OSDN > Find Software > System > Operating System Kernels > Linux > CaitSith > SCM > SVN > Commit

CaitSith

R/O
SSH
HTTPS

caitsith: Commit

Commit MetaInfo

Revision	227 (tree)
Time	2017-01-22 12:08:56
Author	kumaneko

Log Message

(empty log message)

Change Summary

modified: tags/htdocs/index.html (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.13-ubuntu-14.04.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.18.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.2-debian-wheezy.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-3.2-ubuntu-12.04.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-4.1.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-4.10.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-4.4.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-4.8.diff (diff)
modified: trunk/caitsith-patch/patches/ccs-patch-4.9.diff (diff)
modified: trunk/caitsith-patch/specs/build-c6-2.6.32.sh (diff)
modified: trunk/caitsith-patch/specs/build-c7-3.10.sh (diff)

Incremental Difference

--- tags/htdocs/index.html (revision 226)

+++ tags/htdocs/index.html (revision 227)

		@@ -398,8 +398,36 @@
398	398	ffffffff811c8f10 T d_absolute_path
399	399	</pre>
400	400
401		-<p>Please proceed if these addresses are correct. Otherwise, please contact the author since CaitSith module will not work even if you continue.</p>
	401	+<p>Please proceed if these addresses are correct.</p>
402	402
	403	+<p>You might find some gap between guessed addresses from caitsith_test.ko and actual addresses from System.map file (like some examples shown below) if your kernel configuration uses CONFIG_RANDOMIZE_BASE=y. In this case, although guessed addresses will randomly change for every reboot, please proceed as long as the gap between guessed address and actual address is same for all guessed symbols. Otherwise, please contact the author since CaitSith module will not work even if you continue.</p>
	404	+
	405	+<ul>
	406	+<li>Actual addresses from System.map file<br>
	407	+<pre class="command">
	408	+# for i in security_hook_heads find_task_by_vpid find_task_by_pid_ns d_absolute_path; do grep $i /boot/System.map-${VERSION}; done
	409	+</pre>
	410	+<pre class="output">ffffffff81cdac40 D security_hook_heads
	411	+ffffffff810b50a0 T find_task_by_vpid
	412	+ffffffff810b5030 T find_task_by_pid_ns
	413	+ffffffff812789f0 T d_absolute_path</pre></li>
	414	+<li>Guessed addresses from one reboot. (Gap for this boot is 0x21000000)<br>
	415	+<pre class="output">security_hook_heads=ffffffffa2cdac40
	416	+find_task_by_vpid=ffffffffa20b50a0
	417	+find_task_by_pid_ns=ffffffffa20b5030
	418	+d_absolute_path=ffffffffa22789f0</pre></li>
	419	+<li>Guessed addresses from another reboot. (Gap for this boot is 0x9000000)<br>
	420	+<pre class="output">security_hook_heads=ffffffff8acdac40
	421	+find_task_by_vpid=ffffffff8a0b50a0
	422	+find_task_by_pid_ns=ffffffff8a0b5030
	423	+d_absolute_path=ffffffff8a2789f0</pre></li>
	424	+<li>Guessed addresses from yet another reboot. (Gap for this boot is 0x2f000000)<br>
	425	+<pre class="output">security_hook_heads=ffffffffb0cdac40
	426	+find_task_by_vpid=ffffffffb00b50a0
	427	+find_task_by_pid_ns=ffffffffb00b5030
	428	+d_absolute_path=ffffffffb02789f0</pre></li>
	429	+</ul>
	430	+
403	431	<p>If caitsith_test.ko was not loaded successfully, error messages like below are printed. In this case, please contact the author since CaitSith module will not work even if you continue:</p>
404	432
405	433	<pre class="command">

--- trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.diff (revision 227)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for CentOS 6.
2	2
3		-Source code for this patch is http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.11.1.el6.src.rpm
	3	+Source code for this patch is http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.13.1.el6.src.rpm
4	4	---
5	5	fs/compat.c \| 2 +-
6	6	fs/compat_ioctl.c \| 3 +++

		@@ -37,8 +37,8 @@
37	37	security/Makefile \| 3 +++
38	38	33 files changed, 201 insertions(+), 2 deletions(-)
39	39
40		---- linux-2.6.32-642.11.1.el6.orig/fs/compat.c
41		-+++ linux-2.6.32-642.11.1.el6/fs/compat.c
	40	+--- linux-2.6.32-642.13.1.el6.orig/fs/compat.c
	41	++++ linux-2.6.32-642.13.1.el6/fs/compat.c
42	42	@@ -1524,7 +1524,7 @@ int compat_do_execve(const char * filena
43	43	if (retval < 0)
44	44	goto out;

		@@ -48,8 +48,8 @@
48	48	if (retval < 0)
49	49	goto out;
50	50
51		---- linux-2.6.32-642.11.1.el6.orig/fs/compat_ioctl.c
52		-+++ linux-2.6.32-642.11.1.el6/fs/compat_ioctl.c
	51	+--- linux-2.6.32-642.13.1.el6.orig/fs/compat_ioctl.c
	52	++++ linux-2.6.32-642.13.1.el6/fs/compat_ioctl.c
53	53	@@ -114,6 +114,7 @@
54	54	#ifdef CONFIG_SPARC
55	55	#include <asm/fbio.h>

		@@ -67,8 +67,8 @@
67	67	if (error)
68	68	goto out_fput;
69	69
70		---- linux-2.6.32-642.11.1.el6.orig/fs/exec.c
71		-+++ linux-2.6.32-642.11.1.el6/fs/exec.c
	70	+--- linux-2.6.32-642.13.1.el6.orig/fs/exec.c
	71	++++ linux-2.6.32-642.13.1.el6/fs/exec.c
72	72	@@ -1489,7 +1489,7 @@ int do_execve(const char * filename,
73	73	goto out;
74	74

		@@ -78,8 +78,8 @@
78	78	if (retval < 0)
79	79	goto out;
80	80
81		---- linux-2.6.32-642.11.1.el6.orig/fs/fcntl.c
82		-+++ linux-2.6.32-642.11.1.el6/fs/fcntl.c
	81	+--- linux-2.6.32-642.13.1.el6.orig/fs/fcntl.c
	82	++++ linux-2.6.32-642.13.1.el6/fs/fcntl.c
83	83	@@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
84	84	goto out;
85	85

		@@ -98,8 +98,8 @@
98	98	if (err) {
99	99	fput(filp);
100	100	return err;
101		---- linux-2.6.32-642.11.1.el6.orig/fs/ioctl.c
102		-+++ linux-2.6.32-642.11.1.el6/fs/ioctl.c
	101	+--- linux-2.6.32-642.13.1.el6.orig/fs/ioctl.c
	102	++++ linux-2.6.32-642.13.1.el6/fs/ioctl.c
103	103	@@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
104	104	goto out;
105	105

		@@ -109,8 +109,8 @@
109	109	if (error)
110	110	goto out_fput;
111	111
112		---- linux-2.6.32-642.11.1.el6.orig/fs/namei.c
113		-+++ linux-2.6.32-642.11.1.el6/fs/namei.c
	112	+--- linux-2.6.32-642.13.1.el6.orig/fs/namei.c
	113	++++ linux-2.6.32-642.13.1.el6/fs/namei.c
114	114	@@ -2067,6 +2067,11 @@ int may_open(struct path *path, int acc_
115	115	if (flag & O_NOATIME && !is_owner_or_cap(inode))
116	116	return -EPERM;

		@@ -198,8 +198,8 @@
198	198	if (error)
199	199	goto exit5;
200	200	error = vfs_rename(old_dir->d_inode, old_dentry,
201		---- linux-2.6.32-642.11.1.el6.orig/fs/namespace.c
202		-+++ linux-2.6.32-642.11.1.el6/fs/namespace.c
	201	+--- linux-2.6.32-642.13.1.el6.orig/fs/namespace.c
	202	++++ linux-2.6.32-642.13.1.el6/fs/namespace.c
203	203	@@ -1097,6 +1097,8 @@ static int do_umount(struct vfsmount *mn
204	204	LIST_HEAD(umount_list);
205	205

		@@ -236,8 +236,8 @@
236	236	if (error) {
237	237	path_put(&old);
238	238	goto out1;
239		---- linux-2.6.32-642.11.1.el6.orig/fs/open.c
240		-+++ linux-2.6.32-642.11.1.el6/fs/open.c
	239	+--- linux-2.6.32-642.13.1.el6.orig/fs/open.c
	240	++++ linux-2.6.32-642.13.1.el6/fs/open.c
241	241	@@ -102,6 +102,8 @@ long vfs_truncate(struct path *path, lof
242	242	error = locks_verify_truncate(inode, NULL, length);
243	243	if (!error)

		@@ -328,8 +328,8 @@
328	328	if (capable(CAP_SYS_TTY_CONFIG)) {
329	329	tty_vhangup_self();
330	330	return 0;
331		---- linux-2.6.32-642.11.1.el6.orig/fs/proc/version.c
332		-+++ linux-2.6.32-642.11.1.el6/fs/proc/version.c
	331	+--- linux-2.6.32-642.13.1.el6.orig/fs/proc/version.c
	332	++++ linux-2.6.32-642.13.1.el6/fs/proc/version.c
333	333	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
334	334	return 0;
335	335	}

		@@ -337,12 +337,12 @@
337	337	+
338	338	+static int __init ccs_show_version(void)
339	339	+{
340		-+ printk(KERN_INFO "Hook version: 2.6.32-642.11.1.el6 2016/11/23\n");
	340	++ printk(KERN_INFO "Hook version: 2.6.32-642.13.1.el6 2017/01/16\n");
341	341	+ return 0;
342	342	+}
343	343	+module_init(ccs_show_version);
344		---- linux-2.6.32-642.11.1.el6.orig/fs/stat.c
345		-+++ linux-2.6.32-642.11.1.el6/fs/stat.c
	344	+--- linux-2.6.32-642.13.1.el6.orig/fs/stat.c
	345	++++ linux-2.6.32-642.13.1.el6/fs/stat.c
346	346	@@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st
347	347	int retval;
348	348

		@@ -352,8 +352,8 @@
352	352	if (retval)
353	353	return retval;
354	354
355		---- linux-2.6.32-642.11.1.el6.orig/include/linux/init_task.h
356		-+++ linux-2.6.32-642.11.1.el6/include/linux/init_task.h
	355	+--- linux-2.6.32-642.13.1.el6.orig/include/linux/init_task.h
	356	++++ linux-2.6.32-642.13.1.el6/include/linux/init_task.h
357	357	@@ -123,6 +123,14 @@ extern struct cred init_cred;
358	358	# define INIT_PERF_EVENTS(tsk)
359	359	#endif

		@@ -377,8 +377,8 @@
377	377	}
378	378
379	379
380		---- linux-2.6.32-642.11.1.el6.orig/include/linux/sched.h
381		-+++ linux-2.6.32-642.11.1.el6/include/linux/sched.h
	380	+--- linux-2.6.32-642.13.1.el6.orig/include/linux/sched.h
	381	++++ linux-2.6.32-642.13.1.el6/include/linux/sched.h
382	382	@@ -43,6 +43,8 @@
383	383
384	384	#ifdef __KERNEL__

		@@ -399,8 +399,8 @@
399	399	};
400	400
401	401	/* Future-safe accessor for struct task_struct's cpus_allowed. */
402		---- linux-2.6.32-642.11.1.el6.orig/include/linux/security.h
403		-+++ linux-2.6.32-642.11.1.el6/include/linux/security.h
	402	+--- linux-2.6.32-642.13.1.el6.orig/include/linux/security.h
	403	++++ linux-2.6.32-642.13.1.el6/include/linux/security.h
404	404	@@ -35,6 +35,7 @@
405	405	#include <linux/xfrm.h>
406	406	#include <linux/gfp.h>

		@@ -409,8 +409,8 @@
409	409
410	410	/* Maximum number of letters for an LSM name string */
411	411	#define SECURITY_NAME_MAX 10
412		---- linux-2.6.32-642.11.1.el6.orig/include/net/ip.h
413		-+++ linux-2.6.32-642.11.1.el6/include/net/ip.h
	412	+--- linux-2.6.32-642.13.1.el6.orig/include/net/ip.h
	413	++++ linux-2.6.32-642.13.1.el6/include/net/ip.h
414	414	@@ -33,6 +33,7 @@
415	415	#endif
416	416	#include <net/snmp.h>

		@@ -428,8 +428,8 @@
428	428	return test_bit(port, sysctl_local_reserved_ports);
429	429	}
430	430
431		---- linux-2.6.32-642.11.1.el6.orig/kernel/compat.c
432		-+++ linux-2.6.32-642.11.1.el6/kernel/compat.c
	431	+--- linux-2.6.32-642.13.1.el6.orig/kernel/compat.c
	432	++++ linux-2.6.32-642.13.1.el6/kernel/compat.c
433	433	@@ -1005,6 +1005,8 @@ asmlinkage long compat_sys_stime(compat_
434	434	err = security_settime(&tv, NULL);
435	435	if (err)

		@@ -439,8 +439,8 @@
439	439
440	440	do_settimeofday(&tv);
441	441	return 0;
442		---- linux-2.6.32-642.11.1.el6.orig/kernel/fork.c
443		-+++ linux-2.6.32-642.11.1.el6/kernel/fork.c
	442	+--- linux-2.6.32-642.13.1.el6.orig/kernel/fork.c
	443	++++ linux-2.6.32-642.13.1.el6/kernel/fork.c
444	444	@@ -176,6 +176,7 @@ void __put_task_struct(struct task_struc
445	445	exit_creds(tsk);
446	446	delayacct_tsk_free(tsk);

		@@ -467,8 +467,8 @@
467	467	bad_fork_cleanup_perf:
468	468	perf_event_free_task(p);
469	469	bad_fork_cleanup_policy:
470		---- linux-2.6.32-642.11.1.el6.orig/kernel/kexec.c
471		-+++ linux-2.6.32-642.11.1.el6/kernel/kexec.c
	470	+--- linux-2.6.32-642.13.1.el6.orig/kernel/kexec.c
	471	++++ linux-2.6.32-642.13.1.el6/kernel/kexec.c
472	472	@@ -41,6 +41,7 @@
473	473	#include <asm/system.h>
474	474	#include <asm/sections.h>

		@@ -486,8 +486,8 @@
486	486
487	487	if (kexec_load_disabled)
488	488	return -EPERM;
489		---- linux-2.6.32-642.11.1.el6.orig/kernel/module.c
490		-+++ linux-2.6.32-642.11.1.el6/kernel/module.c
	489	+--- linux-2.6.32-642.13.1.el6.orig/kernel/module.c
	490	++++ linux-2.6.32-642.13.1.el6/kernel/module.c
491	491	@@ -56,6 +56,7 @@
492	492	#include <linux/percpu.h>
493	493	#include <linux/kmemleak.h>

		@@ -514,8 +514,8 @@
514	514
515	515	/* Only one module load at a time, please */
516	516	if (mutex_lock_interruptible(&module_mutex) != 0)
517		---- linux-2.6.32-642.11.1.el6.orig/kernel/ptrace.c
518		-+++ linux-2.6.32-642.11.1.el6/kernel/ptrace.c
	517	+--- linux-2.6.32-642.13.1.el6.orig/kernel/ptrace.c
	518	++++ linux-2.6.32-642.13.1.el6/kernel/ptrace.c
519	519	@@ -195,6 +195,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
520	520	{
521	521	struct task_struct *child;

		@@ -540,8 +540,8 @@
540	540
541	541	if (request == PTRACE_TRACEME) {
542	542	ret = ptrace_traceme();
543		---- linux-2.6.32-642.11.1.el6.orig/kernel/sched.c
544		-+++ linux-2.6.32-642.11.1.el6/kernel/sched.c
	543	+--- linux-2.6.32-642.13.1.el6.orig/kernel/sched.c
	544	++++ linux-2.6.32-642.13.1.el6/kernel/sched.c
545	545	@@ -6858,6 +6858,8 @@ int can_nice(const struct task_struct *p
546	546	SYSCALL_DEFINE1(nice, int, increment)
547	547	{

		@@ -551,8 +551,8 @@
551	551
552	552	/*
553	553	* Setpriority might change our priority at the same moment.
554		---- linux-2.6.32-642.11.1.el6.orig/kernel/signal.c
555		-+++ linux-2.6.32-642.11.1.el6/kernel/signal.c
	554	+--- linux-2.6.32-642.13.1.el6.orig/kernel/signal.c
	555	++++ linux-2.6.32-642.13.1.el6/kernel/signal.c
556	556	@@ -2312,6 +2312,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
557	557	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
558	558	{

		@@ -598,8 +598,8 @@
598	598
599	599	return do_send_specific(tgid, pid, sig, info);
600	600	}
601		---- linux-2.6.32-642.11.1.el6.orig/kernel/sys.c
602		-+++ linux-2.6.32-642.11.1.el6/kernel/sys.c
	601	+--- linux-2.6.32-642.13.1.el6.orig/kernel/sys.c
	602	++++ linux-2.6.32-642.13.1.el6/kernel/sys.c
603	603	@@ -157,6 +157,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
604	604
605	605	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -638,8 +638,8 @@
638	638
639	639	down_write(&uts_sem);
640	640	errno = -EFAULT;
641		---- linux-2.6.32-642.11.1.el6.orig/kernel/sysctl.c
642		-+++ linux-2.6.32-642.11.1.el6/kernel/sysctl.c
	641	+--- linux-2.6.32-642.13.1.el6.orig/kernel/sysctl.c
	642	++++ linux-2.6.32-642.13.1.el6/kernel/sysctl.c
643	643	@@ -2130,6 +2130,9 @@ int do_sysctl(int __user *name, int nlen
644	644
645	645	for (head = sysctl_head_next(NULL); head;

		@@ -650,8 +650,8 @@
650	650	error = parse_table(name, nlen, oldval, oldlenp,
651	651	newval, newlen,
652	652	head->root, head->ctl_table);
653		---- linux-2.6.32-642.11.1.el6.orig/kernel/time.c
654		-+++ linux-2.6.32-642.11.1.el6/kernel/time.c
	653	+--- linux-2.6.32-642.13.1.el6.orig/kernel/time.c
	654	++++ linux-2.6.32-642.13.1.el6/kernel/time.c
655	655	@@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
656	656	err = security_settime(&tv, NULL);
657	657	if (err)

		@@ -670,8 +670,8 @@
670	670
671	671	if (tz) {
672	672	/* SMP safe, global irq locking makes it work. */
673		---- linux-2.6.32-642.11.1.el6.orig/kernel/time/ntp.c
674		-+++ linux-2.6.32-642.11.1.el6/kernel/time/ntp.c
	673	+--- linux-2.6.32-642.13.1.el6.orig/kernel/time/ntp.c
	674	++++ linux-2.6.32-642.13.1.el6/kernel/time/ntp.c
675	675	@@ -14,6 +14,7 @@
676	676	#include <linux/timex.h>
677	677	#include <linux/time.h>

		@@ -696,8 +696,8 @@
696	696
697	697	/*
698	698	* if the quartz is off by more than 10% then
699		---- linux-2.6.32-642.11.1.el6.orig/net/ipv4/raw.c
700		-+++ linux-2.6.32-642.11.1.el6/net/ipv4/raw.c
	699	+--- linux-2.6.32-642.13.1.el6.orig/net/ipv4/raw.c
	700	++++ linux-2.6.32-642.13.1.el6/net/ipv4/raw.c
701	701	@@ -77,6 +77,7 @@
702	702	#include <linux/seq_file.h>
703	703	#include <linux/netfilter.h>

		@@ -717,8 +717,8 @@
717	717
718	718	copied = skb->len;
719	719	if (len < copied) {
720		---- linux-2.6.32-642.11.1.el6.orig/net/ipv4/udp.c
721		-+++ linux-2.6.32-642.11.1.el6/net/ipv4/udp.c
	720	+--- linux-2.6.32-642.13.1.el6.orig/net/ipv4/udp.c
	721	++++ linux-2.6.32-642.13.1.el6/net/ipv4/udp.c
722	722	@@ -108,6 +108,7 @@
723	723	#include <trace/events/udp.h>
724	724	#include <net/busy_poll.h>

		@@ -738,8 +738,8 @@
738	738
739	739	ulen = skb->len - sizeof(struct udphdr);
740	740	copied = len;
741		---- linux-2.6.32-642.11.1.el6.orig/net/ipv6/raw.c
742		-+++ linux-2.6.32-642.11.1.el6/net/ipv6/raw.c
	741	+--- linux-2.6.32-642.13.1.el6.orig/net/ipv6/raw.c
	742	++++ linux-2.6.32-642.13.1.el6/net/ipv6/raw.c
743	743	@@ -59,6 +59,7 @@
744	744
745	745	#include <linux/proc_fs.h>

		@@ -759,8 +759,8 @@
759	759
760	760	copied = skb->len;
761	761	if (copied > len) {
762		---- linux-2.6.32-642.11.1.el6.orig/net/ipv6/udp.c
763		-+++ linux-2.6.32-642.11.1.el6/net/ipv6/udp.c
	762	+--- linux-2.6.32-642.13.1.el6.orig/net/ipv6/udp.c
	763	++++ linux-2.6.32-642.13.1.el6/net/ipv6/udp.c
764	764	@@ -50,6 +50,7 @@
765	765	#include <linux/proc_fs.h>
766	766	#include <linux/seq_file.h>

		@@ -780,8 +780,8 @@
780	780
781	781	ulen = skb->len - sizeof(struct udphdr);
782	782	copied = len;
783		---- linux-2.6.32-642.11.1.el6.orig/net/socket.c
784		-+++ linux-2.6.32-642.11.1.el6/net/socket.c
	783	+--- linux-2.6.32-642.13.1.el6.orig/net/socket.c
	784	++++ linux-2.6.32-642.13.1.el6/net/socket.c
785	785	@@ -578,6 +578,8 @@ static inline int __sock_sendmsg(struct
786	786	struct msghdr *msg, size_t size)
787	787	{

		@@ -842,8 +842,8 @@
842	842	if (err)
843	843	goto out_put;
844	844
845		---- linux-2.6.32-642.11.1.el6.orig/net/unix/af_unix.c
846		-+++ linux-2.6.32-642.11.1.el6/net/unix/af_unix.c
	845	+--- linux-2.6.32-642.13.1.el6.orig/net/unix/af_unix.c
	846	++++ linux-2.6.32-642.13.1.el6/net/unix/af_unix.c
847	847	@@ -981,6 +981,9 @@ static int unix_bind(struct socket *sock
848	848	mode = S_IFSOCK \|
849	849	(SOCK_INODE(sock)->i_mode & ~current_umask());

		@@ -865,8 +865,8 @@
865	865	if (msg->msg_name)
866	866	unix_copy_addr(msg, skb->sk);
867	867
868		---- linux-2.6.32-642.11.1.el6.orig/security/Kconfig
869		-+++ linux-2.6.32-642.11.1.el6/security/Kconfig
	868	+--- linux-2.6.32-642.13.1.el6.orig/security/Kconfig
	869	++++ linux-2.6.32-642.13.1.el6/security/Kconfig
870	870	@@ -177,5 +177,7 @@ source security/tomoyo/Kconfig
871	871
872	872	source security/integrity/ima/Kconfig

		@@ -875,8 +875,8 @@
875	875	+
876	876	endmenu
877	877
878		---- linux-2.6.32-642.11.1.el6.orig/security/Makefile
879		-+++ linux-2.6.32-642.11.1.el6/security/Makefile
	878	+--- linux-2.6.32-642.13.1.el6.orig/security/Makefile
	879	++++ linux-2.6.32-642.13.1.el6/security/Makefile
880	880	@@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
881	881	# Object integrity file lists
882	882	subdir-$(CONFIG_IMA) += integrity/ima

--- trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff (revision 227)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for CentOS 7.
2	2
3		-Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.2.2.el7.src.rpm
	3	+Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.6.1.el7.src.rpm
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 111 +++++++++++++++++++++++++++++++++++++++++-----
29	29	24 files changed, 248 insertions(+), 37 deletions(-)
30	30
31		---- linux-3.10.0-514.2.2.el7.orig/fs/exec.c
32		-+++ linux-3.10.0-514.2.2.el7/fs/exec.c
	31	+--- linux-3.10.0-514.6.1.el7.orig/fs/exec.c
	32	++++ linux-3.10.0-514.6.1.el7/fs/exec.c
33	33	@@ -1580,7 +1580,7 @@ static int do_execve_common(struct filen
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.10.0-514.2.2.el7.orig/fs/open.c
43		-+++ linux-3.10.0-514.2.2.el7/fs/open.c
	42	+--- linux-3.10.0-514.6.1.el7.orig/fs/open.c
	43	++++ linux-3.10.0-514.6.1.el7/fs/open.c
44	44	@@ -1120,6 +1120,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.10.0-514.2.2.el7.orig/fs/proc/version.c
54		-+++ linux-3.10.0-514.2.2.el7/fs/proc/version.c
	53	+--- linux-3.10.0-514.6.1.el7.orig/fs/proc/version.c
	54	++++ linux-3.10.0-514.6.1.el7/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.10.0-514.2.2.el7 2016/12/23\n");
	62	++ printk(KERN_INFO "Hook version: 3.10.0-514.6.1.el7 2017/01/22\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.10.0-514.2.2.el7.orig/include/linux/init_task.h
67		-+++ linux-3.10.0-514.2.2.el7/include/linux/init_task.h
	66	+--- linux-3.10.0-514.6.1.el7.orig/include/linux/init_task.h
	67	++++ linux-3.10.0-514.6.1.el7/include/linux/init_task.h
68	68	@@ -164,6 +164,14 @@ extern struct task_group root_task_group
69	69	# define INIT_RT_MUTEXES(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.10.0-514.2.2.el7.orig/include/linux/sched.h
92		-+++ linux-3.10.0-514.2.2.el7/include/linux/sched.h
	91	+--- linux-3.10.0-514.6.1.el7.orig/include/linux/sched.h
	92	++++ linux-3.10.0-514.6.1.el7/include/linux/sched.h
93	93	@@ -4,6 +4,8 @@
94	94	#include <uapi/linux/sched.h>
95	95	#include <linux/rh_kabi.h>

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.10.0-514.2.2.el7.orig/include/linux/security.h
114		-+++ linux-3.10.0-514.2.2.el7/include/linux/security.h
	113	+--- linux-3.10.0-514.6.1.el7.orig/include/linux/security.h
	114	++++ linux-3.10.0-514.6.1.el7/include/linux/security.h
115	115	@@ -54,6 +54,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -323,8 +323,8 @@
323	323	}
324	324	#endif /* CONFIG_SECURITY_PATH */
325	325
326		---- linux-3.10.0-514.2.2.el7.orig/include/net/ip.h
327		-+++ linux-3.10.0-514.2.2.el7/include/net/ip.h
	326	+--- linux-3.10.0-514.6.1.el7.orig/include/net/ip.h
	327	++++ linux-3.10.0-514.6.1.el7/include/net/ip.h
328	328	@@ -228,6 +228,8 @@ void inet_get_local_port_range(struct ne
329	329	extern unsigned long *sysctl_local_reserved_ports;
330	330	static inline int inet_is_reserved_local_port(int port)

		@@ -334,8 +334,8 @@
334	334	return test_bit(port, sysctl_local_reserved_ports);
335	335	}
336	336
337		---- linux-3.10.0-514.2.2.el7.orig/kernel/fork.c
338		-+++ linux-3.10.0-514.2.2.el7/kernel/fork.c
	337	+--- linux-3.10.0-514.6.1.el7.orig/kernel/fork.c
	338	++++ linux-3.10.0-514.6.1.el7/kernel/fork.c
339	339	@@ -270,6 +270,7 @@ void __put_task_struct(struct task_struc
340	340	delayacct_tsk_free(tsk);
341	341	put_signal_struct(tsk->signal);

		@@ -362,8 +362,8 @@
362	362	bad_fork_cleanup_perf:
363	363	perf_event_free_task(p);
364	364	bad_fork_cleanup_policy:
365		---- linux-3.10.0-514.2.2.el7.orig/kernel/kexec.c
366		-+++ linux-3.10.0-514.2.2.el7/kernel/kexec.c
	365	+--- linux-3.10.0-514.6.1.el7.orig/kernel/kexec.c
	366	++++ linux-3.10.0-514.6.1.el7/kernel/kexec.c
367	367	@@ -1250,6 +1250,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
368	368	/* We only trust the superuser with rebooting the system. */
369	369	if (!capable(CAP_SYS_BOOT) \|\| kexec_load_disabled)

		@@ -373,8 +373,8 @@
373	373
374	374	if (get_securelevel() > 0)
375	375	return -EPERM;
376		---- linux-3.10.0-514.2.2.el7.orig/kernel/module.c
377		-+++ linux-3.10.0-514.2.2.el7/kernel/module.c
	376	+--- linux-3.10.0-514.6.1.el7.orig/kernel/module.c
	377	++++ linux-3.10.0-514.6.1.el7/kernel/module.c
378	378	@@ -62,6 +62,7 @@
379	379	#include <linux/bsearch.h>
380	380	#include <uapi/linux/module.h>

		@@ -401,8 +401,8 @@
401	401
402	402	return 0;
403	403	}
404		---- linux-3.10.0-514.2.2.el7.orig/kernel/ptrace.c
405		-+++ linux-3.10.0-514.2.2.el7/kernel/ptrace.c
	404	+--- linux-3.10.0-514.6.1.el7.orig/kernel/ptrace.c
	405	++++ linux-3.10.0-514.6.1.el7/kernel/ptrace.c
406	406	@@ -1038,6 +1038,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
407	407	{
408	408	struct task_struct *child;

		@@ -427,9 +427,9 @@
427	427
428	428	if (request == PTRACE_TRACEME) {
429	429	ret = ptrace_traceme();
430		---- linux-3.10.0-514.2.2.el7.orig/kernel/sched/core.c
431		-+++ linux-3.10.0-514.2.2.el7/kernel/sched/core.c
432		-@@ -4175,6 +4175,8 @@ int can_nice(const struct task_struct *p
	430	+--- linux-3.10.0-514.6.1.el7.orig/kernel/sched/core.c
	431	++++ linux-3.10.0-514.6.1.el7/kernel/sched/core.c
	432	+@@ -4197,6 +4197,8 @@ int can_nice(const struct task_struct *p
433	433	SYSCALL_DEFINE1(nice, int, increment)
434	434	{
435	435	long nice, retval;

		@@ -438,8 +438,8 @@
438	438
439	439	/*
440	440	* Setpriority might change our priority at the same moment.
441		---- linux-3.10.0-514.2.2.el7.orig/kernel/signal.c
442		-+++ linux-3.10.0-514.2.2.el7/kernel/signal.c
	441	+--- linux-3.10.0-514.6.1.el7.orig/kernel/signal.c
	442	++++ linux-3.10.0-514.6.1.el7/kernel/signal.c
443	443	@@ -2914,6 +2914,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
444	444	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
445	445	{

		@@ -485,8 +485,8 @@
485	485
486	486	return do_send_specific(tgid, pid, sig, info);
487	487	}
488		---- linux-3.10.0-514.2.2.el7.orig/kernel/sys.c
489		-+++ linux-3.10.0-514.2.2.el7/kernel/sys.c
	488	+--- linux-3.10.0-514.6.1.el7.orig/kernel/sys.c
	489	++++ linux-3.10.0-514.6.1.el7/kernel/sys.c
490	490	@@ -192,6 +192,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
491	491
492	492	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -525,8 +525,8 @@
525	525
526	526	down_write(&uts_sem);
527	527	errno = -EFAULT;
528		---- linux-3.10.0-514.2.2.el7.orig/kernel/time/ntp.c
529		-+++ linux-3.10.0-514.2.2.el7/kernel/time/ntp.c
	528	+--- linux-3.10.0-514.6.1.el7.orig/kernel/time/ntp.c
	529	++++ linux-3.10.0-514.6.1.el7/kernel/time/ntp.c
530	530	@@ -16,6 +16,7 @@
531	531	#include <linux/mm.h>
532	532	#include <linux/module.h>

		@@ -560,8 +560,8 @@
560	560
561	561	return 0;
562	562	}
563		---- linux-3.10.0-514.2.2.el7.orig/net/ipv4/raw.c
564		-+++ linux-3.10.0-514.2.2.el7/net/ipv4/raw.c
	563	+--- linux-3.10.0-514.6.1.el7.orig/net/ipv4/raw.c
	564	++++ linux-3.10.0-514.6.1.el7/net/ipv4/raw.c
565	565	@@ -702,6 +702,10 @@ static int raw_recvmsg(struct kiocb *ioc
566	566	skb = skb_recv_datagram(sk, flags, noblock, &err);
567	567	if (!skb)

		@@ -573,8 +573,8 @@
573	573
574	574	copied = skb->len;
575	575	if (len < copied) {
576		---- linux-3.10.0-514.2.2.el7.orig/net/ipv4/udp.c
577		-+++ linux-3.10.0-514.2.2.el7/net/ipv4/udp.c
	576	+--- linux-3.10.0-514.6.1.el7.orig/net/ipv4/udp.c
	577	++++ linux-3.10.0-514.6.1.el7/net/ipv4/udp.c
578	578	@@ -1268,6 +1268,10 @@ try_again:
579	579	&peeked, &off, &err);
580	580	if (!skb)

		@@ -586,8 +586,8 @@
586	586
587	587	ulen = skb->len - sizeof(struct udphdr);
588	588	copied = len;
589		---- linux-3.10.0-514.2.2.el7.orig/net/ipv6/raw.c
590		-+++ linux-3.10.0-514.2.2.el7/net/ipv6/raw.c
	589	+--- linux-3.10.0-514.6.1.el7.orig/net/ipv6/raw.c
	590	++++ linux-3.10.0-514.6.1.el7/net/ipv6/raw.c
591	591	@@ -468,6 +468,10 @@ static int rawv6_recvmsg(struct kiocb *i
592	592	skb = skb_recv_datagram(sk, flags, noblock, &err);
593	593	if (!skb)

		@@ -599,8 +599,8 @@
599	599
600	600	copied = skb->len;
601	601	if (copied > len) {
602		---- linux-3.10.0-514.2.2.el7.orig/net/ipv6/udp.c
603		-+++ linux-3.10.0-514.2.2.el7/net/ipv6/udp.c
	602	+--- linux-3.10.0-514.6.1.el7.orig/net/ipv6/udp.c
	603	++++ linux-3.10.0-514.6.1.el7/net/ipv6/udp.c
604	604	@@ -416,6 +416,10 @@ try_again:
605	605	&peeked, &off, &err);
606	606	if (!skb)

		@@ -612,8 +612,8 @@
612	612
613	613	ulen = skb->len - sizeof(struct udphdr);
614	614	copied = len;
615		---- linux-3.10.0-514.2.2.el7.orig/net/socket.c
616		-+++ linux-3.10.0-514.2.2.el7/net/socket.c
	615	+--- linux-3.10.0-514.6.1.el7.orig/net/socket.c
	616	++++ linux-3.10.0-514.6.1.el7/net/socket.c
617	617	@@ -1608,6 +1608,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
618	618	if (err < 0)
619	619	goto out_fd;

		@@ -625,8 +625,8 @@
625	625	if (upeer_sockaddr) {
626	626	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
627	627	&len, 2) < 0) {
628		---- linux-3.10.0-514.2.2.el7.orig/net/unix/af_unix.c
629		-+++ linux-3.10.0-514.2.2.el7/net/unix/af_unix.c
	628	+--- linux-3.10.0-514.6.1.el7.orig/net/unix/af_unix.c
	629	++++ linux-3.10.0-514.6.1.el7/net/unix/af_unix.c
630	630	@@ -2137,6 +2137,10 @@ static int unix_dgram_recvmsg(struct kio
631	631	wake_up_interruptible_sync_poll(&u->peer_wait,
632	632	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -638,8 +638,8 @@
638	638	if (msg->msg_name)
639	639	unix_copy_addr(msg, skb->sk);
640	640
641		---- linux-3.10.0-514.2.2.el7.orig/security/Kconfig
642		-+++ linux-3.10.0-514.2.2.el7/security/Kconfig
	641	+--- linux-3.10.0-514.6.1.el7.orig/security/Kconfig
	642	++++ linux-3.10.0-514.6.1.el7/security/Kconfig
643	643	@@ -175,5 +175,7 @@ config DEFAULT_SECURITY
644	644	default "yama" if DEFAULT_SECURITY_YAMA
645	645	default "" if DEFAULT_SECURITY_DAC

		@@ -648,8 +648,8 @@
648	648	+
649	649	endmenu
650	650
651		---- linux-3.10.0-514.2.2.el7.orig/security/Makefile
652		-+++ linux-3.10.0-514.2.2.el7/security/Makefile
	651	+--- linux-3.10.0-514.6.1.el7.orig/security/Makefile
	652	++++ linux-3.10.0-514.6.1.el7/security/Makefile
653	653	@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
654	654	# Object integrity file lists
655	655	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -657,8 +657,8 @@
657	657	+
658	658	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
659	659	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
660		---- linux-3.10.0-514.2.2.el7.orig/security/security.c
661		-+++ linux-3.10.0-514.2.2.el7/security/security.c
	660	+--- linux-3.10.0-514.6.1.el7.orig/security/security.c
	661	++++ linux-3.10.0-514.6.1.el7/security/security.c
662	662	@@ -203,7 +203,10 @@ int security_syslog(int type)
663	663
664	664	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.13-ubuntu-14.04.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-3.13-ubuntu-14.04.diff (revision 227)

		@@ -29,8 +29,8 @@
29	29	security/security.c \| 107 ++++++++++++++++++++++++++++++++++++++++------
30	30	25 files changed, 236 insertions(+), 37 deletions(-)
31	31
32		---- linux-3.13.0-106.153.orig/fs/exec.c
33		-+++ linux-3.13.0-106.153/fs/exec.c
	32	+--- linux-3.13.0-107.154.orig/fs/exec.c
	33	++++ linux-3.13.0-107.154/fs/exec.c
34	34	@@ -1456,7 +1456,7 @@ static int exec_binprm(struct linux_binp
35	35	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
36	36	rcu_read_unlock();

		@@ -40,8 +40,8 @@
40	40	if (ret >= 0) {
41	41	audit_bprm(bprm);
42	42	trace_sched_process_exec(current, old_pid, bprm);
43		---- linux-3.13.0-106.153.orig/fs/open.c
44		-+++ linux-3.13.0-106.153/fs/open.c
	43	+--- linux-3.13.0-107.154.orig/fs/open.c
	44	++++ linux-3.13.0-107.154/fs/open.c
45	45	@@ -1088,6 +1088,8 @@ EXPORT_SYMBOL(sys_close);
46	46	*/
47	47	SYSCALL_DEFINE0(vhangup)

		@@ -51,8 +51,8 @@
51	51	if (capable(CAP_SYS_TTY_CONFIG)) {
52	52	tty_vhangup_self();
53	53	return 0;
54		---- linux-3.13.0-106.153.orig/fs/proc/version.c
55		-+++ linux-3.13.0-106.153/fs/proc/version.c
	54	+--- linux-3.13.0-107.154.orig/fs/proc/version.c
	55	++++ linux-3.13.0-107.154/fs/proc/version.c
56	56	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
57	57	return 0;
58	58	}

		@@ -60,12 +60,12 @@
60	60	+
61	61	+static int __init ccs_show_version(void)
62	62	+{
63		-+ printk(KERN_INFO "Hook version: 3.13.0-106.153 2016/12/23\n");
	63	++ printk(KERN_INFO "Hook version: 3.13.0-107.154 2017/01/16\n");
64	64	+ return 0;
65	65	+}
66	66	+module_init(ccs_show_version);
67		---- linux-3.13.0-106.153.orig/include/linux/init_task.h
68		-+++ linux-3.13.0-106.153/include/linux/init_task.h
	67	+--- linux-3.13.0-107.154.orig/include/linux/init_task.h
	68	++++ linux-3.13.0-107.154/include/linux/init_task.h
69	69	@@ -155,6 +155,14 @@ extern struct task_group root_task_group
70	70
71	71	#define INIT_TASK_COMM "swapper"

		@@ -89,8 +89,8 @@
89	89	}
90	90
91	91
92		---- linux-3.13.0-106.153.orig/include/linux/sched.h
93		-+++ linux-3.13.0-106.153/include/linux/sched.h
	92	+--- linux-3.13.0-107.154.orig/include/linux/sched.h
	93	++++ linux-3.13.0-107.154/include/linux/sched.h
94	94	@@ -4,6 +4,8 @@
95	95	#include <uapi/linux/sched.h>
96	96

		@@ -111,8 +111,8 @@
111	111	};
112	112
113	113	/* Future-safe accessor for struct task_struct's cpus_allowed. */
114		---- linux-3.13.0-106.153.orig/include/linux/security.h
115		-+++ linux-3.13.0-106.153/include/linux/security.h
	114	+--- linux-3.13.0-107.154.orig/include/linux/security.h
	115	++++ linux-3.13.0-107.154/include/linux/security.h
116	116	@@ -53,6 +53,7 @@ struct msg_queue;
117	117	struct xattr;
118	118	struct xfrm_sec_ctx;

		@@ -314,8 +314,8 @@
314	314	}
315	315	#endif /* CONFIG_SECURITY_PATH */
316	316
317		---- linux-3.13.0-106.153.orig/include/net/ip.h
318		-+++ linux-3.13.0-106.153/include/net/ip.h
	317	+--- linux-3.13.0-107.154.orig/include/net/ip.h
	318	++++ linux-3.13.0-107.154/include/net/ip.h
319	319	@@ -225,6 +225,8 @@ void inet_get_local_port_range(struct ne
320	320	extern unsigned long *sysctl_local_reserved_ports;
321	321	static inline int inet_is_reserved_local_port(int port)

		@@ -325,8 +325,8 @@
325	325	return test_bit(port, sysctl_local_reserved_ports);
326	326	}
327	327
328		---- linux-3.13.0-106.153.orig/kernel/fork.c
329		-+++ linux-3.13.0-106.153/kernel/fork.c
	328	+--- linux-3.13.0-107.154.orig/kernel/fork.c
	329	++++ linux-3.13.0-107.154/kernel/fork.c
330	330	@@ -248,6 +248,7 @@ void __put_task_struct(struct task_struc
331	331	delayacct_tsk_free(tsk);
332	332	put_signal_struct(tsk->signal);

		@@ -353,8 +353,8 @@
353	353	bad_fork_cleanup_perf:
354	354	perf_event_free_task(p);
355	355	bad_fork_cleanup_policy:
356		---- linux-3.13.0-106.153.orig/kernel/kexec.c
357		-+++ linux-3.13.0-106.153/kernel/kexec.c
	356	+--- linux-3.13.0-107.154.orig/kernel/kexec.c
	357	++++ linux-3.13.0-107.154/kernel/kexec.c
358	358	@@ -38,6 +38,7 @@
359	359	#include <asm/uaccess.h>
360	360	#include <asm/io.h>

		@@ -372,8 +372,8 @@
372	372
373	373	/*
374	374	* Verify we have a legal set of flags
375		---- linux-3.13.0-106.153.orig/kernel/module.c
376		-+++ linux-3.13.0-106.153/kernel/module.c
	375	+--- linux-3.13.0-107.154.orig/kernel/module.c
	376	++++ linux-3.13.0-107.154/kernel/module.c
377	377	@@ -63,6 +63,7 @@
378	378	#include <linux/fips.h>
379	379	#include <uapi/linux/module.h>

		@@ -400,8 +400,8 @@
400	400
401	401	return 0;
402	402	}
403		---- linux-3.13.0-106.153.orig/kernel/ptrace.c
404		-+++ linux-3.13.0-106.153/kernel/ptrace.c
	403	+--- linux-3.13.0-107.154.orig/kernel/ptrace.c
	404	++++ linux-3.13.0-107.154/kernel/ptrace.c
405	405	@@ -1055,6 +1055,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
406	406	{
407	407	struct task_struct *child;

		@@ -426,8 +426,8 @@
426	426
427	427	if (request == PTRACE_TRACEME) {
428	428	ret = ptrace_traceme();
429		---- linux-3.13.0-106.153.orig/kernel/reboot.c
430		-+++ linux-3.13.0-106.153/kernel/reboot.c
	429	+--- linux-3.13.0-107.154.orig/kernel/reboot.c
	430	++++ linux-3.13.0-107.154/kernel/reboot.c
431	431	@@ -16,6 +16,7 @@
432	432	#include <linux/syscalls.h>
433	433	#include <linux/syscore_ops.h>

		@@ -445,8 +445,8 @@
445	445
446	446	/*
447	447	* If pid namespaces are enabled and the current task is in a child
448		---- linux-3.13.0-106.153.orig/kernel/sched/core.c
449		-+++ linux-3.13.0-106.153/kernel/sched/core.c
	448	+--- linux-3.13.0-107.154.orig/kernel/sched/core.c
	449	++++ linux-3.13.0-107.154/kernel/sched/core.c
450	450	@@ -2922,6 +2922,8 @@ int can_nice(const struct task_struct *p
451	451	SYSCALL_DEFINE1(nice, int, increment)
452	452	{

		@@ -456,8 +456,8 @@
456	456
457	457	/*
458	458	* Setpriority might change our priority at the same moment.
459		---- linux-3.13.0-106.153.orig/kernel/signal.c
460		-+++ linux-3.13.0-106.153/kernel/signal.c
	459	+--- linux-3.13.0-107.154.orig/kernel/signal.c
	460	++++ linux-3.13.0-107.154/kernel/signal.c
461	461	@@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
462	462	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
463	463	{

		@@ -503,8 +503,8 @@
503	503
504	504	return do_send_specific(tgid, pid, sig, info);
505	505	}
506		---- linux-3.13.0-106.153.orig/kernel/sys.c
507		-+++ linux-3.13.0-106.153/kernel/sys.c
	506	+--- linux-3.13.0-107.154.orig/kernel/sys.c
	507	++++ linux-3.13.0-107.154/kernel/sys.c
508	508	@@ -171,6 +171,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
509	509
510	510	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -534,8 +534,8 @@
534	534
535	535	down_write(&uts_sem);
536	536	errno = -EFAULT;
537		---- linux-3.13.0-106.153.orig/kernel/time/ntp.c
538		-+++ linux-3.13.0-106.153/kernel/time/ntp.c
	537	+--- linux-3.13.0-107.154.orig/kernel/time/ntp.c
	538	++++ linux-3.13.0-107.154/kernel/time/ntp.c
539	539	@@ -16,6 +16,7 @@
540	540	#include <linux/mm.h>
541	541	#include <linux/module.h>

		@@ -569,8 +569,8 @@
569	569
570	570	/*
571	571	* Check for potential multiplication overflows that can
572		---- linux-3.13.0-106.153.orig/net/ipv4/raw.c
573		-+++ linux-3.13.0-106.153/net/ipv4/raw.c
	572	+--- linux-3.13.0-107.154.orig/net/ipv4/raw.c
	573	++++ linux-3.13.0-107.154/net/ipv4/raw.c
574	574	@@ -706,6 +706,10 @@ static int raw_recvmsg(struct kiocb *ioc
575	575	skb = skb_recv_datagram(sk, flags, noblock, &err);
576	576	if (!skb)

		@@ -582,8 +582,8 @@
582	582
583	583	copied = skb->len;
584	584	if (len < copied) {
585		---- linux-3.13.0-106.153.orig/net/ipv4/udp.c
586		-+++ linux-3.13.0-106.153/net/ipv4/udp.c
	585	+--- linux-3.13.0-107.154.orig/net/ipv4/udp.c
	586	++++ linux-3.13.0-107.154/net/ipv4/udp.c
587	587	@@ -1247,6 +1247,10 @@ try_again:
588	588	&peeked, &off, &err);
589	589	if (!skb)

		@@ -595,8 +595,8 @@
595	595
596	596	ulen = skb->len - sizeof(struct udphdr);
597	597	copied = len;
598		---- linux-3.13.0-106.153.orig/net/ipv6/raw.c
599		-+++ linux-3.13.0-106.153/net/ipv6/raw.c
	598	+--- linux-3.13.0-107.154.orig/net/ipv6/raw.c
	599	++++ linux-3.13.0-107.154/net/ipv6/raw.c
600	600	@@ -474,6 +474,10 @@ static int rawv6_recvmsg(struct kiocb *i
601	601	skb = skb_recv_datagram(sk, flags, noblock, &err);
602	602	if (!skb)

		@@ -608,8 +608,8 @@
608	608
609	609	copied = skb->len;
610	610	if (copied > len) {
611		---- linux-3.13.0-106.153.orig/net/ipv6/udp.c
612		-+++ linux-3.13.0-106.153/net/ipv6/udp.c
	611	+--- linux-3.13.0-107.154.orig/net/ipv6/udp.c
	612	++++ linux-3.13.0-107.154/net/ipv6/udp.c
613	613	@@ -404,6 +404,10 @@ try_again:
614	614	&peeked, &off, &err);
615	615	if (!skb)

		@@ -621,8 +621,8 @@
621	621
622	622	ulen = skb->len - sizeof(struct udphdr);
623	623	copied = len;
624		---- linux-3.13.0-106.153.orig/net/socket.c
625		-+++ linux-3.13.0-106.153/net/socket.c
	624	+--- linux-3.13.0-107.154.orig/net/socket.c
	625	++++ linux-3.13.0-107.154/net/socket.c
626	626	@@ -1616,6 +1616,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
627	627	if (err < 0)
628	628	goto out_fd;

		@@ -634,8 +634,8 @@
634	634	if (upeer_sockaddr) {
635	635	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
636	636	&len, 2) < 0) {
637		---- linux-3.13.0-106.153.orig/net/unix/af_unix.c
638		-+++ linux-3.13.0-106.153/net/unix/af_unix.c
	637	+--- linux-3.13.0-107.154.orig/net/unix/af_unix.c
	638	++++ linux-3.13.0-107.154/net/unix/af_unix.c
639	639	@@ -1973,6 +1973,10 @@ static int unix_dgram_recvmsg(struct kio
640	640	wake_up_interruptible_sync_poll(&u->peer_wait,
641	641	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -647,8 +647,8 @@
647	647	if (msg->msg_name)
648	648	unix_copy_addr(msg, skb->sk);
649	649
650		---- linux-3.13.0-106.153.orig/security/Kconfig
651		-+++ linux-3.13.0-106.153/security/Kconfig
	650	+--- linux-3.13.0-107.154.orig/security/Kconfig
	651	++++ linux-3.13.0-107.154/security/Kconfig
652	652	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
653	653	default "yama" if DEFAULT_SECURITY_YAMA
654	654	default "" if DEFAULT_SECURITY_DAC

		@@ -657,8 +657,8 @@
657	657	+
658	658	endmenu
659	659
660		---- linux-3.13.0-106.153.orig/security/Makefile
661		-+++ linux-3.13.0-106.153/security/Makefile
	660	+--- linux-3.13.0-107.154.orig/security/Makefile
	661	++++ linux-3.13.0-107.154/security/Makefile
662	662	@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
663	663	# Object integrity file lists
664	664	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -666,8 +666,8 @@
666	666	+
667	667	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
668	668	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
669		---- linux-3.13.0-106.153.orig/security/security.c
670		-+++ linux-3.13.0-106.153/security/security.c
	669	+--- linux-3.13.0-107.154.orig/security/security.c
	670	++++ linux-3.13.0-107.154/security/security.c
671	671	@@ -203,7 +203,10 @@ int security_syslog(int type)
672	672
673	673	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.18.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-3.18.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 3.18.46.
	1	+This is TOMOYO Linux patch for kernel 3.18.47.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.46.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.47.tar.xz
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -29,8 +29,8 @@
29	29	security/security.c \| 111 +++++++++++++++++++++++++++++++++++++++++-----
30	30	25 files changed, 252 insertions(+), 37 deletions(-)
31	31
32		---- linux-3.18.46.orig/fs/exec.c
33		-+++ linux-3.18.46/fs/exec.c
	32	+--- linux-3.18.47.orig/fs/exec.c
	33	++++ linux-3.18.47/fs/exec.c
34	34	@@ -1436,7 +1436,7 @@ static int exec_binprm(struct linux_binp
35	35	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
36	36	rcu_read_unlock();

		@@ -40,8 +40,8 @@
40	40	if (ret >= 0) {
41	41	audit_bprm(bprm);
42	42	trace_sched_process_exec(current, old_pid, bprm);
43		---- linux-3.18.46.orig/fs/open.c
44		-+++ linux-3.18.46/fs/open.c
	43	+--- linux-3.18.47.orig/fs/open.c
	44	++++ linux-3.18.47/fs/open.c
45	45	@@ -1091,6 +1091,8 @@ EXPORT_SYMBOL(sys_close);
46	46	*/
47	47	SYSCALL_DEFINE0(vhangup)

		@@ -51,8 +51,8 @@
51	51	if (capable(CAP_SYS_TTY_CONFIG)) {
52	52	tty_vhangup_self();
53	53	return 0;
54		---- linux-3.18.46.orig/fs/proc/version.c
55		-+++ linux-3.18.46/fs/proc/version.c
	54	+--- linux-3.18.47.orig/fs/proc/version.c
	55	++++ linux-3.18.47/fs/proc/version.c
56	56	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
57	57	return 0;
58	58	}

		@@ -60,12 +60,12 @@
60	60	+
61	61	+static int __init ccs_show_version(void)
62	62	+{
63		-+ printk(KERN_INFO "Hook version: 3.18.46 2016/12/29\n");
	63	++ printk(KERN_INFO "Hook version: 3.18.47 2017/01/22\n");
64	64	+ return 0;
65	65	+}
66	66	+fs_initcall(ccs_show_version);
67		---- linux-3.18.46.orig/include/linux/init_task.h
68		-+++ linux-3.18.46/include/linux/init_task.h
	67	+--- linux-3.18.47.orig/include/linux/init_task.h
	68	++++ linux-3.18.47/include/linux/init_task.h
69	69	@@ -166,6 +166,14 @@ extern struct task_group root_task_group
70	70	# define INIT_RT_MUTEXES(tsk)
71	71	#endif

		@@ -89,8 +89,8 @@
89	89	}
90	90
91	91
92		---- linux-3.18.46.orig/include/linux/sched.h
93		-+++ linux-3.18.46/include/linux/sched.h
	92	+--- linux-3.18.47.orig/include/linux/sched.h
	93	++++ linux-3.18.47/include/linux/sched.h
94	94	@@ -6,6 +6,8 @@
95	95	#include <linux/sched/prio.h>
96	96

		@@ -111,8 +111,8 @@
111	111	};
112	112
113	113	/* Future-safe accessor for struct task_struct's cpus_allowed. */
114		---- linux-3.18.46.orig/include/linux/security.h
115		-+++ linux-3.18.46/include/linux/security.h
	114	+--- linux-3.18.47.orig/include/linux/security.h
	115	++++ linux-3.18.47/include/linux/security.h
116	116	@@ -53,6 +53,7 @@ struct msg_queue;
117	117	struct xattr;
118	118	struct xfrm_sec_ctx;

		@@ -324,8 +324,8 @@
324	324	}
325	325	#endif /* CONFIG_SECURITY_PATH */
326	326
327		---- linux-3.18.46.orig/include/net/ip.h
328		-+++ linux-3.18.46/include/net/ip.h
	327	+--- linux-3.18.47.orig/include/net/ip.h
	328	++++ linux-3.18.47/include/net/ip.h
329	329	@@ -216,6 +216,8 @@ void inet_get_local_port_range(struct ne
330	330	#ifdef CONFIG_SYSCTL
331	331	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -344,8 +344,8 @@
344	344	return 0;
345	345	}
346	346	#endif
347		---- linux-3.18.46.orig/kernel/fork.c
348		-+++ linux-3.18.46/kernel/fork.c
	347	+--- linux-3.18.47.orig/kernel/fork.c
	348	++++ linux-3.18.47/kernel/fork.c
349	349	@@ -246,6 +246,7 @@ void __put_task_struct(struct task_struc
350	350	delayacct_tsk_free(tsk);
351	351	put_signal_struct(tsk->signal);

		@@ -372,8 +372,8 @@
372	372	bad_fork_cleanup_perf:
373	373	perf_event_free_task(p);
374	374	bad_fork_cleanup_policy:
375		---- linux-3.18.46.orig/kernel/kexec.c
376		-+++ linux-3.18.46/kernel/kexec.c
	375	+--- linux-3.18.47.orig/kernel/kexec.c
	376	++++ linux-3.18.47/kernel/kexec.c
377	377	@@ -41,6 +41,7 @@
378	378	#include <asm/uaccess.h>
379	379	#include <asm/io.h>

		@@ -391,8 +391,8 @@
391	391
392	392	/*
393	393	* Verify we have a legal set of flags
394		---- linux-3.18.46.orig/kernel/module.c
395		-+++ linux-3.18.46/kernel/module.c
	394	+--- linux-3.18.47.orig/kernel/module.c
	395	++++ linux-3.18.47/kernel/module.c
396	396	@@ -62,6 +62,7 @@
397	397	#include <linux/bsearch.h>
398	398	#include <uapi/linux/module.h>

		@@ -419,8 +419,8 @@
419	419
420	420	return 0;
421	421	}
422		---- linux-3.18.46.orig/kernel/ptrace.c
423		-+++ linux-3.18.46/kernel/ptrace.c
	422	+--- linux-3.18.47.orig/kernel/ptrace.c
	423	++++ linux-3.18.47/kernel/ptrace.c
424	424	@@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
425	425	{
426	426	struct task_struct *child;

		@@ -445,8 +445,8 @@
445	445
446	446	if (request == PTRACE_TRACEME) {
447	447	ret = ptrace_traceme();
448		---- linux-3.18.46.orig/kernel/reboot.c
449		-+++ linux-3.18.46/kernel/reboot.c
	448	+--- linux-3.18.47.orig/kernel/reboot.c
	449	++++ linux-3.18.47/kernel/reboot.c
450	450	@@ -16,6 +16,7 @@
451	451	#include <linux/syscalls.h>
452	452	#include <linux/syscore_ops.h>

		@@ -464,8 +464,8 @@
464	464
465	465	/*
466	466	* If pid namespaces are enabled and the current task is in a child
467		---- linux-3.18.46.orig/kernel/sched/core.c
468		-+++ linux-3.18.46/kernel/sched/core.c
	467	+--- linux-3.18.47.orig/kernel/sched/core.c
	468	++++ linux-3.18.47/kernel/sched/core.c
469	469	@@ -3217,6 +3217,8 @@ int can_nice(const struct task_struct *p
470	470	SYSCALL_DEFINE1(nice, int, increment)
471	471	{

		@@ -475,8 +475,8 @@
475	475
476	476	/*
477	477	* Setpriority might change our priority at the same moment.
478		---- linux-3.18.46.orig/kernel/signal.c
479		-+++ linux-3.18.46/kernel/signal.c
	478	+--- linux-3.18.47.orig/kernel/signal.c
	479	++++ linux-3.18.47/kernel/signal.c
480	480	@@ -2887,6 +2887,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
481	481	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
482	482	{

		@@ -522,8 +522,8 @@
522	522
523	523	return do_send_specific(tgid, pid, sig, info);
524	524	}
525		---- linux-3.18.46.orig/kernel/sys.c
526		-+++ linux-3.18.46/kernel/sys.c
	525	+--- linux-3.18.47.orig/kernel/sys.c
	526	++++ linux-3.18.47/kernel/sys.c
527	527	@@ -171,6 +171,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
528	528
529	529	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -553,8 +553,8 @@
553	553
554	554	down_write(&uts_sem);
555	555	errno = -EFAULT;
556		---- linux-3.18.46.orig/kernel/time/ntp.c
557		-+++ linux-3.18.46/kernel/time/ntp.c
	556	+--- linux-3.18.47.orig/kernel/time/ntp.c
	557	++++ linux-3.18.47/kernel/time/ntp.c
558	558	@@ -16,6 +16,7 @@
559	559	#include <linux/mm.h>
560	560	#include <linux/module.h>

		@@ -588,8 +588,8 @@
588	588
589	589	/*
590	590	* Check for potential multiplication overflows that can
591		---- linux-3.18.46.orig/net/ipv4/raw.c
592		-+++ linux-3.18.46/net/ipv4/raw.c
	591	+--- linux-3.18.47.orig/net/ipv4/raw.c
	592	++++ linux-3.18.47/net/ipv4/raw.c
593	593	@@ -711,6 +711,10 @@ static int raw_recvmsg(struct kiocb *ioc
594	594	skb = skb_recv_datagram(sk, flags, noblock, &err);
595	595	if (!skb)

		@@ -601,8 +601,8 @@
601	601
602	602	copied = skb->len;
603	603	if (len < copied) {
604		---- linux-3.18.46.orig/net/ipv4/udp.c
605		-+++ linux-3.18.46/net/ipv4/udp.c
	604	+--- linux-3.18.47.orig/net/ipv4/udp.c
	605	++++ linux-3.18.47/net/ipv4/udp.c
606	606	@@ -1263,6 +1263,10 @@ try_again:
607	607	&peeked, &off, &err);
608	608	if (!skb)

		@@ -614,8 +614,8 @@
614	614
615	615	ulen = skb->len - sizeof(struct udphdr);
616	616	copied = len;
617		---- linux-3.18.46.orig/net/ipv6/raw.c
618		-+++ linux-3.18.46/net/ipv6/raw.c
	617	+--- linux-3.18.47.orig/net/ipv6/raw.c
	618	++++ linux-3.18.47/net/ipv6/raw.c
619	619	@@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct kiocb *i
620	620	skb = skb_recv_datagram(sk, flags, noblock, &err);
621	621	if (!skb)

		@@ -627,8 +627,8 @@
627	627
628	628	copied = skb->len;
629	629	if (copied > len) {
630		---- linux-3.18.46.orig/net/ipv6/udp.c
631		-+++ linux-3.18.46/net/ipv6/udp.c
	630	+--- linux-3.18.47.orig/net/ipv6/udp.c
	631	++++ linux-3.18.47/net/ipv6/udp.c
632	632	@@ -403,6 +403,10 @@ try_again:
633	633	&peeked, &off, &err);
634	634	if (!skb)

		@@ -640,8 +640,8 @@
640	640
641	641	ulen = skb->len - sizeof(struct udphdr);
642	642	copied = len;
643		---- linux-3.18.46.orig/net/socket.c
644		-+++ linux-3.18.46/net/socket.c
	643	+--- linux-3.18.47.orig/net/socket.c
	644	++++ linux-3.18.47/net/socket.c
645	645	@@ -1637,6 +1637,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
646	646	if (err < 0)
647	647	goto out_fd;

		@@ -653,8 +653,8 @@
653	653	if (upeer_sockaddr) {
654	654	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
655	655	&len, 2) < 0) {
656		---- linux-3.18.46.orig/net/unix/af_unix.c
657		-+++ linux-3.18.46/net/unix/af_unix.c
	656	+--- linux-3.18.47.orig/net/unix/af_unix.c
	657	++++ linux-3.18.47/net/unix/af_unix.c
658	658	@@ -1990,6 +1990,10 @@ static int unix_dgram_recvmsg(struct kio
659	659	wake_up_interruptible_sync_poll(&u->peer_wait,
660	660	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -666,8 +666,8 @@
666	666	if (msg->msg_name)
667	667	unix_copy_addr(msg, skb->sk);
668	668
669		---- linux-3.18.46.orig/security/Kconfig
670		-+++ linux-3.18.46/security/Kconfig
	669	+--- linux-3.18.47.orig/security/Kconfig
	670	++++ linux-3.18.47/security/Kconfig
671	671	@@ -167,5 +167,7 @@ config DEFAULT_SECURITY
672	672	default "yama" if DEFAULT_SECURITY_YAMA
673	673	default "" if DEFAULT_SECURITY_DAC

		@@ -676,8 +676,8 @@
676	676	+
677	677	endmenu
678	678
679		---- linux-3.18.46.orig/security/Makefile
680		-+++ linux-3.18.46/security/Makefile
	679	+--- linux-3.18.47.orig/security/Makefile
	680	++++ linux-3.18.47/security/Makefile
681	681	@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
682	682	# Object integrity file lists
683	683	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -685,8 +685,8 @@
685	685	+
686	686	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
687	687	+obj-$(CONFIG_CCSECURITY) += ccsecurity/
688		---- linux-3.18.46.orig/security/security.c
689		-+++ linux-3.18.46/security/security.c
	688	+--- linux-3.18.47.orig/security/security.c
	689	++++ linux-3.18.47/security/security.c
690	690	@@ -203,7 +203,10 @@ int security_syslog(int type)
691	691
692	692	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.2-debian-wheezy.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-3.2-debian-wheezy.diff (revision 227)

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 134 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 247 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.2.82-1.orig/fs/exec.c
32		-+++ linux-3.2.82-1/fs/exec.c
	31	+--- linux-3.2.84-1.orig/fs/exec.c
	32	++++ linux-3.2.84-1/fs/exec.c
33	33	@@ -1571,7 +1571,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.2.82-1.orig/fs/open.c
43		-+++ linux-3.2.82-1/fs/open.c
	42	+--- linux-3.2.84-1.orig/fs/open.c
	43	++++ linux-3.2.84-1/fs/open.c
44	44	@@ -1106,6 +1106,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.2.82-1.orig/fs/proc/version.c
54		-+++ linux-3.2.82-1/fs/proc/version.c
	53	+--- linux-3.2.84-1.orig/fs/proc/version.c
	54	++++ linux-3.2.84-1/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.2.82-1 2016/10/23\n");
	62	++ printk(KERN_INFO "Hook version: 3.2.84-1 2017/01/16\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.2.82-1.orig/include/linux/init_task.h
67		-+++ linux-3.2.82-1/include/linux/init_task.h
	66	+--- linux-3.2.84-1.orig/include/linux/init_task.h
	67	++++ linux-3.2.84-1/include/linux/init_task.h
68	68	@@ -144,6 +144,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.2.82-1.orig/include/linux/sched.h
92		-+++ linux-3.2.82-1/include/linux/sched.h
	91	+--- linux-3.2.84-1.orig/include/linux/sched.h
	92	++++ linux-3.2.84-1/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.2.82-1.orig/include/linux/security.h
114		-+++ linux-3.2.82-1/include/linux/security.h
	113	+--- linux-3.2.84-1.orig/include/linux/security.h
	114	++++ linux-3.2.84-1/include/linux/security.h
115	115	@@ -38,6 +38,7 @@
116	116	#include <linux/slab.h>
117	117	#include <linux/xattr.h>

		@@ -310,8 +310,8 @@
310	310	}
311	311	#endif /* CONFIG_SECURITY_PATH */
312	312
313		---- linux-3.2.82-1.orig/include/net/ip.h
314		-+++ linux-3.2.82-1/include/net/ip.h
	313	+--- linux-3.2.84-1.orig/include/net/ip.h
	314	++++ linux-3.2.84-1/include/net/ip.h
315	315	@@ -218,6 +218,8 @@ extern void inet_get_local_port_range(in
316	316	extern unsigned long *sysctl_local_reserved_ports;
317	317	static inline int inet_is_reserved_local_port(int port)

		@@ -321,8 +321,8 @@
321	321	return test_bit(port, sysctl_local_reserved_ports);
322	322	}
323	323
324		---- linux-3.2.82-1.orig/kernel/fork.c
325		-+++ linux-3.2.82-1/kernel/fork.c
	324	+--- linux-3.2.84-1.orig/kernel/fork.c
	325	++++ linux-3.2.84-1/kernel/fork.c
326	326	@@ -195,6 +195,7 @@ void __put_task_struct(struct task_struc
327	327	delayacct_tsk_free(tsk);
328	328	put_signal_struct(tsk->signal);

		@@ -349,8 +349,8 @@
349	349	bad_fork_cleanup_perf:
350	350	perf_event_free_task(p);
351	351	bad_fork_cleanup_policy:
352		---- linux-3.2.82-1.orig/kernel/kexec.c
353		-+++ linux-3.2.82-1/kernel/kexec.c
	352	+--- linux-3.2.84-1.orig/kernel/kexec.c
	353	++++ linux-3.2.84-1/kernel/kexec.c
354	354	@@ -39,6 +39,7 @@
355	355	#include <asm/io.h>
356	356	#include <asm/system.h>

		@@ -368,8 +368,8 @@
368	368
369	369	/*
370	370	* Verify we have a legal set of flags
371		---- linux-3.2.82-1.orig/kernel/module.c
372		-+++ linux-3.2.82-1/kernel/module.c
	371	+--- linux-3.2.84-1.orig/kernel/module.c
	372	++++ linux-3.2.84-1/kernel/module.c
373	373	@@ -58,6 +58,7 @@
374	374	#include <linux/jump_label.h>
375	375	#include <linux/pfn.h>

		@@ -396,8 +396,8 @@
396	396
397	397	/* Do all the hard work */
398	398	mod = load_module(umod, len, uargs);
399		---- linux-3.2.82-1.orig/kernel/ptrace.c
400		-+++ linux-3.2.82-1/kernel/ptrace.c
	399	+--- linux-3.2.84-1.orig/kernel/ptrace.c
	400	++++ linux-3.2.84-1/kernel/ptrace.c
401	401	@@ -928,6 +928,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402	402	{
403	403	struct task_struct *child;

		@@ -422,9 +422,9 @@
422	422
423	423	if (request == PTRACE_TRACEME) {
424	424	ret = ptrace_traceme();
425		---- linux-3.2.82-1.orig/kernel/sched.c
426		-+++ linux-3.2.82-1/kernel/sched.c
427		-@@ -5333,6 +5333,8 @@ int can_nice(const struct task_struct *p
	425	+--- linux-3.2.84-1.orig/kernel/sched.c
	426	++++ linux-3.2.84-1/kernel/sched.c
	427	+@@ -5342,6 +5342,8 @@ int can_nice(const struct task_struct *p
428	428	SYSCALL_DEFINE1(nice, int, increment)
429	429	{
430	430	long nice, retval;

		@@ -433,8 +433,8 @@
433	433
434	434	/*
435	435	* Setpriority might change our priority at the same moment.
436		---- linux-3.2.82-1.orig/kernel/signal.c
437		-+++ linux-3.2.82-1/kernel/signal.c
	436	+--- linux-3.2.84-1.orig/kernel/signal.c
	437	++++ linux-3.2.84-1/kernel/signal.c
438	438	@@ -2748,6 +2748,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
439	439	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
440	440	{

		@@ -480,8 +480,8 @@
480	480
481	481	return do_send_specific(tgid, pid, sig, info);
482	482	}
483		---- linux-3.2.82-1.orig/kernel/sys.c
484		-+++ linux-3.2.82-1/kernel/sys.c
	483	+--- linux-3.2.84-1.orig/kernel/sys.c
	484	++++ linux-3.2.84-1/kernel/sys.c
485	485	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
486	486
487	487	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -520,8 +520,8 @@
520	520
521	521	down_write(&uts_sem);
522	522	errno = -EFAULT;
523		---- linux-3.2.82-1.orig/kernel/time/ntp.c
524		-+++ linux-3.2.82-1/kernel/time/ntp.c
	523	+--- linux-3.2.84-1.orig/kernel/time/ntp.c
	524	++++ linux-3.2.84-1/kernel/time/ntp.c
525	525	@@ -15,6 +15,7 @@
526	526	#include <linux/time.h>
527	527	#include <linux/mm.h>

		@@ -555,8 +555,8 @@
555	555	if (!(txc->modes & ADJ_NANO))
556	556	delta.tv_nsec *= 1000;
557	557	result = timekeeping_inject_offset(&delta);
558		---- linux-3.2.82-1.orig/net/ipv4/raw.c
559		-+++ linux-3.2.82-1/net/ipv4/raw.c
	558	+--- linux-3.2.84-1.orig/net/ipv4/raw.c
	559	++++ linux-3.2.84-1/net/ipv4/raw.c
560	560	@@ -699,6 +699,10 @@ static int raw_recvmsg(struct kiocb *ioc
561	561	skb = skb_recv_datagram(sk, flags, noblock, &err);
562	562	if (!skb)

		@@ -568,8 +568,8 @@
568	568
569	569	copied = skb->len;
570	570	if (len < copied) {
571		---- linux-3.2.82-1.orig/net/ipv4/udp.c
572		-+++ linux-3.2.82-1/net/ipv4/udp.c
	571	+--- linux-3.2.84-1.orig/net/ipv4/udp.c
	572	++++ linux-3.2.84-1/net/ipv4/udp.c
573	573	@@ -1185,6 +1185,10 @@ try_again:
574	574	&peeked, &err);
575	575	if (!skb)

		@@ -581,8 +581,8 @@
581	581
582	582	ulen = skb->len - sizeof(struct udphdr);
583	583	copied = len;
584		---- linux-3.2.82-1.orig/net/ipv6/raw.c
585		-+++ linux-3.2.82-1/net/ipv6/raw.c
	584	+--- linux-3.2.84-1.orig/net/ipv6/raw.c
	585	++++ linux-3.2.84-1/net/ipv6/raw.c
586	586	@@ -465,6 +465,10 @@ static int rawv6_recvmsg(struct kiocb *i
587	587	skb = skb_recv_datagram(sk, flags, noblock, &err);
588	588	if (!skb)

		@@ -594,8 +594,8 @@
594	594
595	595	copied = skb->len;
596	596	if (copied > len) {
597		---- linux-3.2.82-1.orig/net/ipv6/udp.c
598		-+++ linux-3.2.82-1/net/ipv6/udp.c
	597	+--- linux-3.2.84-1.orig/net/ipv6/udp.c
	598	++++ linux-3.2.84-1/net/ipv6/udp.c
599	599	@@ -359,6 +359,10 @@ try_again:
600	600	&peeked, &err);
601	601	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len - sizeof(struct udphdr);
609	609	copied = len;
610		---- linux-3.2.82-1.orig/net/socket.c
611		-+++ linux-3.2.82-1/net/socket.c
	610	+--- linux-3.2.84-1.orig/net/socket.c
	611	++++ linux-3.2.84-1/net/socket.c
612	612	@@ -1531,6 +1531,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
613	613	if (err < 0)
614	614	goto out_fd;

		@@ -620,8 +620,8 @@
620	620	if (upeer_sockaddr) {
621	621	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
622	622	&len, 2) < 0) {
623		---- linux-3.2.82-1.orig/net/unix/af_unix.c
624		-+++ linux-3.2.82-1/net/unix/af_unix.c
	623	+--- linux-3.2.84-1.orig/net/unix/af_unix.c
	624	++++ linux-3.2.84-1/net/unix/af_unix.c
625	625	@@ -1957,6 +1957,10 @@ static int unix_dgram_recvmsg(struct kio
626	626	wake_up_interruptible_sync_poll(&u->peer_wait,
627	627	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -633,9 +633,9 @@
633	633	if (msg->msg_name)
634	634	unix_copy_addr(msg, skb->sk);
635	635
636		---- linux-3.2.82-1.orig/security/Kconfig
637		-+++ linux-3.2.82-1/security/Kconfig
638		-@@ -227,5 +227,7 @@ config DEFAULT_SECURITY
	636	+--- linux-3.2.84-1.orig/security/Kconfig
	637	++++ linux-3.2.84-1/security/Kconfig
	638	+@@ -236,5 +236,7 @@ config DEFAULT_SECURITY
639	639	default "apparmor" if DEFAULT_SECURITY_APPARMOR
640	640	default "" if DEFAULT_SECURITY_DAC
641	641

		@@ -643,8 +643,8 @@
643	643	+
644	644	endmenu
645	645
646		---- linux-3.2.82-1.orig/security/Makefile
647		-+++ linux-3.2.82-1/security/Makefile
	646	+--- linux-3.2.84-1.orig/security/Makefile
	647	++++ linux-3.2.84-1/security/Makefile
648	648	@@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
649	649	# Object integrity file lists
650	650	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -652,8 +652,8 @@
652	652	+
653	653	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
654	654	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
655		---- linux-3.2.82-1.orig/security/security.c
656		-+++ linux-3.2.82-1/security/security.c
	655	+--- linux-3.2.84-1.orig/security/security.c
	656	++++ linux-3.2.84-1/security/security.c
657	657	@@ -203,7 +203,10 @@ int security_syslog(int type)
658	658
659	659	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-3.2-ubuntu-12.04.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-3.2-ubuntu-12.04.diff (revision 227)

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 132 +++++++++++++++++++++++++++++++++++++---------
29	29	24 files changed, 245 insertions(+), 49 deletions(-)
30	30
31		---- linux-3.2.0-119.162.orig/fs/exec.c
32		-+++ linux-3.2.0-119.162/fs/exec.c
	31	+--- linux-3.2.0-120.163.orig/fs/exec.c
	32	++++ linux-3.2.0-120.163/fs/exec.c
33	33	@@ -1582,7 +1582,7 @@ static int do_execve_common(const char *
34	34	if (retval < 0)
35	35	goto out;

		@@ -39,8 +39,8 @@
39	39	if (retval < 0)
40	40	goto out;
41	41
42		---- linux-3.2.0-119.162.orig/fs/open.c
43		-+++ linux-3.2.0-119.162/fs/open.c
	42	+--- linux-3.2.0-120.163.orig/fs/open.c
	43	++++ linux-3.2.0-120.163/fs/open.c
44	44	@@ -1129,6 +1129,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-3.2.0-119.162.orig/fs/proc/version.c
54		-+++ linux-3.2.0-119.162/fs/proc/version.c
	53	+--- linux-3.2.0-120.163.orig/fs/proc/version.c
	54	++++ linux-3.2.0-120.163/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 3.2.0-119.162 2016/12/23\n");
	62	++ printk(KERN_INFO "Hook version: 3.2.0-120.163 2017/01/16\n");
63	63	+ return 0;
64	64	+}
65	65	+module_init(ccs_show_version);
66		---- linux-3.2.0-119.162.orig/include/linux/init_task.h
67		-+++ linux-3.2.0-119.162/include/linux/init_task.h
	66	+--- linux-3.2.0-120.163.orig/include/linux/init_task.h
	67	++++ linux-3.2.0-120.163/include/linux/init_task.h
68	68	@@ -144,6 +144,14 @@ extern struct task_group root_task_group
69	69
70	70	#define INIT_TASK_COMM "swapper"

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-3.2.0-119.162.orig/include/linux/sched.h
92		-+++ linux-3.2.0-119.162/include/linux/sched.h
	91	+--- linux-3.2.0-120.163.orig/include/linux/sched.h
	92	++++ linux-3.2.0-120.163/include/linux/sched.h
93	93	@@ -44,6 +44,8 @@
94	94
95	95	#ifdef __KERNEL__

		@@ -110,8 +110,8 @@
110	110	};
111	111
112	112	/* Future-safe accessor for struct task_struct's cpus_allowed. */
113		---- linux-3.2.0-119.162.orig/include/linux/security.h
114		-+++ linux-3.2.0-119.162/include/linux/security.h
	113	+--- linux-3.2.0-120.163.orig/include/linux/security.h
	114	++++ linux-3.2.0-120.163/include/linux/security.h
115	115	@@ -38,6 +38,7 @@
116	116	#include <linux/slab.h>
117	117	#include <linux/xattr.h>

		@@ -308,8 +308,8 @@
308	308	}
309	309	#endif /* CONFIG_SECURITY_PATH */
310	310
311		---- linux-3.2.0-119.162.orig/include/net/ip.h
312		-+++ linux-3.2.0-119.162/include/net/ip.h
	311	+--- linux-3.2.0-120.163.orig/include/net/ip.h
	312	++++ linux-3.2.0-120.163/include/net/ip.h
313	313	@@ -218,6 +218,8 @@ extern void inet_get_local_port_range(in
314	314	extern unsigned long *sysctl_local_reserved_ports;
315	315	static inline int inet_is_reserved_local_port(int port)

		@@ -319,8 +319,8 @@
319	319	return test_bit(port, sysctl_local_reserved_ports);
320	320	}
321	321
322		---- linux-3.2.0-119.162.orig/kernel/fork.c
323		-+++ linux-3.2.0-119.162/kernel/fork.c
	322	+--- linux-3.2.0-120.163.orig/kernel/fork.c
	323	++++ linux-3.2.0-120.163/kernel/fork.c
324	324	@@ -198,6 +198,7 @@ void __put_task_struct(struct task_struc
325	325	delayacct_tsk_free(tsk);
326	326	put_signal_struct(tsk->signal);

		@@ -347,8 +347,8 @@
347	347	bad_fork_cleanup_perf:
348	348	perf_event_free_task(p);
349	349	bad_fork_cleanup_policy:
350		---- linux-3.2.0-119.162.orig/kernel/kexec.c
351		-+++ linux-3.2.0-119.162/kernel/kexec.c
	350	+--- linux-3.2.0-120.163.orig/kernel/kexec.c
	351	++++ linux-3.2.0-120.163/kernel/kexec.c
352	352	@@ -39,6 +39,7 @@
353	353	#include <asm/io.h>
354	354	#include <asm/system.h>

		@@ -366,8 +366,8 @@
366	366
367	367	/* Processes in containers must not be allowed to load a new
368	368	* kernel, even if they have CAP_SYS_BOOT */
369		---- linux-3.2.0-119.162.orig/kernel/module.c
370		-+++ linux-3.2.0-119.162/kernel/module.c
	369	+--- linux-3.2.0-120.163.orig/kernel/module.c
	370	++++ linux-3.2.0-120.163/kernel/module.c
371	371	@@ -58,6 +58,7 @@
372	372	#include <linux/jump_label.h>
373	373	#include <linux/pfn.h>

		@@ -394,8 +394,8 @@
394	394
395	395	/* Do all the hard work */
396	396	mod = load_module(umod, len, uargs);
397		---- linux-3.2.0-119.162.orig/kernel/ptrace.c
398		-+++ linux-3.2.0-119.162/kernel/ptrace.c
	397	+--- linux-3.2.0-120.163.orig/kernel/ptrace.c
	398	++++ linux-3.2.0-120.163/kernel/ptrace.c
399	399	@@ -931,6 +931,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
400	400	{
401	401	struct task_struct *child;

		@@ -420,8 +420,8 @@
420	420
421	421	if (request == PTRACE_TRACEME) {
422	422	ret = ptrace_traceme();
423		---- linux-3.2.0-119.162.orig/kernel/sched.c
424		-+++ linux-3.2.0-119.162/kernel/sched.c
	423	+--- linux-3.2.0-120.163.orig/kernel/sched.c
	424	++++ linux-3.2.0-120.163/kernel/sched.c
425	425	@@ -5317,6 +5317,8 @@ int can_nice(const struct task_struct *p
426	426	SYSCALL_DEFINE1(nice, int, increment)
427	427	{

		@@ -431,8 +431,8 @@
431	431
432	432	/*
433	433	* Setpriority might change our priority at the same moment.
434		---- linux-3.2.0-119.162.orig/kernel/signal.c
435		-+++ linux-3.2.0-119.162/kernel/signal.c
	434	+--- linux-3.2.0-120.163.orig/kernel/signal.c
	435	++++ linux-3.2.0-120.163/kernel/signal.c
436	436	@@ -2755,6 +2755,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
437	437	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
438	438	{

		@@ -478,8 +478,8 @@
478	478
479	479	return do_send_specific(tgid, pid, sig, info);
480	480	}
481		---- linux-3.2.0-119.162.orig/kernel/sys.c
482		-+++ linux-3.2.0-119.162/kernel/sys.c
	481	+--- linux-3.2.0-120.163.orig/kernel/sys.c
	482	++++ linux-3.2.0-120.163/kernel/sys.c
483	483	@@ -180,6 +180,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
484	484
485	485	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -518,8 +518,8 @@
518	518
519	519	down_write(&uts_sem);
520	520	errno = -EFAULT;
521		---- linux-3.2.0-119.162.orig/kernel/time/ntp.c
522		-+++ linux-3.2.0-119.162/kernel/time/ntp.c
	521	+--- linux-3.2.0-120.163.orig/kernel/time/ntp.c
	522	++++ linux-3.2.0-120.163/kernel/time/ntp.c
523	523	@@ -15,6 +15,7 @@
524	524	#include <linux/time.h>
525	525	#include <linux/mm.h>

		@@ -553,8 +553,8 @@
553	553	if (!(txc->modes & ADJ_NANO))
554	554	delta.tv_nsec *= 1000;
555	555	result = timekeeping_inject_offset(&delta);
556		---- linux-3.2.0-119.162.orig/net/ipv4/raw.c
557		-+++ linux-3.2.0-119.162/net/ipv4/raw.c
	556	+--- linux-3.2.0-120.163.orig/net/ipv4/raw.c
	557	++++ linux-3.2.0-120.163/net/ipv4/raw.c
558	558	@@ -697,6 +697,10 @@ static int raw_recvmsg(struct kiocb *ioc
559	559	skb = skb_recv_datagram(sk, flags, noblock, &err);
560	560	if (!skb)

		@@ -566,8 +566,8 @@
566	566
567	567	copied = skb->len;
568	568	if (len < copied) {
569		---- linux-3.2.0-119.162.orig/net/ipv4/udp.c
570		-+++ linux-3.2.0-119.162/net/ipv4/udp.c
	569	+--- linux-3.2.0-120.163.orig/net/ipv4/udp.c
	570	++++ linux-3.2.0-120.163/net/ipv4/udp.c
571	571	@@ -1183,6 +1183,10 @@ try_again:
572	572	&peeked, &err);
573	573	if (!skb)

		@@ -579,8 +579,8 @@
579	579
580	580	ulen = skb->len - sizeof(struct udphdr);
581	581	copied = len;
582		---- linux-3.2.0-119.162.orig/net/ipv6/raw.c
583		-+++ linux-3.2.0-119.162/net/ipv6/raw.c
	582	+--- linux-3.2.0-120.163.orig/net/ipv6/raw.c
	583	++++ linux-3.2.0-120.163/net/ipv6/raw.c
584	584	@@ -465,6 +465,10 @@ static int rawv6_recvmsg(struct kiocb *i
585	585	skb = skb_recv_datagram(sk, flags, noblock, &err);
586	586	if (!skb)

		@@ -592,8 +592,8 @@
592	592
593	593	copied = skb->len;
594	594	if (copied > len) {
595		---- linux-3.2.0-119.162.orig/net/ipv6/udp.c
596		-+++ linux-3.2.0-119.162/net/ipv6/udp.c
	595	+--- linux-3.2.0-120.163.orig/net/ipv6/udp.c
	596	++++ linux-3.2.0-120.163/net/ipv6/udp.c
597	597	@@ -359,6 +359,10 @@ try_again:
598	598	&peeked, &err);
599	599	if (!skb)

		@@ -605,8 +605,8 @@
605	605
606	606	ulen = skb->len - sizeof(struct udphdr);
607	607	copied = len;
608		---- linux-3.2.0-119.162.orig/net/socket.c
609		-+++ linux-3.2.0-119.162/net/socket.c
	608	+--- linux-3.2.0-120.163.orig/net/socket.c
	609	++++ linux-3.2.0-120.163/net/socket.c
610	610	@@ -1531,6 +1531,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
611	611	if (err < 0)
612	612	goto out_fd;

		@@ -618,8 +618,8 @@
618	618	if (upeer_sockaddr) {
619	619	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
620	620	&len, 2) < 0) {
621		---- linux-3.2.0-119.162.orig/net/unix/af_unix.c
622		-+++ linux-3.2.0-119.162/net/unix/af_unix.c
	621	+--- linux-3.2.0-120.163.orig/net/unix/af_unix.c
	622	++++ linux-3.2.0-120.163/net/unix/af_unix.c
623	623	@@ -1957,6 +1957,10 @@ static int unix_dgram_recvmsg(struct kio
624	624	wake_up_interruptible_sync_poll(&u->peer_wait,
625	625	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -631,8 +631,8 @@
631	631	if (msg->msg_name)
632	632	unix_copy_addr(msg, skb->sk);
633	633
634		---- linux-3.2.0-119.162.orig/security/Kconfig
635		-+++ linux-3.2.0-119.162/security/Kconfig
	634	+--- linux-3.2.0-120.163.orig/security/Kconfig
	635	++++ linux-3.2.0-120.163/security/Kconfig
636	636	@@ -233,5 +233,7 @@ config DEFAULT_SECURITY
637	637	default "yama" if DEFAULT_SECURITY_YAMA
638	638	default "" if DEFAULT_SECURITY_DAC

		@@ -641,8 +641,8 @@
641	641	+
642	642	endmenu
643	643
644		---- linux-3.2.0-119.162.orig/security/Makefile
645		-+++ linux-3.2.0-119.162/security/Makefile
	644	+--- linux-3.2.0-120.163.orig/security/Makefile
	645	++++ linux-3.2.0-120.163/security/Makefile
646	646	@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
647	647	# Object integrity file lists
648	648	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -650,8 +650,8 @@
650	650	+
651	651	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
652	652	+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
653		---- linux-3.2.0-119.162.orig/security/security.c
654		-+++ linux-3.2.0-119.162/security/security.c
	653	+--- linux-3.2.0-120.163.orig/security/security.c
	654	++++ linux-3.2.0-120.163/security/security.c
655	655	@@ -206,7 +206,10 @@ int security_syslog(int type)
656	656
657	657	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-4.1.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-4.1.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 4.1.37.
	1	+This is TOMOYO Linux patch for kernel 4.1.38.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.1.37.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.1.38.tar.xz
4	4	---
5	5	fs/exec.c \| 2
6	6	fs/open.c \| 2

		@@ -29,8 +29,8 @@
29	29	security/security.c \| 110 ++++++++++++++++++++++++++++++++++++++++------
30	30	25 files changed, 248 insertions(+), 37 deletions(-)
31	31
32		---- linux-4.1.37.orig/fs/exec.c
33		-+++ linux-4.1.37/fs/exec.c
	32	+--- linux-4.1.38.orig/fs/exec.c
	33	++++ linux-4.1.38/fs/exec.c
34	34	@@ -1461,7 +1461,7 @@ static int exec_binprm(struct linux_binp
35	35	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
36	36	rcu_read_unlock();

		@@ -40,8 +40,8 @@
40	40	if (ret >= 0) {
41	41	audit_bprm(bprm);
42	42	trace_sched_process_exec(current, old_pid, bprm);
43		---- linux-4.1.37.orig/fs/open.c
44		-+++ linux-4.1.37/fs/open.c
	43	+--- linux-4.1.38.orig/fs/open.c
	44	++++ linux-4.1.38/fs/open.c
45	45	@@ -1107,6 +1107,8 @@ EXPORT_SYMBOL(sys_close);
46	46	*/
47	47	SYSCALL_DEFINE0(vhangup)

		@@ -51,8 +51,8 @@
51	51	if (capable(CAP_SYS_TTY_CONFIG)) {
52	52	tty_vhangup_self();
53	53	return 0;
54		---- linux-4.1.37.orig/fs/proc/version.c
55		-+++ linux-4.1.37/fs/proc/version.c
	54	+--- linux-4.1.38.orig/fs/proc/version.c
	55	++++ linux-4.1.38/fs/proc/version.c
56	56	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
57	57	return 0;
58	58	}

		@@ -60,12 +60,12 @@
60	60	+
61	61	+static int __init ccs_show_version(void)
62	62	+{
63		-+ printk(KERN_INFO "Hook version: 4.1.37 2016/12/29\n");
	63	++ printk(KERN_INFO "Hook version: 4.1.38 2017/01/22\n");
64	64	+ return 0;
65	65	+}
66	66	+fs_initcall(ccs_show_version);
67		---- linux-4.1.37.orig/include/linux/init_task.h
68		-+++ linux-4.1.37/include/linux/init_task.h
	67	+--- linux-4.1.38.orig/include/linux/init_task.h
	68	++++ linux-4.1.38/include/linux/init_task.h
69	69	@@ -182,6 +182,14 @@ extern struct task_group root_task_group
70	70	# define INIT_KASAN(tsk)
71	71	#endif

		@@ -89,8 +89,8 @@
89	89	}
90	90
91	91
92		---- linux-4.1.37.orig/include/linux/sched.h
93		-+++ linux-4.1.37/include/linux/sched.h
	92	+--- linux-4.1.38.orig/include/linux/sched.h
	93	++++ linux-4.1.38/include/linux/sched.h
94	94	@@ -6,6 +6,8 @@
95	95	#include <linux/sched/prio.h>
96	96

		@@ -111,8 +111,8 @@
111	111	};
112	112
113	113	/* Future-safe accessor for struct task_struct's cpus_allowed. */
114		---- linux-4.1.37.orig/include/linux/security.h
115		-+++ linux-4.1.37/include/linux/security.h
	114	+--- linux-4.1.38.orig/include/linux/security.h
	115	++++ linux-4.1.38/include/linux/security.h
116	116	@@ -53,6 +53,7 @@ struct msg_queue;
117	117	struct xattr;
118	118	struct xfrm_sec_ctx;

		@@ -319,8 +319,8 @@
319	319	}
320	320	#endif /* CONFIG_SECURITY_PATH */
321	321
322		---- linux-4.1.37.orig/include/net/ip.h
323		-+++ linux-4.1.37/include/net/ip.h
	322	+--- linux-4.1.38.orig/include/net/ip.h
	323	++++ linux-4.1.38/include/net/ip.h
324	324	@@ -217,6 +217,8 @@ void inet_get_local_port_range(struct ne
325	325	#ifdef CONFIG_SYSCTL
326	326	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -339,8 +339,8 @@
339	339	return 0;
340	340	}
341	341	#endif
342		---- linux-4.1.37.orig/kernel/fork.c
343		-+++ linux-4.1.37/kernel/fork.c
	342	+--- linux-4.1.38.orig/kernel/fork.c
	343	++++ linux-4.1.38/kernel/fork.c
344	344	@@ -257,6 +257,7 @@ void __put_task_struct(struct task_struc
345	345	delayacct_tsk_free(tsk);
346	346	put_signal_struct(tsk->signal);

		@@ -367,8 +367,8 @@
367	367	bad_fork_cleanup_perf:
368	368	perf_event_free_task(p);
369	369	bad_fork_cleanup_policy:
370		---- linux-4.1.37.orig/kernel/kexec.c
371		-+++ linux-4.1.37/kernel/kexec.c
	370	+--- linux-4.1.38.orig/kernel/kexec.c
	371	++++ linux-4.1.38/kernel/kexec.c
372	372	@@ -41,6 +41,7 @@
373	373	#include <asm/uaccess.h>
374	374	#include <asm/io.h>

		@@ -386,8 +386,8 @@
386	386
387	387	/*
388	388	* Verify we have a legal set of flags
389		---- linux-4.1.37.orig/kernel/module.c
390		-+++ linux-4.1.37/kernel/module.c
	389	+--- linux-4.1.38.orig/kernel/module.c
	390	++++ linux-4.1.38/kernel/module.c
391	391	@@ -61,6 +61,7 @@
392	392	#include <linux/bsearch.h>
393	393	#include <uapi/linux/module.h>

		@@ -414,8 +414,8 @@
414	414
415	415	return 0;
416	416	}
417		---- linux-4.1.37.orig/kernel/ptrace.c
418		-+++ linux-4.1.37/kernel/ptrace.c
	417	+--- linux-4.1.38.orig/kernel/ptrace.c
	418	++++ linux-4.1.38/kernel/ptrace.c
419	419	@@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420	420	{
421	421	struct task_struct *child;

		@@ -440,8 +440,8 @@
440	440
441	441	if (request == PTRACE_TRACEME) {
442	442	ret = ptrace_traceme();
443		---- linux-4.1.37.orig/kernel/reboot.c
444		-+++ linux-4.1.37/kernel/reboot.c
	443	+--- linux-4.1.38.orig/kernel/reboot.c
	444	++++ linux-4.1.38/kernel/reboot.c
445	445	@@ -16,6 +16,7 @@
446	446	#include <linux/syscalls.h>
447	447	#include <linux/syscore_ops.h>

		@@ -459,8 +459,8 @@
459	459
460	460	/*
461	461	* If pid namespaces are enabled and the current task is in a child
462		---- linux-4.1.37.orig/kernel/sched/core.c
463		-+++ linux-4.1.37/kernel/sched/core.c
	462	+--- linux-4.1.38.orig/kernel/sched/core.c
	463	++++ linux-4.1.38/kernel/sched/core.c
464	464	@@ -3174,6 +3174,8 @@ int can_nice(const struct task_struct *p
465	465	SYSCALL_DEFINE1(nice, int, increment)
466	466	{

		@@ -470,8 +470,8 @@
470	470
471	471	/*
472	472	* Setpriority might change our priority at the same moment.
473		---- linux-4.1.37.orig/kernel/signal.c
474		-+++ linux-4.1.37/kernel/signal.c
	473	+--- linux-4.1.38.orig/kernel/signal.c
	474	++++ linux-4.1.38/kernel/signal.c
475	475	@@ -2901,6 +2901,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476	476	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477	477	{

		@@ -517,8 +517,8 @@
517	517
518	518	return do_send_specific(tgid, pid, sig, info);
519	519	}
520		---- linux-4.1.37.orig/kernel/sys.c
521		-+++ linux-4.1.37/kernel/sys.c
	520	+--- linux-4.1.38.orig/kernel/sys.c
	521	++++ linux-4.1.38/kernel/sys.c
522	522	@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523	523
524	524	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -548,8 +548,8 @@
548	548
549	549	down_write(&uts_sem);
550	550	errno = -EFAULT;
551		---- linux-4.1.37.orig/kernel/time/ntp.c
552		-+++ linux-4.1.37/kernel/time/ntp.c
	551	+--- linux-4.1.38.orig/kernel/time/ntp.c
	552	++++ linux-4.1.38/kernel/time/ntp.c
553	553	@@ -16,6 +16,7 @@
554	554	#include <linux/mm.h>
555	555	#include <linux/module.h>

		@@ -583,8 +583,8 @@
583	583
584	584	/*
585	585	* Check for potential multiplication overflows that can
586		---- linux-4.1.37.orig/net/ipv4/raw.c
587		-+++ linux-4.1.37/net/ipv4/raw.c
	586	+--- linux-4.1.38.orig/net/ipv4/raw.c
	587	++++ linux-4.1.38/net/ipv4/raw.c
588	588	@@ -729,6 +729,10 @@ static int raw_recvmsg(struct sock *sk,
589	589	skb = skb_recv_datagram(sk, flags, noblock, &err);
590	590	if (!skb)

		@@ -596,8 +596,8 @@
596	596
597	597	copied = skb->len;
598	598	if (len < copied) {
599		---- linux-4.1.37.orig/net/ipv4/udp.c
600		-+++ linux-4.1.37/net/ipv4/udp.c
	599	+--- linux-4.1.38.orig/net/ipv4/udp.c
	600	++++ linux-4.1.38/net/ipv4/udp.c
601	601	@@ -1274,6 +1274,10 @@ try_again:
602	602	&peeked, &off, &err);
603	603	if (!skb)

		@@ -609,8 +609,8 @@
609	609
610	610	ulen = skb->len - sizeof(struct udphdr);
611	611	copied = len;
612		---- linux-4.1.37.orig/net/ipv6/raw.c
613		-+++ linux-4.1.37/net/ipv6/raw.c
	612	+--- linux-4.1.38.orig/net/ipv6/raw.c
	613	++++ linux-4.1.38/net/ipv6/raw.c
614	614	@@ -477,6 +477,10 @@ static int rawv6_recvmsg(struct sock *sk
615	615	skb = skb_recv_datagram(sk, flags, noblock, &err);
616	616	if (!skb)

		@@ -622,8 +622,8 @@
622	622
623	623	copied = skb->len;
624	624	if (copied > len) {
625		---- linux-4.1.37.orig/net/ipv6/udp.c
626		-+++ linux-4.1.37/net/ipv6/udp.c
	625	+--- linux-4.1.38.orig/net/ipv6/udp.c
	626	++++ linux-4.1.38/net/ipv6/udp.c
627	627	@@ -413,6 +413,10 @@ try_again:
628	628	&peeked, &off, &err);
629	629	if (!skb)

		@@ -635,8 +635,8 @@
635	635
636	636	ulen = skb->len - sizeof(struct udphdr);
637	637	copied = len;
638		---- linux-4.1.37.orig/net/socket.c
639		-+++ linux-4.1.37/net/socket.c
	638	+--- linux-4.1.38.orig/net/socket.c
	639	++++ linux-4.1.38/net/socket.c
640	640	@@ -1485,6 +1485,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
641	641	if (err < 0)
642	642	goto out_fd;

		@@ -648,8 +648,8 @@
648	648	if (upeer_sockaddr) {
649	649	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
650	650	&len, 2) < 0) {
651		---- linux-4.1.37.orig/net/unix/af_unix.c
652		-+++ linux-4.1.37/net/unix/af_unix.c
	651	+--- linux-4.1.38.orig/net/unix/af_unix.c
	652	++++ linux-4.1.38/net/unix/af_unix.c
653	653	@@ -1978,6 +1978,10 @@ static int unix_dgram_recvmsg(struct soc
654	654	wake_up_interruptible_sync_poll(&u->peer_wait,
655	655	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -661,8 +661,8 @@
661	661	if (msg->msg_name)
662	662	unix_copy_addr(msg, skb->sk);
663	663
664		---- linux-4.1.37.orig/security/Kconfig
665		-+++ linux-4.1.37/security/Kconfig
	664	+--- linux-4.1.38.orig/security/Kconfig
	665	++++ linux-4.1.38/security/Kconfig
666	666	@@ -168,5 +168,7 @@ config DEFAULT_SECURITY
667	667	default "yama" if DEFAULT_SECURITY_YAMA
668	668	default "" if DEFAULT_SECURITY_DAC

		@@ -671,8 +671,8 @@
671	671	+
672	672	endmenu
673	673
674		---- linux-4.1.37.orig/security/Makefile
675		-+++ linux-4.1.37/security/Makefile
	674	+--- linux-4.1.38.orig/security/Makefile
	675	++++ linux-4.1.38/security/Makefile
676	676	@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
677	677	# Object integrity file lists
678	678	subdir-$(CONFIG_INTEGRITY) += integrity

		@@ -680,8 +680,8 @@
680	680	+
681	681	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
682	682	+obj-$(CONFIG_CCSECURITY) += ccsecurity/
683		---- linux-4.1.37.orig/security/security.c
684		-+++ linux-4.1.37/security/security.c
	683	+--- linux-4.1.38.orig/security/security.c
	684	++++ linux-4.1.38/security/security.c
685	685	@@ -226,7 +226,10 @@ int security_syslog(int type)
686	686
687	687	int security_settime(const struct timespec ts, const struct timezone tz)

--- trunk/caitsith-patch/patches/ccs-patch-4.10.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-4.10.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 4.10-rc1.
	1	+This is TOMOYO Linux patch for kernel 4.10-rc4.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.10-rc1.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.10-rc4.tar.xz
4	4	---
5	5	fs/exec.c \| 2 -
6	6	fs/open.c \| 2 +

		@@ -28,8 +28,8 @@
28	28	security/Makefile \| 3 ++
29	29	24 files changed, 147 insertions(+), 26 deletions(-)
30	30
31		---- linux-4.10-rc1.orig/fs/exec.c
32		-+++ linux-4.10-rc1/fs/exec.c
	31	+--- linux-4.10-rc4.orig/fs/exec.c
	32	++++ linux-4.10-rc4/fs/exec.c
33	33	@@ -1642,7 +1642,7 @@ static int exec_binprm(struct linux_binp
34	34	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35	35	rcu_read_unlock();

		@@ -39,8 +39,8 @@
39	39	if (ret >= 0) {
40	40	audit_bprm(bprm);
41	41	trace_sched_process_exec(current, old_pid, bprm);
42		---- linux-4.10-rc1.orig/fs/open.c
43		-+++ linux-4.10-rc1/fs/open.c
	42	+--- linux-4.10-rc4.orig/fs/open.c
	43	++++ linux-4.10-rc4/fs/open.c
44	44	@@ -1145,6 +1145,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-4.10-rc1.orig/fs/proc/version.c
54		-+++ linux-4.10-rc1/fs/proc/version.c
	53	+--- linux-4.10-rc4.orig/fs/proc/version.c
	54	++++ linux-4.10-rc4/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 4.10-rc1 2016/12/26\n");
	62	++ printk(KERN_INFO "Hook version: 4.10-rc4 2017/01/16\n");
63	63	+ return 0;
64	64	+}
65	65	+fs_initcall(ccs_show_version);
66		---- linux-4.10-rc1.orig/include/linux/init_task.h
67		-+++ linux-4.10-rc1/include/linux/init_task.h
	66	+--- linux-4.10-rc4.orig/include/linux/init_task.h
	67	++++ linux-4.10-rc4/include/linux/init_task.h
68	68	@@ -193,6 +193,14 @@ extern struct task_group root_task_group
69	69	# define INIT_TASK_TI(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-4.10-rc1.orig/include/linux/sched.h
92		-+++ linux-4.10-rc1/include/linux/sched.h
	91	+--- linux-4.10-rc4.orig/include/linux/sched.h
	92	++++ linux-4.10-rc4/include/linux/sched.h
93	93	@@ -6,6 +6,8 @@
94	94	#include <linux/sched/prio.h>
95	95

		@@ -99,7 +99,7 @@
99	99	struct sched_param {
100	100	int sched_priority;
101	101	};
102		-@@ -1988,6 +1990,10 @@ struct task_struct {
	102	+@@ -1998,6 +2000,10 @@ struct task_struct {
103	103	/* A live task holds one reference. */
104	104	atomic_t stack_refcount;
105	105	#endif

		@@ -110,8 +110,8 @@
110	110	/* CPU-specific state of this task */
111	111	struct thread_struct thread;
112	112	/*
113		---- linux-4.10-rc1.orig/include/linux/security.h
114		-+++ linux-4.10-rc1/include/linux/security.h
	113	+--- linux-4.10-rc4.orig/include/linux/security.h
	114	++++ linux-4.10-rc4/include/linux/security.h
115	115	@@ -55,6 +55,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -318,8 +318,8 @@
318	318	}
319	319	#endif /* CONFIG_SECURITY_PATH */
320	320
321		---- linux-4.10-rc1.orig/include/net/ip.h
322		-+++ linux-4.10-rc1/include/net/ip.h
	321	+--- linux-4.10-rc4.orig/include/net/ip.h
	322	++++ linux-4.10-rc4/include/net/ip.h
323	323	@@ -253,6 +253,8 @@ void inet_get_local_port_range(struct ne
324	324	#ifdef CONFIG_SYSCTL
325	325	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -338,8 +338,8 @@
338	338	return 0;
339	339	}
340	340	#endif
341		---- linux-4.10-rc1.orig/kernel/fork.c
342		-+++ linux-4.10-rc1/kernel/fork.c
	341	+--- linux-4.10-rc4.orig/kernel/fork.c
	342	++++ linux-4.10-rc4/kernel/fork.c
343	343	@@ -392,6 +392,7 @@ void __put_task_struct(struct task_struc
344	344	delayacct_tsk_free(tsk);
345	345	put_signal_struct(tsk->signal);

		@@ -366,8 +366,8 @@
366	366	bad_fork_cleanup_perf:
367	367	perf_event_free_task(p);
368	368	bad_fork_cleanup_policy:
369		---- linux-4.10-rc1.orig/kernel/kexec.c
370		-+++ linux-4.10-rc1/kernel/kexec.c
	369	+--- linux-4.10-rc4.orig/kernel/kexec.c
	370	++++ linux-4.10-rc4/kernel/kexec.c
371	371	@@ -17,7 +17,7 @@
372	372	#include <linux/syscalls.h>
373	373	#include <linux/vmalloc.h>

		@@ -386,8 +386,8 @@
386	386
387	387	/*
388	388	* Verify we have a legal set of flags
389		---- linux-4.10-rc1.orig/kernel/module.c
390		-+++ linux-4.10-rc1/kernel/module.c
	389	+--- linux-4.10-rc4.orig/kernel/module.c
	390	++++ linux-4.10-rc4/kernel/module.c
391	391	@@ -63,6 +63,7 @@
392	392	#include <linux/dynamic_debug.h>
393	393	#include <uapi/linux/module.h>

		@@ -414,8 +414,8 @@
414	414
415	415	return 0;
416	416	}
417		---- linux-4.10-rc1.orig/kernel/ptrace.c
418		-+++ linux-4.10-rc1/kernel/ptrace.c
	417	+--- linux-4.10-rc4.orig/kernel/ptrace.c
	418	++++ linux-4.10-rc4/kernel/ptrace.c
419	419	@@ -1110,6 +1110,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420	420	{
421	421	struct task_struct *child;

		@@ -440,8 +440,8 @@
440	440
441	441	if (request == PTRACE_TRACEME) {
442	442	ret = ptrace_traceme();
443		---- linux-4.10-rc1.orig/kernel/reboot.c
444		-+++ linux-4.10-rc1/kernel/reboot.c
	443	+--- linux-4.10-rc4.orig/kernel/reboot.c
	444	++++ linux-4.10-rc4/kernel/reboot.c
445	445	@@ -16,6 +16,7 @@
446	446	#include <linux/syscalls.h>
447	447	#include <linux/syscore_ops.h>

		@@ -459,8 +459,8 @@
459	459
460	460	/*
461	461	* If pid namespaces are enabled and the current task is in a child
462		---- linux-4.10-rc1.orig/kernel/sched/core.c
463		-+++ linux-4.10-rc1/kernel/sched/core.c
	462	+--- linux-4.10-rc4.orig/kernel/sched/core.c
	463	++++ linux-4.10-rc4/kernel/sched/core.c
464	464	@@ -3812,6 +3812,8 @@ int can_nice(const struct task_struct *p
465	465	SYSCALL_DEFINE1(nice, int, increment)
466	466	{

		@@ -470,8 +470,8 @@
470	470
471	471	/*
472	472	* Setpriority might change our priority at the same moment.
473		---- linux-4.10-rc1.orig/kernel/signal.c
474		-+++ linux-4.10-rc1/kernel/signal.c
	473	+--- linux-4.10-rc4.orig/kernel/signal.c
	474	++++ linux-4.10-rc4/kernel/signal.c
475	475	@@ -2860,6 +2860,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476	476	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477	477	{

		@@ -517,8 +517,8 @@
517	517
518	518	return do_send_specific(tgid, pid, sig, info);
519	519	}
520		---- linux-4.10-rc1.orig/kernel/sys.c
521		-+++ linux-4.10-rc1/kernel/sys.c
	520	+--- linux-4.10-rc4.orig/kernel/sys.c
	521	++++ linux-4.10-rc4/kernel/sys.c
522	522	@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523	523
524	524	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -548,8 +548,8 @@
548	548
549	549	down_write(&uts_sem);
550	550	errno = -EFAULT;
551		---- linux-4.10-rc1.orig/kernel/time/ntp.c
552		-+++ linux-4.10-rc1/kernel/time/ntp.c
	551	+--- linux-4.10-rc4.orig/kernel/time/ntp.c
	552	++++ linux-4.10-rc4/kernel/time/ntp.c
553	553	@@ -17,6 +17,7 @@
554	554	#include <linux/module.h>
555	555	#include <linux/rtc.h>

		@@ -583,8 +583,8 @@
583	583
584	584	if (txc->modes & ADJ_NANO) {
585	585	struct timespec ts;
586		---- linux-4.10-rc1.orig/net/ipv4/raw.c
587		-+++ linux-4.10-rc1/net/ipv4/raw.c
	586	+--- linux-4.10-rc4.orig/net/ipv4/raw.c
	587	++++ linux-4.10-rc4/net/ipv4/raw.c
588	588	@@ -746,6 +746,10 @@ static int raw_recvmsg(struct sock *sk,
589	589	skb = skb_recv_datagram(sk, flags, noblock, &err);
590	590	if (!skb)

		@@ -596,8 +596,8 @@
596	596
597	597	copied = skb->len;
598	598	if (len < copied) {
599		---- linux-4.10-rc1.orig/net/ipv4/udp.c
600		-+++ linux-4.10-rc1/net/ipv4/udp.c
	599	+--- linux-4.10-rc4.orig/net/ipv4/udp.c
	600	++++ linux-4.10-rc4/net/ipv4/udp.c
601	601	@@ -1436,6 +1436,8 @@ try_again:
602	602	skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
603	603	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len;
609	609	copied = len;
610		---- linux-4.10-rc1.orig/net/ipv6/raw.c
611		-+++ linux-4.10-rc1/net/ipv6/raw.c
	610	+--- linux-4.10-rc4.orig/net/ipv6/raw.c
	611	++++ linux-4.10-rc4/net/ipv6/raw.c
612	612	@@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
613	613	skb = skb_recv_datagram(sk, flags, noblock, &err);
614	614	if (!skb)

		@@ -620,8 +620,8 @@
620	620
621	621	copied = skb->len;
622	622	if (copied > len) {
623		---- linux-4.10-rc1.orig/net/ipv6/udp.c
624		-+++ linux-4.10-rc1/net/ipv6/udp.c
	623	+--- linux-4.10-rc4.orig/net/ipv6/udp.c
	624	++++ linux-4.10-rc4/net/ipv6/udp.c
625	625	@@ -347,6 +347,8 @@ try_again:
626	626	skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
627	627	if (!skb)

		@@ -631,8 +631,8 @@
631	631
632	632	ulen = skb->len;
633	633	copied = len;
634		---- linux-4.10-rc1.orig/net/socket.c
635		-+++ linux-4.10-rc1/net/socket.c
	634	+--- linux-4.10-rc4.orig/net/socket.c
	635	++++ linux-4.10-rc4/net/socket.c
636	636	@@ -1512,6 +1512,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
637	637	if (err < 0)
638	638	goto out_fd;

		@@ -644,8 +644,8 @@
644	644	if (upeer_sockaddr) {
645	645	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
646	646	&len, 2) < 0) {
647		---- linux-4.10-rc1.orig/net/unix/af_unix.c
648		-+++ linux-4.10-rc1/net/unix/af_unix.c
	647	+--- linux-4.10-rc4.orig/net/unix/af_unix.c
	648	++++ linux-4.10-rc4/net/unix/af_unix.c
649	649	@@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc
650	650	POLLOUT \| POLLWRNORM \|
651	651	POLLWRBAND);

		@@ -665,8 +665,8 @@
665	665	mutex_unlock(&u->iolock);
666	666	out:
667	667	return err;
668		---- linux-4.10-rc1.orig/security/Kconfig
669		-+++ linux-4.10-rc1/security/Kconfig
	668	+--- linux-4.10-rc4.orig/security/Kconfig
	669	++++ linux-4.10-rc4/security/Kconfig
670	670	@@ -204,5 +204,7 @@ config DEFAULT_SECURITY
671	671	default "apparmor" if DEFAULT_SECURITY_APPARMOR
672	672	default "" if DEFAULT_SECURITY_DAC

		@@ -675,8 +675,8 @@
675	675	+
676	676	endmenu
677	677
678		---- linux-4.10-rc1.orig/security/Makefile
679		-+++ linux-4.10-rc1/security/Makefile
	678	+--- linux-4.10-rc4.orig/security/Makefile
	679	++++ linux-4.10-rc4/security/Makefile
680	680	@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
681	681	# Object integrity file lists
682	682	subdir-$(CONFIG_INTEGRITY) += integrity

--- trunk/caitsith-patch/patches/ccs-patch-4.4.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-4.4.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 4.4.39.
	1	+This is TOMOYO Linux patch for kernel 4.4.44.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.39.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.44.tar.xz
4	4	---
5	5	fs/exec.c \| 2 -
6	6	fs/open.c \| 2 +

		@@ -28,9 +28,9 @@
28	28	security/Makefile \| 3 ++
29	29	24 files changed, 150 insertions(+), 26 deletions(-)
30	30
31		---- linux-4.4.39.orig/fs/exec.c
32		-+++ linux-4.4.39/fs/exec.c
33		-@@ -1467,7 +1467,7 @@ static int exec_binprm(struct linux_binp
	31	+--- linux-4.4.44.orig/fs/exec.c
	32	++++ linux-4.4.44/fs/exec.c
	33	+@@ -1487,7 +1487,7 @@ static int exec_binprm(struct linux_binp
34	34	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35	35	rcu_read_unlock();
36	36

		@@ -39,8 +39,8 @@
39	39	if (ret >= 0) {
40	40	audit_bprm(bprm);
41	41	trace_sched_process_exec(current, old_pid, bprm);
42		---- linux-4.4.39.orig/fs/open.c
43		-+++ linux-4.4.39/fs/open.c
	42	+--- linux-4.4.44.orig/fs/open.c
	43	++++ linux-4.4.44/fs/open.c
44	44	@@ -1111,6 +1111,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-4.4.39.orig/fs/proc/version.c
54		-+++ linux-4.4.39/fs/proc/version.c
	53	+--- linux-4.4.44.orig/fs/proc/version.c
	54	++++ linux-4.4.44/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 4.4.39 2016/12/23\n");
	62	++ printk(KERN_INFO "Hook version: 4.4.44 2017/01/22\n");
63	63	+ return 0;
64	64	+}
65	65	+fs_initcall(ccs_show_version);
66		---- linux-4.4.39.orig/include/linux/init_task.h
67		-+++ linux-4.4.39/include/linux/init_task.h
	66	+--- linux-4.4.44.orig/include/linux/init_task.h
	67	++++ linux-4.4.44/include/linux/init_task.h
68	68	@@ -183,6 +183,14 @@ extern struct task_group root_task_group
69	69	# define INIT_KASAN(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-4.4.39.orig/include/linux/sched.h
92		-+++ linux-4.4.39/include/linux/sched.h
	91	+--- linux-4.4.44.orig/include/linux/sched.h
	92	++++ linux-4.4.44/include/linux/sched.h
93	93	@@ -6,6 +6,8 @@
94	94	#include <linux/sched/prio.h>
95	95

		@@ -99,7 +99,7 @@
99	99	struct sched_param {
100	100	int sched_priority;
101	101	};
102		-@@ -1815,6 +1817,10 @@ struct task_struct {
	102	+@@ -1816,6 +1818,10 @@ struct task_struct {
103	103	unsigned long task_state_change;
104	104	#endif
105	105	int pagefault_disabled;

		@@ -110,8 +110,8 @@
110	110	/* CPU-specific state of this task */
111	111	struct thread_struct thread;
112	112	/*
113		---- linux-4.4.39.orig/include/linux/security.h
114		-+++ linux-4.4.39/include/linux/security.h
	113	+--- linux-4.4.44.orig/include/linux/security.h
	114	++++ linux-4.4.44/include/linux/security.h
115	115	@@ -53,6 +53,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -318,8 +318,8 @@
318	318	}
319	319	#endif /* CONFIG_SECURITY_PATH */
320	320
321		---- linux-4.4.39.orig/include/net/ip.h
322		-+++ linux-4.4.39/include/net/ip.h
	321	+--- linux-4.4.44.orig/include/net/ip.h
	322	++++ linux-4.4.44/include/net/ip.h
323	323	@@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne
324	324	#ifdef CONFIG_SYSCTL
325	325	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -338,8 +338,8 @@
338	338	return 0;
339	339	}
340	340	#endif
341		---- linux-4.4.39.orig/kernel/fork.c
342		-+++ linux-4.4.39/kernel/fork.c
	341	+--- linux-4.4.44.orig/kernel/fork.c
	342	++++ linux-4.4.44/kernel/fork.c
343	343	@@ -258,6 +258,7 @@ void __put_task_struct(struct task_struc
344	344	delayacct_tsk_free(tsk);
345	345	put_signal_struct(tsk->signal);

		@@ -348,7 +348,7 @@
348	348	if (!profile_handoff_task(tsk))
349	349	free_task(tsk);
350	350	}
351		-@@ -1449,6 +1450,9 @@ static struct task_struct *copy_process(
	351	+@@ -1452,6 +1453,9 @@ static struct task_struct *copy_process(
352	352	goto bad_fork_cleanup_perf;
353	353	/* copy all the process information */
354	354	shm_init_task(p);

		@@ -358,7 +358,7 @@
358	358	retval = copy_semundo(clone_flags, p);
359	359	if (retval)
360	360	goto bad_fork_cleanup_audit;
361		-@@ -1666,6 +1670,7 @@ bad_fork_cleanup_semundo:
	361	+@@ -1669,6 +1673,7 @@ bad_fork_cleanup_semundo:
362	362	exit_sem(p);
363	363	bad_fork_cleanup_audit:
364	364	audit_free(p);

		@@ -366,8 +366,8 @@
366	366	bad_fork_cleanup_perf:
367	367	perf_event_free_task(p);
368	368	bad_fork_cleanup_policy:
369		---- linux-4.4.39.orig/kernel/kexec.c
370		-+++ linux-4.4.39/kernel/kexec.c
	369	+--- linux-4.4.44.orig/kernel/kexec.c
	370	++++ linux-4.4.44/kernel/kexec.c
371	371	@@ -17,7 +17,7 @@
372	372	#include <linux/syscalls.h>
373	373	#include <linux/vmalloc.h>

		@@ -386,8 +386,8 @@
386	386
387	387	/*
388	388	* Verify we have a legal set of flags
389		---- linux-4.4.39.orig/kernel/module.c
390		-+++ linux-4.4.39/kernel/module.c
	389	+--- linux-4.4.44.orig/kernel/module.c
	390	++++ linux-4.4.44/kernel/module.c
391	391	@@ -61,6 +61,7 @@
392	392	#include <linux/bsearch.h>
393	393	#include <uapi/linux/module.h>

		@@ -414,9 +414,9 @@
414	414
415	415	return 0;
416	416	}
417		---- linux-4.4.39.orig/kernel/ptrace.c
418		-+++ linux-4.4.39/kernel/ptrace.c
419		-@@ -1075,6 +1075,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
	417	+--- linux-4.4.44.orig/kernel/ptrace.c
	418	++++ linux-4.4.44/kernel/ptrace.c
	419	+@@ -1073,6 +1073,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420	420	{
421	421	struct task_struct *child;
422	422	long ret;

		@@ -428,7 +428,7 @@
428	428
429	429	if (request == PTRACE_TRACEME) {
430	430	ret = ptrace_traceme();
431		-@@ -1221,6 +1226,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
	431	+@@ -1219,6 +1224,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
432	432	{
433	433	struct task_struct *child;
434	434	long ret;

		@@ -440,8 +440,8 @@
440	440
441	441	if (request == PTRACE_TRACEME) {
442	442	ret = ptrace_traceme();
443		---- linux-4.4.39.orig/kernel/reboot.c
444		-+++ linux-4.4.39/kernel/reboot.c
	443	+--- linux-4.4.44.orig/kernel/reboot.c
	444	++++ linux-4.4.44/kernel/reboot.c
445	445	@@ -16,6 +16,7 @@
446	446	#include <linux/syscalls.h>
447	447	#include <linux/syscore_ops.h>

		@@ -459,8 +459,8 @@
459	459
460	460	/*
461	461	* If pid namespaces are enabled and the current task is in a child
462		---- linux-4.4.39.orig/kernel/sched/core.c
463		-+++ linux-4.4.39/kernel/sched/core.c
	462	+--- linux-4.4.44.orig/kernel/sched/core.c
	463	++++ linux-4.4.44/kernel/sched/core.c
464	464	@@ -3548,6 +3548,8 @@ int can_nice(const struct task_struct *p
465	465	SYSCALL_DEFINE1(nice, int, increment)
466	466	{

		@@ -470,8 +470,8 @@
470	470
471	471	/*
472	472	* Setpriority might change our priority at the same moment.
473		---- linux-4.4.39.orig/kernel/signal.c
474		-+++ linux-4.4.39/kernel/signal.c
	473	+--- linux-4.4.44.orig/kernel/signal.c
	474	++++ linux-4.4.44/kernel/signal.c
475	475	@@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476	476	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477	477	{

		@@ -517,8 +517,8 @@
517	517
518	518	return do_send_specific(tgid, pid, sig, info);
519	519	}
520		---- linux-4.4.39.orig/kernel/sys.c
521		-+++ linux-4.4.39/kernel/sys.c
	520	+--- linux-4.4.44.orig/kernel/sys.c
	521	++++ linux-4.4.44/kernel/sys.c
522	522	@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523	523
524	524	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -548,8 +548,8 @@
548	548
549	549	down_write(&uts_sem);
550	550	errno = -EFAULT;
551		---- linux-4.4.39.orig/kernel/time/ntp.c
552		-+++ linux-4.4.39/kernel/time/ntp.c
	551	+--- linux-4.4.44.orig/kernel/time/ntp.c
	552	++++ linux-4.4.44/kernel/time/ntp.c
553	553	@@ -16,6 +16,7 @@
554	554	#include <linux/mm.h>
555	555	#include <linux/module.h>

		@@ -583,8 +583,8 @@
583	583
584	584	if (txc->modes & ADJ_NANO) {
585	585	struct timespec ts;
586		---- linux-4.4.39.orig/net/ipv4/raw.c
587		-+++ linux-4.4.39/net/ipv4/raw.c
	586	+--- linux-4.4.44.orig/net/ipv4/raw.c
	587	++++ linux-4.4.44/net/ipv4/raw.c
588	588	@@ -739,6 +739,10 @@ static int raw_recvmsg(struct sock *sk,
589	589	skb = skb_recv_datagram(sk, flags, noblock, &err);
590	590	if (!skb)

		@@ -596,8 +596,8 @@
596	596
597	597	copied = skb->len;
598	598	if (len < copied) {
599		---- linux-4.4.39.orig/net/ipv4/udp.c
600		-+++ linux-4.4.39/net/ipv4/udp.c
	599	+--- linux-4.4.44.orig/net/ipv4/udp.c
	600	++++ linux-4.4.44/net/ipv4/udp.c
601	601	@@ -1286,6 +1286,10 @@ try_again:
602	602	&peeked, &off, &err);
603	603	if (!skb)

		@@ -609,8 +609,8 @@
609	609
610	610	ulen = skb->len - sizeof(struct udphdr);
611	611	copied = len;
612		---- linux-4.4.39.orig/net/ipv6/raw.c
613		-+++ linux-4.4.39/net/ipv6/raw.c
	612	+--- linux-4.4.44.orig/net/ipv6/raw.c
	613	++++ linux-4.4.44/net/ipv6/raw.c
614	614	@@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
615	615	skb = skb_recv_datagram(sk, flags, noblock, &err);
616	616	if (!skb)

		@@ -622,8 +622,8 @@
622	622
623	623	copied = skb->len;
624	624	if (copied > len) {
625		---- linux-4.4.39.orig/net/ipv6/udp.c
626		-+++ linux-4.4.39/net/ipv6/udp.c
	625	+--- linux-4.4.44.orig/net/ipv6/udp.c
	626	++++ linux-4.4.44/net/ipv6/udp.c
627	627	@@ -417,6 +417,10 @@ try_again:
628	628	&peeked, &off, &err);
629	629	if (!skb)

		@@ -635,8 +635,8 @@
635	635
636	636	ulen = skb->len - sizeof(struct udphdr);
637	637	copied = len;
638		---- linux-4.4.39.orig/net/socket.c
639		-+++ linux-4.4.39/net/socket.c
	638	+--- linux-4.4.44.orig/net/socket.c
	639	++++ linux-4.4.44/net/socket.c
640	640	@@ -1476,6 +1476,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
641	641	if (err < 0)
642	642	goto out_fd;

		@@ -648,8 +648,8 @@
648	648	if (upeer_sockaddr) {
649	649	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
650	650	&len, 2) < 0) {
651		---- linux-4.4.39.orig/net/unix/af_unix.c
652		-+++ linux-4.4.39/net/unix/af_unix.c
	651	+--- linux-4.4.44.orig/net/unix/af_unix.c
	652	++++ linux-4.4.44/net/unix/af_unix.c
653	653	@@ -2134,6 +2134,10 @@ static int unix_dgram_recvmsg(struct soc
654	654	wake_up_interruptible_sync_poll(&u->peer_wait,
655	655	POLLOUT \| POLLWRNORM \| POLLWRBAND);

		@@ -661,8 +661,8 @@
661	661	if (msg->msg_name)
662	662	unix_copy_addr(msg, skb->sk);
663	663
664		---- linux-4.4.39.orig/security/Kconfig
665		-+++ linux-4.4.39/security/Kconfig
	664	+--- linux-4.4.44.orig/security/Kconfig
	665	++++ linux-4.4.44/security/Kconfig
666	666	@@ -163,5 +163,7 @@ config DEFAULT_SECURITY
667	667	default "apparmor" if DEFAULT_SECURITY_APPARMOR
668	668	default "" if DEFAULT_SECURITY_DAC

		@@ -671,8 +671,8 @@
671	671	+
672	672	endmenu
673	673
674		---- linux-4.4.39.orig/security/Makefile
675		-+++ linux-4.4.39/security/Makefile
	674	+--- linux-4.4.44.orig/security/Makefile
	675	++++ linux-4.4.44/security/Makefile
676	676	@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
677	677	# Object integrity file lists
678	678	subdir-$(CONFIG_INTEGRITY) += integrity

--- trunk/caitsith-patch/patches/ccs-patch-4.8.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-4.8.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 4.8.15.
	1	+This is TOMOYO Linux patch for kernel 4.8.17.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.15.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.17.tar.xz
4	4	---
5	5	fs/exec.c \| 2 -
6	6	fs/open.c \| 2 +

		@@ -28,9 +28,9 @@
28	28	security/Makefile \| 3 ++
29	29	24 files changed, 147 insertions(+), 26 deletions(-)
30	30
31		---- linux-4.8.15.orig/fs/exec.c
32		-+++ linux-4.8.15/fs/exec.c
33		-@@ -1616,7 +1616,7 @@ static int exec_binprm(struct linux_binp
	31	+--- linux-4.8.17.orig/fs/exec.c
	32	++++ linux-4.8.17/fs/exec.c
	33	+@@ -1635,7 +1635,7 @@ static int exec_binprm(struct linux_binp
34	34	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35	35	rcu_read_unlock();
36	36

		@@ -39,8 +39,8 @@
39	39	if (ret >= 0) {
40	40	audit_bprm(bprm);
41	41	trace_sched_process_exec(current, old_pid, bprm);
42		---- linux-4.8.15.orig/fs/open.c
43		-+++ linux-4.8.15/fs/open.c
	42	+--- linux-4.8.17.orig/fs/open.c
	43	++++ linux-4.8.17/fs/open.c
44	44	@@ -1128,6 +1128,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-4.8.15.orig/fs/proc/version.c
54		-+++ linux-4.8.15/fs/proc/version.c
	53	+--- linux-4.8.17.orig/fs/proc/version.c
	54	++++ linux-4.8.17/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 4.8.15 2016/12/23\n");
	62	++ printk(KERN_INFO "Hook version: 4.8.17 2017/01/09\n");
63	63	+ return 0;
64	64	+}
65	65	+fs_initcall(ccs_show_version);
66		---- linux-4.8.15.orig/include/linux/init_task.h
67		-+++ linux-4.8.15/include/linux/init_task.h
	66	+--- linux-4.8.17.orig/include/linux/init_task.h
	67	++++ linux-4.8.17/include/linux/init_task.h
68	68	@@ -183,6 +183,14 @@ extern struct task_group root_task_group
69	69	# define INIT_KASAN(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-4.8.15.orig/include/linux/sched.h
92		-+++ linux-4.8.15/include/linux/sched.h
	91	+--- linux-4.8.17.orig/include/linux/sched.h
	92	++++ linux-4.8.17/include/linux/sched.h
93	93	@@ -6,6 +6,8 @@
94	94	#include <linux/sched/prio.h>
95	95

		@@ -99,7 +99,7 @@
99	99	struct sched_param {
100	100	int sched_priority;
101	101	};
102		-@@ -1923,6 +1925,10 @@ struct task_struct {
	102	+@@ -1924,6 +1926,10 @@ struct task_struct {
103	103	#ifdef CONFIG_MMU
104	104	struct task_struct *oom_reaper_list;
105	105	#endif

		@@ -110,8 +110,8 @@
110	110	/* CPU-specific state of this task */
111	111	struct thread_struct thread;
112	112	/*
113		---- linux-4.8.15.orig/include/linux/security.h
114		-+++ linux-4.8.15/include/linux/security.h
	113	+--- linux-4.8.17.orig/include/linux/security.h
	114	++++ linux-4.8.17/include/linux/security.h
115	115	@@ -55,6 +55,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -318,8 +318,8 @@
318	318	}
319	319	#endif /* CONFIG_SECURITY_PATH */
320	320
321		---- linux-4.8.15.orig/include/net/ip.h
322		-+++ linux-4.8.15/include/net/ip.h
	321	+--- linux-4.8.17.orig/include/net/ip.h
	322	++++ linux-4.8.17/include/net/ip.h
323	323	@@ -223,6 +223,8 @@ void inet_get_local_port_range(struct ne
324	324	#ifdef CONFIG_SYSCTL
325	325	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -338,8 +338,8 @@
338	338	return 0;
339	339	}
340	340	#endif
341		---- linux-4.8.15.orig/kernel/fork.c
342		-+++ linux-4.8.15/kernel/fork.c
	341	+--- linux-4.8.17.orig/kernel/fork.c
	342	++++ linux-4.8.17/kernel/fork.c
343	343	@@ -265,6 +265,7 @@ void __put_task_struct(struct task_struc
344	344	delayacct_tsk_free(tsk);
345	345	put_signal_struct(tsk->signal);

		@@ -348,7 +348,7 @@
348	348	if (!profile_handoff_task(tsk))
349	349	free_task(tsk);
350	350	}
351		-@@ -1484,6 +1485,9 @@ static struct task_struct *copy_process(
	351	+@@ -1487,6 +1488,9 @@ static struct task_struct *copy_process(
352	352	goto bad_fork_cleanup_perf;
353	353	/* copy all the process information */
354	354	shm_init_task(p);

		@@ -358,7 +358,7 @@
358	358	retval = copy_semundo(clone_flags, p);
359	359	if (retval)
360	360	goto bad_fork_cleanup_audit;
361		-@@ -1703,6 +1707,7 @@ bad_fork_cleanup_semundo:
	361	+@@ -1706,6 +1710,7 @@ bad_fork_cleanup_semundo:
362	362	exit_sem(p);
363	363	bad_fork_cleanup_audit:
364	364	audit_free(p);

		@@ -366,8 +366,8 @@
366	366	bad_fork_cleanup_perf:
367	367	perf_event_free_task(p);
368	368	bad_fork_cleanup_policy:
369		---- linux-4.8.15.orig/kernel/kexec.c
370		-+++ linux-4.8.15/kernel/kexec.c
	369	+--- linux-4.8.17.orig/kernel/kexec.c
	370	++++ linux-4.8.17/kernel/kexec.c
371	371	@@ -17,7 +17,7 @@
372	372	#include <linux/syscalls.h>
373	373	#include <linux/vmalloc.h>

		@@ -386,8 +386,8 @@
386	386
387	387	/*
388	388	* Verify we have a legal set of flags
389		---- linux-4.8.15.orig/kernel/module.c
390		-+++ linux-4.8.15/kernel/module.c
	389	+--- linux-4.8.17.orig/kernel/module.c
	390	++++ linux-4.8.17/kernel/module.c
391	391	@@ -63,6 +63,7 @@
392	392	#include <linux/dynamic_debug.h>
393	393	#include <uapi/linux/module.h>

		@@ -414,9 +414,9 @@
414	414
415	415	return 0;
416	416	}
417		---- linux-4.8.15.orig/kernel/ptrace.c
418		-+++ linux-4.8.15/kernel/ptrace.c
419		-@@ -1080,6 +1080,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
	417	+--- linux-4.8.17.orig/kernel/ptrace.c
	418	++++ linux-4.8.17/kernel/ptrace.c
	419	+@@ -1078,6 +1078,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420	420	{
421	421	struct task_struct *child;
422	422	long ret;

		@@ -428,7 +428,7 @@
428	428
429	429	if (request == PTRACE_TRACEME) {
430	430	ret = ptrace_traceme();
431		-@@ -1226,6 +1231,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
	431	+@@ -1224,6 +1229,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
432	432	{
433	433	struct task_struct *child;
434	434	long ret;

		@@ -440,8 +440,8 @@
440	440
441	441	if (request == PTRACE_TRACEME) {
442	442	ret = ptrace_traceme();
443		---- linux-4.8.15.orig/kernel/reboot.c
444		-+++ linux-4.8.15/kernel/reboot.c
	443	+--- linux-4.8.17.orig/kernel/reboot.c
	444	++++ linux-4.8.17/kernel/reboot.c
445	445	@@ -16,6 +16,7 @@
446	446	#include <linux/syscalls.h>
447	447	#include <linux/syscore_ops.h>

		@@ -459,8 +459,8 @@
459	459
460	460	/*
461	461	* If pid namespaces are enabled and the current task is in a child
462		---- linux-4.8.15.orig/kernel/sched/core.c
463		-+++ linux-4.8.15/kernel/sched/core.c
	462	+--- linux-4.8.17.orig/kernel/sched/core.c
	463	++++ linux-4.8.17/kernel/sched/core.c
464	464	@@ -3775,6 +3775,8 @@ int can_nice(const struct task_struct *p
465	465	SYSCALL_DEFINE1(nice, int, increment)
466	466	{

		@@ -470,8 +470,8 @@
470	470
471	471	/*
472	472	* Setpriority might change our priority at the same moment.
473		---- linux-4.8.15.orig/kernel/signal.c
474		-+++ linux-4.8.15/kernel/signal.c
	473	+--- linux-4.8.17.orig/kernel/signal.c
	474	++++ linux-4.8.17/kernel/signal.c
475	475	@@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476	476	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477	477	{

		@@ -517,8 +517,8 @@
517	517
518	518	return do_send_specific(tgid, pid, sig, info);
519	519	}
520		---- linux-4.8.15.orig/kernel/sys.c
521		-+++ linux-4.8.15/kernel/sys.c
	520	+--- linux-4.8.17.orig/kernel/sys.c
	521	++++ linux-4.8.17/kernel/sys.c
522	522	@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523	523
524	524	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -548,8 +548,8 @@
548	548
549	549	down_write(&uts_sem);
550	550	errno = -EFAULT;
551		---- linux-4.8.15.orig/kernel/time/ntp.c
552		-+++ linux-4.8.15/kernel/time/ntp.c
	551	+--- linux-4.8.17.orig/kernel/time/ntp.c
	552	++++ linux-4.8.17/kernel/time/ntp.c
553	553	@@ -17,6 +17,7 @@
554	554	#include <linux/module.h>
555	555	#include <linux/rtc.h>

		@@ -583,8 +583,8 @@
583	583
584	584	if (txc->modes & ADJ_NANO) {
585	585	struct timespec ts;
586		---- linux-4.8.15.orig/net/ipv4/raw.c
587		-+++ linux-4.8.15/net/ipv4/raw.c
	586	+--- linux-4.8.17.orig/net/ipv4/raw.c
	587	++++ linux-4.8.17/net/ipv4/raw.c
588	588	@@ -742,6 +742,10 @@ static int raw_recvmsg(struct sock *sk,
589	589	skb = skb_recv_datagram(sk, flags, noblock, &err);
590	590	if (!skb)

		@@ -596,8 +596,8 @@
596	596
597	597	copied = skb->len;
598	598	if (len < copied) {
599		---- linux-4.8.15.orig/net/ipv4/udp.c
600		-+++ linux-4.8.15/net/ipv4/udp.c
	599	+--- linux-4.8.17.orig/net/ipv4/udp.c
	600	++++ linux-4.8.17/net/ipv4/udp.c
601	601	@@ -1272,6 +1272,8 @@ try_again:
602	602	&peeked, &off, &err);
603	603	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len;
609	609	copied = len;
610		---- linux-4.8.15.orig/net/ipv6/raw.c
611		-+++ linux-4.8.15/net/ipv6/raw.c
	610	+--- linux-4.8.17.orig/net/ipv6/raw.c
	611	++++ linux-4.8.17/net/ipv6/raw.c
612	612	@@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
613	613	skb = skb_recv_datagram(sk, flags, noblock, &err);
614	614	if (!skb)

		@@ -620,8 +620,8 @@
620	620
621	621	copied = skb->len;
622	622	if (copied > len) {
623		---- linux-4.8.15.orig/net/ipv6/udp.c
624		-+++ linux-4.8.15/net/ipv6/udp.c
	623	+--- linux-4.8.17.orig/net/ipv6/udp.c
	624	++++ linux-4.8.17/net/ipv6/udp.c
625	625	@@ -348,6 +348,8 @@ try_again:
626	626	&peeked, &off, &err);
627	627	if (!skb)

		@@ -631,8 +631,8 @@
631	631
632	632	ulen = skb->len;
633	633	copied = len;
634		---- linux-4.8.15.orig/net/socket.c
635		-+++ linux-4.8.15/net/socket.c
	634	+--- linux-4.8.17.orig/net/socket.c
	635	++++ linux-4.8.17/net/socket.c
636	636	@@ -1469,6 +1469,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
637	637	if (err < 0)
638	638	goto out_fd;

		@@ -644,8 +644,8 @@
644	644	if (upeer_sockaddr) {
645	645	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
646	646	&len, 2) < 0) {
647		---- linux-4.8.15.orig/net/unix/af_unix.c
648		-+++ linux-4.8.15/net/unix/af_unix.c
	647	+--- linux-4.8.17.orig/net/unix/af_unix.c
	648	++++ linux-4.8.17/net/unix/af_unix.c
649	649	@@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc
650	650	POLLOUT \| POLLWRNORM \|
651	651	POLLWRBAND);

		@@ -665,8 +665,8 @@
665	665	mutex_unlock(&u->iolock);
666	666	out:
667	667	return err;
668		---- linux-4.8.15.orig/security/Kconfig
669		-+++ linux-4.8.15/security/Kconfig
	668	+--- linux-4.8.17.orig/security/Kconfig
	669	++++ linux-4.8.17/security/Kconfig
670	670	@@ -204,5 +204,7 @@ config DEFAULT_SECURITY
671	671	default "apparmor" if DEFAULT_SECURITY_APPARMOR
672	672	default "" if DEFAULT_SECURITY_DAC

		@@ -675,8 +675,8 @@
675	675	+
676	676	endmenu
677	677
678		---- linux-4.8.15.orig/security/Makefile
679		-+++ linux-4.8.15/security/Makefile
	678	+--- linux-4.8.17.orig/security/Makefile
	679	++++ linux-4.8.17/security/Makefile
680	680	@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
681	681	# Object integrity file lists
682	682	subdir-$(CONFIG_INTEGRITY) += integrity

--- trunk/caitsith-patch/patches/ccs-patch-4.9.diff (revision 226)

+++ trunk/caitsith-patch/patches/ccs-patch-4.9.diff (revision 227)

		@@ -1,6 +1,6 @@
1		-This is TOMOYO Linux patch for kernel 4.9.
	1	+This is TOMOYO Linux patch for kernel 4.9.5.
2	2
3		-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.xz
	3	+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz
4	4	---
5	5	fs/exec.c \| 2 -
6	6	fs/open.c \| 2 +

		@@ -28,9 +28,9 @@
28	28	security/Makefile \| 3 ++
29	29	24 files changed, 147 insertions(+), 26 deletions(-)
30	30
31		---- linux-4.9.orig/fs/exec.c
32		-+++ linux-4.9/fs/exec.c
33		-@@ -1621,7 +1621,7 @@ static int exec_binprm(struct linux_binp
	31	+--- linux-4.9.5.orig/fs/exec.c
	32	++++ linux-4.9.5/fs/exec.c
	33	+@@ -1640,7 +1640,7 @@ static int exec_binprm(struct linux_binp
34	34	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35	35	rcu_read_unlock();
36	36

		@@ -39,8 +39,8 @@
39	39	if (ret >= 0) {
40	40	audit_bprm(bprm);
41	41	trace_sched_process_exec(current, old_pid, bprm);
42		---- linux-4.9.orig/fs/open.c
43		-+++ linux-4.9/fs/open.c
	42	+--- linux-4.9.5.orig/fs/open.c
	43	++++ linux-4.9.5/fs/open.c
44	44	@@ -1145,6 +1145,8 @@ EXPORT_SYMBOL(sys_close);
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-4.9.orig/fs/proc/version.c
54		-+++ linux-4.9/fs/proc/version.c
	53	+--- linux-4.9.5.orig/fs/proc/version.c
	54	++++ linux-4.9.5/fs/proc/version.c
55	55	@@ -32,3 +32,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 4.9 2016/12/12\n");
	62	++ printk(KERN_INFO "Hook version: 4.9.5 2017/01/22\n");
63	63	+ return 0;
64	64	+}
65	65	+fs_initcall(ccs_show_version);
66		---- linux-4.9.orig/include/linux/init_task.h
67		-+++ linux-4.9/include/linux/init_task.h
	66	+--- linux-4.9.5.orig/include/linux/init_task.h
	67	++++ linux-4.9.5/include/linux/init_task.h
68	68	@@ -193,6 +193,14 @@ extern struct task_group root_task_group
69	69	# define INIT_TASK_TI(tsk)
70	70	#endif

		@@ -88,8 +88,8 @@
88	88	}
89	89
90	90
91		---- linux-4.9.orig/include/linux/sched.h
92		-+++ linux-4.9/include/linux/sched.h
	91	+--- linux-4.9.5.orig/include/linux/sched.h
	92	++++ linux-4.9.5/include/linux/sched.h
93	93	@@ -6,6 +6,8 @@
94	94	#include <linux/sched/prio.h>
95	95

		@@ -99,7 +99,7 @@
99	99	struct sched_param {
100	100	int sched_priority;
101	101	};
102		-@@ -1955,6 +1957,10 @@ struct task_struct {
	102	+@@ -1956,6 +1958,10 @@ struct task_struct {
103	103	/* A live task holds one reference. */
104	104	atomic_t stack_refcount;
105	105	#endif

		@@ -110,8 +110,8 @@
110	110	/* CPU-specific state of this task */
111	111	struct thread_struct thread;
112	112	/*
113		---- linux-4.9.orig/include/linux/security.h
114		-+++ linux-4.9/include/linux/security.h
	113	+--- linux-4.9.5.orig/include/linux/security.h
	114	++++ linux-4.9.5/include/linux/security.h
115	115	@@ -55,6 +55,7 @@ struct msg_queue;
116	116	struct xattr;
117	117	struct xfrm_sec_ctx;

		@@ -318,8 +318,8 @@
318	318	}
319	319	#endif /* CONFIG_SECURITY_PATH */
320	320
321		---- linux-4.9.orig/include/net/ip.h
322		-+++ linux-4.9/include/net/ip.h
	321	+--- linux-4.9.5.orig/include/net/ip.h
	322	++++ linux-4.9.5/include/net/ip.h
323	323	@@ -252,6 +252,8 @@ void inet_get_local_port_range(struct ne
324	324	#ifdef CONFIG_SYSCTL
325	325	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -338,8 +338,8 @@
338	338	return 0;
339	339	}
340	340	#endif
341		---- linux-4.9.orig/kernel/fork.c
342		-+++ linux-4.9/kernel/fork.c
	341	+--- linux-4.9.5.orig/kernel/fork.c
	342	++++ linux-4.9.5/kernel/fork.c
343	343	@@ -390,6 +390,7 @@ void __put_task_struct(struct task_struc
344	344	delayacct_tsk_free(tsk);
345	345	put_signal_struct(tsk->signal);

		@@ -348,7 +348,7 @@
348	348	if (!profile_handoff_task(tsk))
349	349	free_task(tsk);
350	350	}
351		-@@ -1634,6 +1635,9 @@ static __latent_entropy struct task_stru
	351	+@@ -1637,6 +1638,9 @@ static __latent_entropy struct task_stru
352	352	goto bad_fork_cleanup_perf;
353	353	/* copy all the process information */
354	354	shm_init_task(p);

		@@ -358,7 +358,7 @@
358	358	retval = copy_semundo(clone_flags, p);
359	359	if (retval)
360	360	goto bad_fork_cleanup_audit;
361		-@@ -1853,6 +1857,7 @@ bad_fork_cleanup_semundo:
	361	+@@ -1856,6 +1860,7 @@ bad_fork_cleanup_semundo:
362	362	exit_sem(p);
363	363	bad_fork_cleanup_audit:
364	364	audit_free(p);

		@@ -366,8 +366,8 @@
366	366	bad_fork_cleanup_perf:
367	367	perf_event_free_task(p);
368	368	bad_fork_cleanup_policy:
369		---- linux-4.9.orig/kernel/kexec.c
370		-+++ linux-4.9/kernel/kexec.c
	369	+--- linux-4.9.5.orig/kernel/kexec.c
	370	++++ linux-4.9.5/kernel/kexec.c
371	371	@@ -17,7 +17,7 @@
372	372	#include <linux/syscalls.h>
373	373	#include <linux/vmalloc.h>

		@@ -386,8 +386,8 @@
386	386
387	387	/*
388	388	* Verify we have a legal set of flags
389		---- linux-4.9.orig/kernel/module.c
390		-+++ linux-4.9/kernel/module.c
	389	+--- linux-4.9.5.orig/kernel/module.c
	390	++++ linux-4.9.5/kernel/module.c
391	391	@@ -63,6 +63,7 @@
392	392	#include <linux/dynamic_debug.h>
393	393	#include <uapi/linux/module.h>

		@@ -414,9 +414,9 @@
414	414
415	415	return 0;
416	416	}
417		---- linux-4.9.orig/kernel/ptrace.c
418		-+++ linux-4.9/kernel/ptrace.c
419		-@@ -1082,6 +1082,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
	417	+--- linux-4.9.5.orig/kernel/ptrace.c
	418	++++ linux-4.9.5/kernel/ptrace.c
	419	+@@ -1110,6 +1110,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420	420	{
421	421	struct task_struct *child;
422	422	long ret;

		@@ -428,7 +428,7 @@
428	428
429	429	if (request == PTRACE_TRACEME) {
430	430	ret = ptrace_traceme();
431		-@@ -1231,6 +1236,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
	431	+@@ -1259,6 +1264,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
432	432	{
433	433	struct task_struct *child;
434	434	long ret;

		@@ -440,8 +440,8 @@
440	440
441	441	if (request == PTRACE_TRACEME) {
442	442	ret = ptrace_traceme();
443		---- linux-4.9.orig/kernel/reboot.c
444		-+++ linux-4.9/kernel/reboot.c
	443	+--- linux-4.9.5.orig/kernel/reboot.c
	444	++++ linux-4.9.5/kernel/reboot.c
445	445	@@ -16,6 +16,7 @@
446	446	#include <linux/syscalls.h>
447	447	#include <linux/syscore_ops.h>

		@@ -459,8 +459,8 @@
459	459
460	460	/*
461	461	* If pid namespaces are enabled and the current task is in a child
462		---- linux-4.9.orig/kernel/sched/core.c
463		-+++ linux-4.9/kernel/sched/core.c
	462	+--- linux-4.9.5.orig/kernel/sched/core.c
	463	++++ linux-4.9.5/kernel/sched/core.c
464	464	@@ -3811,6 +3811,8 @@ int can_nice(const struct task_struct *p
465	465	SYSCALL_DEFINE1(nice, int, increment)
466	466	{

		@@ -470,8 +470,8 @@
470	470
471	471	/*
472	472	* Setpriority might change our priority at the same moment.
473		---- linux-4.9.orig/kernel/signal.c
474		-+++ linux-4.9/kernel/signal.c
	473	+--- linux-4.9.5.orig/kernel/signal.c
	474	++++ linux-4.9.5/kernel/signal.c
475	475	@@ -2847,6 +2847,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476	476	SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477	477	{

		@@ -517,8 +517,8 @@
517	517
518	518	return do_send_specific(tgid, pid, sig, info);
519	519	}
520		---- linux-4.9.orig/kernel/sys.c
521		-+++ linux-4.9/kernel/sys.c
	520	+--- linux-4.9.5.orig/kernel/sys.c
	521	++++ linux-4.9.5/kernel/sys.c
522	522	@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523	523
524	524	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -548,8 +548,8 @@
548	548
549	549	down_write(&uts_sem);
550	550	errno = -EFAULT;
551		---- linux-4.9.orig/kernel/time/ntp.c
552		-+++ linux-4.9/kernel/time/ntp.c
	551	+--- linux-4.9.5.orig/kernel/time/ntp.c
	552	++++ linux-4.9.5/kernel/time/ntp.c
553	553	@@ -17,6 +17,7 @@
554	554	#include <linux/module.h>
555	555	#include <linux/rtc.h>

		@@ -583,8 +583,8 @@
583	583
584	584	if (txc->modes & ADJ_NANO) {
585	585	struct timespec ts;
586		---- linux-4.9.orig/net/ipv4/raw.c
587		-+++ linux-4.9/net/ipv4/raw.c
	586	+--- linux-4.9.5.orig/net/ipv4/raw.c
	587	++++ linux-4.9.5/net/ipv4/raw.c
588	588	@@ -736,6 +736,10 @@ static int raw_recvmsg(struct sock *sk,
589	589	skb = skb_recv_datagram(sk, flags, noblock, &err);
590	590	if (!skb)

		@@ -596,8 +596,8 @@
596	596
597	597	copied = skb->len;
598	598	if (len < copied) {
599		---- linux-4.9.orig/net/ipv4/udp.c
600		-+++ linux-4.9/net/ipv4/udp.c
	599	+--- linux-4.9.5.orig/net/ipv4/udp.c
	600	++++ linux-4.9.5/net/ipv4/udp.c
601	601	@@ -1267,6 +1267,8 @@ try_again:
602	602	&peeked, &off, &err);
603	603	if (!skb)

		@@ -607,8 +607,8 @@
607	607
608	608	ulen = skb->len;
609	609	copied = len;
610		---- linux-4.9.orig/net/ipv6/raw.c
611		-+++ linux-4.9/net/ipv6/raw.c
	610	+--- linux-4.9.5.orig/net/ipv6/raw.c
	611	++++ linux-4.9.5/net/ipv6/raw.c
612	612	@@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
613	613	skb = skb_recv_datagram(sk, flags, noblock, &err);
614	614	if (!skb)

		@@ -620,8 +620,8 @@
620	620
621	621	copied = skb->len;
622	622	if (copied > len) {
623		---- linux-4.9.orig/net/ipv6/udp.c
624		-+++ linux-4.9/net/ipv6/udp.c
	623	+--- linux-4.9.5.orig/net/ipv6/udp.c
	624	++++ linux-4.9.5/net/ipv6/udp.c
625	625	@@ -348,6 +348,8 @@ try_again:
626	626	&peeked, &off, &err);
627	627	if (!skb)

		@@ -631,8 +631,8 @@
631	631
632	632	ulen = skb->len;
633	633	copied = len;
634		---- linux-4.9.orig/net/socket.c
635		-+++ linux-4.9/net/socket.c
	634	+--- linux-4.9.5.orig/net/socket.c
	635	++++ linux-4.9.5/net/socket.c
636	636	@@ -1481,6 +1481,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
637	637	if (err < 0)
638	638	goto out_fd;

		@@ -644,8 +644,8 @@
644	644	if (upeer_sockaddr) {
645	645	if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
646	646	&len, 2) < 0) {
647		---- linux-4.9.orig/net/unix/af_unix.c
648		-+++ linux-4.9/net/unix/af_unix.c
	647	+--- linux-4.9.5.orig/net/unix/af_unix.c
	648	++++ linux-4.9.5/net/unix/af_unix.c
649	649	@@ -2140,6 +2140,10 @@ static int unix_dgram_recvmsg(struct soc
650	650	POLLOUT \| POLLWRNORM \|
651	651	POLLWRBAND);

		@@ -665,8 +665,8 @@
665	665	mutex_unlock(&u->iolock);
666	666	out:
667	667	return err;
668		---- linux-4.9.orig/security/Kconfig
669		-+++ linux-4.9/security/Kconfig
	668	+--- linux-4.9.5.orig/security/Kconfig
	669	++++ linux-4.9.5/security/Kconfig
670	670	@@ -204,5 +204,7 @@ config DEFAULT_SECURITY
671	671	default "apparmor" if DEFAULT_SECURITY_APPARMOR
672	672	default "" if DEFAULT_SECURITY_DAC

		@@ -675,8 +675,8 @@
675	675	+
676	676	endmenu
677	677
678		---- linux-4.9.orig/security/Makefile
679		-+++ linux-4.9/security/Makefile
	678	+--- linux-4.9.5.orig/security/Makefile
	679	++++ linux-4.9.5/security/Makefile
680	680	@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
681	681	# Object integrity file lists
682	682	subdir-$(CONFIG_INTEGRITY) += integrity

--- trunk/caitsith-patch/specs/build-c6-2.6.32.sh (revision 226)

+++ trunk/caitsith-patch/specs/build-c6-2.6.32.sh (revision 227)

		@@ -10,12 +10,12 @@
10	10
11	11	cd /tmp/ \|\| die "Can't chdir to /tmp/ ."
12	12
13		-if [ ! -r kernel-2.6.32-642.11.1.el6.src.rpm ]
	13	+if [ ! -r kernel-2.6.32-642.13.1.el6.src.rpm ]
14	14	then
15		- wget http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.11.1.el6.src.rpm \|\| die "Can't download source package."
	15	+ wget http://vault.centos.org/6.8/updates/Source/SPackages/kernel-2.6.32-642.13.1.el6.src.rpm \|\| die "Can't download source package."
16	16	fi
17		-LANG=C rpm --checksig kernel-2.6.32-642.11.1.el6.src.rpm \| grep -F ': rsa sha1 (md5) pgp md5 OK' \|\| die "Can't verify signature."
18		-rpm -ivh kernel-2.6.32-642.11.1.el6.src.rpm \|\| die "Can't install source package."
	17	+LANG=C rpm --checksig kernel-2.6.32-642.13.1.el6.src.rpm \| grep -F ': rsa sha1 (md5) pgp md5 OK' \|\| die "Can't verify signature."
	18	+rpm -ivh kernel-2.6.32-642.13.1.el6.src.rpm \|\| die "Can't install source package."
19	19
20	20	cd ~/rpmbuild/SOURCES/ \|\| die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21	21	if [ ! -r caitsith-patch-0.2-20161229.tar.gz ]

		@@ -35,7 +35,7 @@
35	35	-# % define buildid .local
36	36	+%define buildid _caitsith_0.2
37	37
38		- %define distro_build 642.11.1
	38	+ %define distro_build 642.13.1
39	39	%define signmodules 1
40	40	@@ -437,7 +437,7 @@
41	41	# Packages that need to be installed before the kernel is, because the %post

--- trunk/caitsith-patch/specs/build-c7-3.10.sh (revision 226)

+++ trunk/caitsith-patch/specs/build-c7-3.10.sh (revision 227)

		@@ -10,12 +10,12 @@
10	10
11	11	cd /tmp/ \|\| die "Can't chdir to /tmp/ ."
12	12
13		-if [ ! -r kernel-3.10.0-514.2.2.el7.src.rpm ]
	13	+if [ ! -r kernel-3.10.0-514.6.1.el7.src.rpm ]
14	14	then
15		- wget http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.2.2.el7.src.rpm \|\| die "Can't download source package."
	15	+ wget http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-514.6.1.el7.src.rpm \|\| die "Can't download source package."
16	16	fi
17		-LANG=C rpm --checksig kernel-3.10.0-514.2.2.el7.src.rpm \| grep -F ': rsa sha1 (md5) pgp md5 OK' \|\| die "Can't verify signature."
18		-rpm -ivh kernel-3.10.0-514.2.2.el7.src.rpm \|\| die "Can't install source package."
	17	+LANG=C rpm --checksig kernel-3.10.0-514.6.1.el7.src.rpm \| grep -F ': rsa sha1 (md5) pgp md5 OK' \|\| die "Can't verify signature."
	18	+rpm -ivh kernel-3.10.0-514.6.1.el7.src.rpm \|\| die "Can't install source package."
19	19
20	20	cd ~/rpmbuild/SOURCES/ \|\| die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21	21	if [ ! -r caitsith-patch-0.2-20161229.tar.gz ]

		@@ -28,9 +28,9 @@
28	28	patch << "EOF" \|\| die "Can't patch spec file."
29	29	--- cs-kernel.spec
30	30	+++ cs-kernel.spec
31		-@@ -3,7 +3,7 @@
	31	+@@ -5,7 +5,7 @@
32	32
33		- Summary: The Linux kernel
	33	+ %define dist .el7
34	34
35	35	-# % define buildid .local
36	36	+%define buildid _caitsith_0.2

		@@ -37,7 +37,7 @@
37	37
38	38	# For a kernel released for public testing, released_kernel should be 1.
39	39	# For internal testing builds during development, it should be 0.
40		-@@ -277,7 +277,7 @@
	40	+@@ -283,7 +283,7 @@
41	41	AutoProv: yes\
42	42	%{nil}
43	43

		@@ -46,7 +46,7 @@
46	46	Group: System Environment/Kernel
47	47	License: GPLv2
48	48	URL: http://www.kernel.org/
49		-@@ -574,13 +574,13 @@
	49	+@@ -580,13 +580,13 @@
50	50	%package %{?1:%{1}-}devel\
51	51	Summary: Development package for building kernel modules to match the %{?2:%{2} }kernel\
52	52	Group: System Environment/Kernel\

		@@ -64,7 +64,7 @@
64	64	This package provides kernel headers and makefiles sufficient to build modules\
65	65	against the %{?2:%{2} }kernel package.\
66	66	%{nil}
67		-@@ -692,6 +692,10 @@
	67	+@@ -698,6 +698,10 @@
68	68	ApplyOptionalPatch debrand-rh_taint.patch
69	69	ApplyOptionalPatch debrand-rh-i686-cpu.patch
70	70

		@@ -75,7 +75,7 @@
75	75	# Any further pre-build tree manipulations happen here.
76	76
77	77	chmod +x scripts/checkpatch.pl
78		-@@ -730,6 +734,17 @@
	78	+@@ -736,6 +740,17 @@
79	79	for i in *.config
80	80	do
81	81	mv $i .config

Show on old repository browser