.c | |
43 | ++++ linux-4.8.17/fs/open.c | |
44 | 44 | @@ -1128,6 +1128,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.8.15.orig/fs/proc/version.c | |
54 | -+++ linux-4.8.15/fs/proc/version.c | |
53 | +--- linux-4.8.17.orig/fs/proc/version.c | |
54 | ++++ linux-4.8.17/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.8.15 2016/12/23\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.8.17 2017/01/09\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.8.15.orig/include/linux/init_task.h | |
67 | -+++ linux-4.8.15/include/linux/init_task.h | |
66 | +--- linux-4.8.17.orig/include/linux/init_task.h | |
67 | ++++ linux-4.8.17/include/linux/init_task.h | |
68 | 68 | @@ -183,6 +183,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_KASAN(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.8.15.orig/include/linux/sched.h | |
92 | -+++ linux-4.8.15/include/linux/sched.h | |
91 | +--- linux-4.8.17.orig/include/linux/sched.h | |
92 | ++++ linux-4.8.17/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -99,7 +99,7 @@ | ||
99 | 99 | struct sched_param { |
100 | 100 | int sched_priority; |
101 | 101 | }; |
102 | -@@ -1923,6 +1925,10 @@ struct task_struct { | |
102 | +@@ -1924,6 +1926,10 @@ struct task_struct { | |
103 | 103 | #ifdef CONFIG_MMU |
104 | 104 | struct task_struct *oom_reaper_list; |
105 | 105 | #endif |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.8.15.orig/include/linux/security.h | |
114 | -+++ linux-4.8.15/include/linux/security.h | |
113 | +--- linux-4.8.17.orig/include/linux/security.h | |
114 | ++++ linux-4.8.17/include/linux/security.h | |
115 | 115 | @@ -55,6 +55,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.8.15.orig/include/net/ip.h | |
322 | -+++ linux-4.8.15/include/net/ip.h | |
321 | +--- linux-4.8.17.orig/include/net/ip.h | |
322 | ++++ linux-4.8.17/include/net/ip.h | |
323 | 323 | @@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.8.15.orig/kernel/fork.c | |
342 | -+++ linux-4.8.15/kernel/fork.c | |
341 | +--- linux-4.8.17.orig/kernel/fork.c | |
342 | ++++ linux-4.8.17/kernel/fork.c | |
343 | 343 | @@ -265,6 +265,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -348,7 +348,7 @@ | ||
348 | 348 | if (!profile_handoff_task(tsk)) |
349 | 349 | free_task(tsk); |
350 | 350 | } |
351 | -@@ -1484,6 +1485,9 @@ static struct task_struct *copy_process( | |
351 | +@@ -1487,6 +1488,9 @@ static struct task_struct *copy_process( | |
352 | 352 | goto bad_fork_cleanup_perf; |
353 | 353 | /* copy all the process information */ |
354 | 354 | shm_init_task(p); |
@@ -358,7 +358,7 @@ | ||
358 | 358 | retval = copy_semundo(clone_flags, p); |
359 | 359 | if (retval) |
360 | 360 | goto bad_fork_cleanup_audit; |
361 | -@@ -1703,6 +1707,7 @@ bad_fork_cleanup_semundo: | |
361 | +@@ -1706,6 +1710,7 @@ bad_fork_cleanup_semundo: | |
362 | 362 | exit_sem(p); |
363 | 363 | bad_fork_cleanup_audit: |
364 | 364 | audit_free(p); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.8.15.orig/kernel/kexec.c | |
370 | -+++ linux-4.8.15/kernel/kexec.c | |
369 | +--- linux-4.8.17.orig/kernel/kexec.c | |
370 | ++++ linux-4.8.17/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.8.15.orig/kernel/module.c | |
390 | -+++ linux-4.8.15/kernel/module.c | |
389 | +--- linux-4.8.17.orig/kernel/module.c | |
390 | ++++ linux-4.8.17/kernel/module.c | |
391 | 391 | @@ -63,6 +63,7 @@ |
392 | 392 | #include <linux/dynamic_debug.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,9 +414,9 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.8.15.orig/kernel/ptrace.c | |
418 | -+++ linux-4.8.15/kernel/ptrace.c | |
419 | -@@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
417 | +--- linux-4.8.17.orig/kernel/ptrace.c | |
418 | ++++ linux-4.8.17/kernel/ptrace.c | |
419 | +@@ -1078,6 +1078,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
422 | 422 | long ret; |
@@ -428,7 +428,7 @@ | ||
428 | 428 | |
429 | 429 | if (request == PTRACE_TRACEME) { |
430 | 430 | ret = ptrace_traceme(); |
431 | -@@ -1226,6 +1231,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
431 | +@@ -1224,6 +1229,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
432 | 432 | { |
433 | 433 | struct task_struct *child; |
434 | 434 | long ret; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.8.15.orig/kernel/reboot.c | |
444 | -+++ linux-4.8.15/kernel/reboot.c | |
443 | +--- linux-4.8.17.orig/kernel/reboot.c | |
444 | ++++ linux-4.8.17/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.8.15.orig/kernel/sched/core.c | |
463 | -+++ linux-4.8.15/kernel/sched/core.c | |
462 | +--- linux-4.8.17.orig/kernel/sched/core.c | |
463 | ++++ linux-4.8.17/kernel/sched/core.c | |
464 | 464 | @@ -3775,6 +3775,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.8.15.orig/kernel/signal.c | |
474 | -+++ linux-4.8.15/kernel/signal.c | |
473 | +--- linux-4.8.17.orig/kernel/signal.c | |
474 | ++++ linux-4.8.17/kernel/signal.c | |
475 | 475 | @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.8.15.orig/kernel/sys.c | |
521 | -+++ linux-4.8.15/kernel/sys.c | |
520 | +--- linux-4.8.17.orig/kernel/sys.c | |
521 | ++++ linux-4.8.17/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.8.15.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.8.15/kernel/time/ntp.c | |
551 | +--- linux-4.8.17.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.8.17/kernel/time/ntp.c | |
553 | 553 | @@ -17,6 +17,7 @@ |
554 | 554 | #include <linux/module.h> |
555 | 555 | #include <linux/rtc.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.8.15.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.8.15/net/ipv4/raw.c | |
586 | +--- linux-4.8.17.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.8.17/net/ipv4/raw.c | |
588 | 588 | @@ -742,6 +742,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.8.15.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.8.15/net/ipv4/udp.c | |
599 | +--- linux-4.8.17.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.8.17/net/ipv4/udp.c | |
601 | 601 | @@ -1272,6 +1272,8 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len; |
609 | 609 | copied = len; |
610 | ---- linux-4.8.15.orig/net/ipv6/raw.c | |
611 | -+++ linux-4.8.15/net/ipv6/raw.c | |
610 | +--- linux-4.8.17.orig/net/ipv6/raw.c | |
611 | ++++ linux-4.8.17/net/ipv6/raw.c | |
612 | 612 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk |
613 | 613 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
614 | 614 | if (!skb) |
@@ -620,8 +620,8 @@ | ||
620 | 620 | |
621 | 621 | copied = skb->len; |
622 | 622 | if (copied > len) { |
623 | ---- linux-4.8.15.orig/net/ipv6/udp.c | |
624 | -+++ linux-4.8.15/net/ipv6/udp.c | |
623 | +--- linux-4.8.17.orig/net/ipv6/udp.c | |
624 | ++++ linux-4.8.17/net/ipv6/udp.c | |
625 | 625 | @@ -348,6 +348,8 @@ try_again: |
626 | 626 | &peeked, &off, &err); |
627 | 627 | if (!skb) |
@@ -631,8 +631,8 @@ | ||
631 | 631 | |
632 | 632 | ulen = skb->len; |
633 | 633 | copied = len; |
634 | ---- linux-4.8.15.orig/net/socket.c | |
635 | -+++ linux-4.8.15/net/socket.c | |
634 | +--- linux-4.8.17.orig/net/socket.c | |
635 | ++++ linux-4.8.17/net/socket.c | |
636 | 636 | @@ -1469,6 +1469,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
637 | 637 | if (err < 0) |
638 | 638 | goto out_fd; |
@@ -644,8 +644,8 @@ | ||
644 | 644 | if (upeer_sockaddr) { |
645 | 645 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
646 | 646 | &len, 2) < 0) { |
647 | ---- linux-4.8.15.orig/net/unix/af_unix.c | |
648 | -+++ linux-4.8.15/net/unix/af_unix.c | |
647 | +--- linux-4.8.17.orig/net/unix/af_unix.c | |
648 | ++++ linux-4.8.17/net/unix/af_unix.c | |
649 | 649 | @@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc |
650 | 650 | POLLOUT | POLLWRNORM | |
651 | 651 | POLLWRBAND); |
@@ -665,8 +665,8 @@ | ||
665 | 665 | mutex_unlock(&u->iolock); |
666 | 666 | out: |
667 | 667 | return err; |
668 | ---- linux-4.8.15.orig/security/Kconfig | |
669 | -+++ linux-4.8.15/security/Kconfig | |
668 | +--- linux-4.8.17.orig/security/Kconfig | |
669 | ++++ linux-4.8.17/security/Kconfig | |
670 | 670 | @@ -204,5 +204,7 @@ config DEFAULT_SECURITY |
671 | 671 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
672 | 672 | default "" if DEFAULT_SECURITY_DAC |
@@ -675,8 +675,8 @@ | ||
675 | 675 | + |
676 | 676 | endmenu |
677 | 677 | |
678 | ---- linux-4.8.15.orig/security/Makefile | |
679 | -+++ linux-4.8.15/security/Makefile | |
678 | +--- linux-4.8.17.orig/security/Makefile | |
679 | ++++ linux-4.8.17/security/Makefile | |
680 | 680 | @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
681 | 681 | # Object integrity file lists |
682 | 682 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -1,6 +1,6 @@ | ||
1 | -This is TOMOYO Linux patch for kernel 4.9. | |
1 | +This is TOMOYO Linux patch for kernel 4.9.5. | |
2 | 2 | |
3 | -Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.xz | |
3 | +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz | |
4 | 4 | --- |
5 | 5 | fs/exec.c | 2 - |
6 | 6 | fs/open.c | 2 + |
@@ -28,9 +28,9 @@ | ||
28 | 28 | security/Makefile | 3 ++ |
29 | 29 | 24 files changed, 147 insertions(+), 26 deletions(-) |
30 | 30 | |
31 | ---- linux-4.9.orig/fs/exec.c | |
32 | -+++ linux-4.9/fs/exec.c | |
33 | -@@ -1621,7 +1621,7 @@ static int exec_binprm(struct linux_binp | |
31 | +--- linux-4.9.5.orig/fs/exec.c | |
32 | ++++ linux-4.9.5/fs/exec.c | |
33 | +@@ -1640,7 +1640,7 @@ static int exec_binprm(struct linux_binp | |
34 | 34 | old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); |
35 | 35 | rcu_read_unlock(); |
36 | 36 |
@@ -39,8 +39,8 @@ | ||
39 | 39 | if (ret >= 0) { |
40 | 40 | audit_bprm(bprm); |
41 | 41 | trace_sched_process_exec(current, old_pid, bprm); |
42 | ---- linux-4.9.orig/fs/open.c | |
43 | -+++ linux-4.9/fs/open.c | |
42 | +--- linux-4.9.5.orig/fs/open.c | |
43 | ++++ linux-4.9.5/fs/open.c | |
44 | 44 | @@ -1145,6 +1145,8 @@ EXPORT_SYMBOL(sys_close); |
45 | 45 | */ |
46 | 46 | SYSCALL_DEFINE0(vhangup) |
@@ -50,8 +50,8 @@ | ||
50 | 50 | if (capable(CAP_SYS_TTY_CONFIG)) { |
51 | 51 | tty_vhangup_self(); |
52 | 52 | return 0; |
53 | ---- linux-4.9.orig/fs/proc/version.c | |
54 | -+++ linux-4.9/fs/proc/version.c | |
53 | +--- linux-4.9.5.orig/fs/proc/version.c | |
54 | ++++ linux-4.9.5/fs/proc/version.c | |
55 | 55 | @@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 | 56 | return 0; |
57 | 57 | } |
@@ -59,12 +59,12 @@ | ||
59 | 59 | + |
60 | 60 | +static int __init ccs_show_version(void) |
61 | 61 | +{ |
62 | -+ printk(KERN_INFO "Hook version: 4.9 2016/12/12\n"); | |
62 | ++ printk(KERN_INFO "Hook version: 4.9.5 2017/01/22\n"); | |
63 | 63 | + return 0; |
64 | 64 | +} |
65 | 65 | +fs_initcall(ccs_show_version); |
66 | ---- linux-4.9.orig/include/linux/init_task.h | |
67 | -+++ linux-4.9/include/linux/init_task.h | |
66 | +--- linux-4.9.5.orig/include/linux/init_task.h | |
67 | ++++ linux-4.9.5/include/linux/init_task.h | |
68 | 68 | @@ -193,6 +193,14 @@ extern struct task_group root_task_group |
69 | 69 | # define INIT_TASK_TI(tsk) |
70 | 70 | #endif |
@@ -88,8 +88,8 @@ | ||
88 | 88 | } |
89 | 89 | |
90 | 90 | |
91 | ---- linux-4.9.orig/include/linux/sched.h | |
92 | -+++ linux-4.9/include/linux/sched.h | |
91 | +--- linux-4.9.5.orig/include/linux/sched.h | |
92 | ++++ linux-4.9.5/include/linux/sched.h | |
93 | 93 | @@ -6,6 +6,8 @@ |
94 | 94 | #include <linux/sched/prio.h> |
95 | 95 |
@@ -99,7 +99,7 @@ | ||
99 | 99 | struct sched_param { |
100 | 100 | int sched_priority; |
101 | 101 | }; |
102 | -@@ -1955,6 +1957,10 @@ struct task_struct { | |
102 | +@@ -1956,6 +1958,10 @@ struct task_struct { | |
103 | 103 | /* A live task holds one reference. */ |
104 | 104 | atomic_t stack_refcount; |
105 | 105 | #endif |
@@ -110,8 +110,8 @@ | ||
110 | 110 | /* CPU-specific state of this task */ |
111 | 111 | struct thread_struct thread; |
112 | 112 | /* |
113 | ---- linux-4.9.orig/include/linux/security.h | |
114 | -+++ linux-4.9/include/linux/security.h | |
113 | +--- linux-4.9.5.orig/include/linux/security.h | |
114 | ++++ linux-4.9.5/include/linux/security.h | |
115 | 115 | @@ -55,6 +55,7 @@ struct msg_queue; |
116 | 116 | struct xattr; |
117 | 117 | struct xfrm_sec_ctx; |
@@ -318,8 +318,8 @@ | ||
318 | 318 | } |
319 | 319 | #endif /* CONFIG_SECURITY_PATH */ |
320 | 320 | |
321 | ---- linux-4.9.orig/include/net/ip.h | |
322 | -+++ linux-4.9/include/net/ip.h | |
321 | +--- linux-4.9.5.orig/include/net/ip.h | |
322 | ++++ linux-4.9.5/include/net/ip.h | |
323 | 323 | @@ -252,6 +252,8 @@ void inet_get_local_port_range(struct ne |
324 | 324 | #ifdef CONFIG_SYSCTL |
325 | 325 | static inline int inet_is_local_reserved_port(struct net *net, int port) |
@@ -338,8 +338,8 @@ | ||
338 | 338 | return 0; |
339 | 339 | } |
340 | 340 | #endif |
341 | ---- linux-4.9.orig/kernel/fork.c | |
342 | -+++ linux-4.9/kernel/fork.c | |
341 | +--- linux-4.9.5.orig/kernel/fork.c | |
342 | ++++ linux-4.9.5/kernel/fork.c | |
343 | 343 | @@ -390,6 +390,7 @@ void __put_task_struct(struct task_struc |
344 | 344 | delayacct_tsk_free(tsk); |
345 | 345 | put_signal_struct(tsk->signal); |
@@ -348,7 +348,7 @@ | ||
348 | 348 | if (!profile_handoff_task(tsk)) |
349 | 349 | free_task(tsk); |
350 | 350 | } |
351 | -@@ -1634,6 +1635,9 @@ static __latent_entropy struct task_stru | |
351 | +@@ -1637,6 +1638,9 @@ static __latent_entropy struct task_stru | |
352 | 352 | goto bad_fork_cleanup_perf; |
353 | 353 | /* copy all the process information */ |
354 | 354 | shm_init_task(p); |
@@ -358,7 +358,7 @@ | ||
358 | 358 | retval = copy_semundo(clone_flags, p); |
359 | 359 | if (retval) |
360 | 360 | goto bad_fork_cleanup_audit; |
361 | -@@ -1853,6 +1857,7 @@ bad_fork_cleanup_semundo: | |
361 | +@@ -1856,6 +1860,7 @@ bad_fork_cleanup_semundo: | |
362 | 362 | exit_sem(p); |
363 | 363 | bad_fork_cleanup_audit: |
364 | 364 | audit_free(p); |
@@ -366,8 +366,8 @@ | ||
366 | 366 | bad_fork_cleanup_perf: |
367 | 367 | perf_event_free_task(p); |
368 | 368 | bad_fork_cleanup_policy: |
369 | ---- linux-4.9.orig/kernel/kexec.c | |
370 | -+++ linux-4.9/kernel/kexec.c | |
369 | +--- linux-4.9.5.orig/kernel/kexec.c | |
370 | ++++ linux-4.9.5/kernel/kexec.c | |
371 | 371 | @@ -17,7 +17,7 @@ |
372 | 372 | #include <linux/syscalls.h> |
373 | 373 | #include <linux/vmalloc.h> |
@@ -386,8 +386,8 @@ | ||
386 | 386 | |
387 | 387 | /* |
388 | 388 | * Verify we have a legal set of flags |
389 | ---- linux-4.9.orig/kernel/module.c | |
390 | -+++ linux-4.9/kernel/module.c | |
389 | +--- linux-4.9.5.orig/kernel/module.c | |
390 | ++++ linux-4.9.5/kernel/module.c | |
391 | 391 | @@ -63,6 +63,7 @@ |
392 | 392 | #include <linux/dynamic_debug.h> |
393 | 393 | #include <uapi/linux/module.h> |
@@ -414,9 +414,9 @@ | ||
414 | 414 | |
415 | 415 | return 0; |
416 | 416 | } |
417 | ---- linux-4.9.orig/kernel/ptrace.c | |
418 | -+++ linux-4.9/kernel/ptrace.c | |
419 | -@@ -1082,6 +1082,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
417 | +--- linux-4.9.5.orig/kernel/ptrace.c | |
418 | ++++ linux-4.9.5/kernel/ptrace.c | |
419 | +@@ -1110,6 +1110,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l | |
420 | 420 | { |
421 | 421 | struct task_struct *child; |
422 | 422 | long ret; |
@@ -428,7 +428,7 @@ | ||
428 | 428 | |
429 | 429 | if (request == PTRACE_TRACEME) { |
430 | 430 | ret = ptrace_traceme(); |
431 | -@@ -1231,6 +1236,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
431 | +@@ -1259,6 +1264,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo | |
432 | 432 | { |
433 | 433 | struct task_struct *child; |
434 | 434 | long ret; |
@@ -440,8 +440,8 @@ | ||
440 | 440 | |
441 | 441 | if (request == PTRACE_TRACEME) { |
442 | 442 | ret = ptrace_traceme(); |
443 | ---- linux-4.9.orig/kernel/reboot.c | |
444 | -+++ linux-4.9/kernel/reboot.c | |
443 | +--- linux-4.9.5.orig/kernel/reboot.c | |
444 | ++++ linux-4.9.5/kernel/reboot.c | |
445 | 445 | @@ -16,6 +16,7 @@ |
446 | 446 | #include <linux/syscalls.h> |
447 | 447 | #include <linux/syscore_ops.h> |
@@ -459,8 +459,8 @@ | ||
459 | 459 | |
460 | 460 | /* |
461 | 461 | * If pid namespaces are enabled and the current task is in a child |
462 | ---- linux-4.9.orig/kernel/sched/core.c | |
463 | -+++ linux-4.9/kernel/sched/core.c | |
462 | +--- linux-4.9.5.orig/kernel/sched/core.c | |
463 | ++++ linux-4.9.5/kernel/sched/core.c | |
464 | 464 | @@ -3811,6 +3811,8 @@ int can_nice(const struct task_struct *p |
465 | 465 | SYSCALL_DEFINE1(nice, int, increment) |
466 | 466 | { |
@@ -470,8 +470,8 @@ | ||
470 | 470 | |
471 | 471 | /* |
472 | 472 | * Setpriority might change our priority at the same moment. |
473 | ---- linux-4.9.orig/kernel/signal.c | |
474 | -+++ linux-4.9/kernel/signal.c | |
473 | +--- linux-4.9.5.orig/kernel/signal.c | |
474 | ++++ linux-4.9.5/kernel/signal.c | |
475 | 475 | @@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
476 | 476 | SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
477 | 477 | { |
@@ -517,8 +517,8 @@ | ||
517 | 517 | |
518 | 518 | return do_send_specific(tgid, pid, sig, info); |
519 | 519 | } |
520 | ---- linux-4.9.orig/kernel/sys.c | |
521 | -+++ linux-4.9/kernel/sys.c | |
520 | +--- linux-4.9.5.orig/kernel/sys.c | |
521 | ++++ linux-4.9.5/kernel/sys.c | |
522 | 522 | @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
523 | 523 | |
524 | 524 | if (which > PRIO_USER || which < PRIO_PROCESS) |
@@ -548,8 +548,8 @@ | ||
548 | 548 | |
549 | 549 | down_write(&uts_sem); |
550 | 550 | errno = -EFAULT; |
551 | ---- linux-4.9.orig/kernel/time/ntp.c | |
552 | -+++ linux-4.9/kernel/time/ntp.c | |
551 | +--- linux-4.9.5.orig/kernel/time/ntp.c | |
552 | ++++ linux-4.9.5/kernel/time/ntp.c | |
553 | 553 | @@ -17,6 +17,7 @@ |
554 | 554 | #include <linux/module.h> |
555 | 555 | #include <linux/rtc.h> |
@@ -583,8 +583,8 @@ | ||
583 | 583 | |
584 | 584 | if (txc->modes & ADJ_NANO) { |
585 | 585 | struct timespec ts; |
586 | ---- linux-4.9.orig/net/ipv4/raw.c | |
587 | -+++ linux-4.9/net/ipv4/raw.c | |
586 | +--- linux-4.9.5.orig/net/ipv4/raw.c | |
587 | ++++ linux-4.9.5/net/ipv4/raw.c | |
588 | 588 | @@ -736,6 +736,10 @@ static int raw_recvmsg(struct sock *sk, |
589 | 589 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
590 | 590 | if (!skb) |
@@ -596,8 +596,8 @@ | ||
596 | 596 | |
597 | 597 | copied = skb->len; |
598 | 598 | if (len < copied) { |
599 | ---- linux-4.9.orig/net/ipv4/udp.c | |
600 | -+++ linux-4.9/net/ipv4/udp.c | |
599 | +--- linux-4.9.5.orig/net/ipv4/udp.c | |
600 | ++++ linux-4.9.5/net/ipv4/udp.c | |
601 | 601 | @@ -1267,6 +1267,8 @@ try_again: |
602 | 602 | &peeked, &off, &err); |
603 | 603 | if (!skb) |
@@ -607,8 +607,8 @@ | ||
607 | 607 | |
608 | 608 | ulen = skb->len; |
609 | 609 | copied = len; |
610 | ---- linux-4.9.orig/net/ipv6/raw.c | |
611 | -+++ linux-4.9/net/ipv6/raw.c | |
610 | +--- linux-4.9.5.orig/net/ipv6/raw.c | |
611 | ++++ linux-4.9.5/net/ipv6/raw.c | |
612 | 612 | @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk |
613 | 613 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
614 | 614 | if (!skb) |
@@ -620,8 +620,8 @@ | ||
620 | 620 | |
621 | 621 | copied = skb->len; |
622 | 622 | if (copied > len) { |
623 | ---- linux-4.9.orig/net/ipv6/udp.c | |
624 | -+++ linux-4.9/net/ipv6/udp.c | |
623 | +--- linux-4.9.5.orig/net/ipv6/udp.c | |
624 | ++++ linux-4.9.5/net/ipv6/udp.c | |
625 | 625 | @@ -348,6 +348,8 @@ try_again: |
626 | 626 | &peeked, &off, &err); |
627 | 627 | if (!skb) |
@@ -631,8 +631,8 @@ | ||
631 | 631 | |
632 | 632 | ulen = skb->len; |
633 | 633 | copied = len; |
634 | ---- linux-4.9.orig/net/socket.c | |
635 | -+++ linux-4.9/net/socket.c | |
634 | +--- linux-4.9.5.orig/net/socket.c | |
635 | ++++ linux-4.9.5/net/socket.c | |
636 | 636 | @@ -1481,6 +1481,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
637 | 637 | if (err < 0) |
638 | 638 | goto out_fd; |
@@ -644,8 +644,8 @@ | ||
644 | 644 | if (upeer_sockaddr) { |
645 | 645 | if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
646 | 646 | &len, 2) < 0) { |
647 | ---- linux-4.9.orig/net/unix/af_unix.c | |
648 | -+++ linux-4.9/net/unix/af_unix.c | |
647 | +--- linux-4.9.5.orig/net/unix/af_unix.c | |
648 | ++++ linux-4.9.5/net/unix/af_unix.c | |
649 | 649 | @@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc |
650 | 650 | POLLOUT | POLLWRNORM | |
651 | 651 | POLLWRBAND); |
@@ -665,8 +665,8 @@ | ||
665 | 665 | mutex_unlock(&u->iolock); |
666 | 666 | out: |
667 | 667 | return err; |
668 | ---- linux-4.9.orig/security/Kconfig | |
669 | -+++ linux-4.9/security/Kconfig | |
668 | +--- linux-4.9.5.orig/security/Kconfig | |
669 | ++++ linux-4.9.5/security/Kconfig | |
670 | 670 | @@ -204,5 +204,7 @@ config DEFAULT_SECURITY |
671 | 671 | default "apparmor" if DEFAULT_SECURITY_APPARMOR |
672 | 672 | default "" if DEFAULT_SECURITY_DAC |
@@ -675,8 +675,8 @@ | ||
675 | 675 | + |
676 | 676 | endmenu |
677 | 677 | |
678 | ---- linux-4.9.orig/security/Makefile | |
679 | -+++ linux-4.9/security/Makefile | |
678 | +--- linux-4.9.5.orig/security/Makefile | |
679 | ++++ linux-4.9.5/security/Makefile | |
680 | 680 | @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
681 | 681 | # Object integrity file lists |
682 | 682 | subdir-$(CONFIG_INTEGRITY) += integrity |
@@ -10,12 +10,12 @@ | ||
10 | 10 | |
11 | 11 | cd /tmp/ || die "Can't chdir to /tmp/ ." |
12 | 12 | |
13 | -if [ ! -r kernel-2.6.32-642.11.1.el6.src.rpm ] | |
13 | +if [ ! -r kernel-2.6.32-642.13.1.el6.src.rpm ] | |
14 | 14 | then |
15 | - wget http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.11.1.el6.src.rpm || die "Can't download source package." | |
15 | + wget http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.13.1.el6.src.rpm || die "Can't download source package." | |
16 | 16 | fi |
17 | -LANG=C rpm --checksig kernel-2.6.32-642.11.1.el6.src.rpm | grep -F ': rsa sha1 (md5) pgp md5 OK' || die "Can't verify signature." | |
18 | -rpm -ivh kernel-2.6.32-642.11.1.el6.src.rpm || die "Can't install source package." | |
17 | +LANG=C rpm --checksig kernel-2.6.32-642.13.1.el6.src.rpm | grep -F ': rsa sha1 (md5) pgp md5 OK' || die "Can't verify signature." | |
18 | +rpm -ivh kernel-2.6.32-642.13.1.el6.src.rpm || die "Can't install source package." | |
19 | 19 | |
20 | 20 | cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ." |
21 | 21 | if [ ! -r caitsith-patch-0.2-20161229.tar.gz ] |
@@ -35,7 +35,7 @@ | ||
35 | 35 | -# % define buildid .local |
36 | 36 | +%define buildid _caitsith_0.2 |
37 | 37 | |
38 | - %define distro_build 642.11.1 | |
38 | + %define distro_build 642.13.1 | |
39 | 39 | %define signmodules 1 |
40 | 40 | @@ -437,7 +437,7 @@ |
41 | 41 | # Packages that need to be installed before the kernel is, because the %post |
@@ -10,12 +10,12 @@ | ||
10 | 10 | |
11 | 11 | cd /tmp/ || die "Can't chdir to /tmp/ ." |
12 | 12 | |
13 | -if [ ! -r kernel-3.10.0-514.2.2.el7.src.rpm ] | |
13 | +if [ ! -r kernel-3.10.0-514.6.1.el7.src.rpm ] | |
14 | 14 | then |
15 | - wget http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.2.2.el7.src.rpm || die "Can't download source package." | |
15 | + wget http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.6.1.el7.src.rpm || die "Can't download source package." | |
16 | 16 | fi |
17 | -LANG=C rpm --checksig kernel-3.10.0-514.2.2.el7.src.rpm | grep -F ': rsa sha1 (md5) pgp md5 OK' || die "Can't verify signature." | |
18 | -rpm -ivh kernel-3.10.0-514.2.2.el7.src.rpm || die "Can't install source package." | |
17 | +LANG=C rpm --checksig kernel-3.10.0-514.6.1.el7.src.rpm | grep -F ': rsa sha1 (md5) pgp md5 OK' || die "Can't verify signature." | |
18 | +rpm -ivh kernel-3.10.0-514.6.1.el7.src.rpm || die "Can't install source package." | |
19 | 19 | |
20 | 20 | cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ." |
21 | 21 | if [ ! -r caitsith-patch-0.2-20161229.tar.gz ] |
@@ -28,9 +28,9 @@ | ||
28 | 28 | patch << "EOF" || die "Can't patch spec file." |
29 | 29 | --- cs-kernel.spec |
30 | 30 | +++ cs-kernel.spec |
31 | -@@ -3,7 +3,7 @@ | |
31 | +@@ -5,7 +5,7 @@ | |
32 | 32 | |
33 | - Summary: The Linux kernel | |
33 | + %define dist .el7 | |
34 | 34 | |
35 | 35 | -# % define buildid .local |
36 | 36 | +%define buildid _caitsith_0.2 |
@@ -37,7 +37,7 @@ | ||
37 | 37 | |
38 | 38 | # For a kernel released for public testing, released_kernel should be 1. |
39 | 39 | # For internal testing builds during development, it should be 0. |
40 | -@@ -277,7 +277,7 @@ | |
40 | +@@ -283,7 +283,7 @@ | |
41 | 41 | AutoProv: yes\ |
42 | 42 | %{nil} |
43 | 43 |
@@ -46,7 +46,7 @@ | ||
46 | 46 | Group: System Environment/Kernel |
47 | 47 | License: GPLv2 |
48 | 48 | URL: http://www.kernel.org/ |
49 | -@@ -574,13 +574,13 @@ | |
49 | +@@ -580,13 +580,13 @@ | |
50 | 50 | %package %{?1:%{1}-}devel\ |
51 | 51 | Summary: Development package for building kernel modules to match the %{?2:%{2} }kernel\ |
52 | 52 | Group: System Environment/Kernel\ |
@@ -64,7 +64,7 @@ | ||
64 | 64 | This package provides kernel headers and makefiles sufficient to build modules\ |
65 | 65 | against the %{?2:%{2} }kernel package.\ |
66 | 66 | %{nil} |
67 | -@@ -692,6 +692,10 @@ | |
67 | +@@ -698,6 +698,10 @@ | |
68 | 68 | ApplyOptionalPatch debrand-rh_taint.patch |
69 | 69 | ApplyOptionalPatch debrand-rh-i686-cpu.patch |
70 | 70 |
@@ -75,7 +75,7 @@ | ||
75 | 75 | # Any further pre-build tree manipulations happen here. |
76 | 76 | |
77 | 77 | chmod +x scripts/checkpatch.pl |
78 | -@@ -730,6 +734,17 @@ | |
78 | +@@ -736,6 +740,17 @@ | |
79 | 79 | for i in *.config |
80 | 80 | do |
81 | 81 | mv $i .config |