Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-2.6.32-centos-6.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 266 by kumaneko, Sat Jul 14 05:40:15 2018 UTC revision 267 by kumaneko, Mon Aug 27 10:15:55 2018 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for CentOS 6.  This is TOMOYO Linux patch for CentOS 6.
2    
3  Source code for this patch is http://vault.centos.org/6.10/updates/Source/SPackages/kernel-2.6.32-754.2.1.el6.src.rpm  Source code for this patch is http://vault.centos.org/6.10/updates/Source/SPackages/kernel-2.6.32-754.3.5.el6.src.rpm
4  ---  ---
5   fs/compat.c               |    2 +-   fs/compat.c               |    2 +-
6   fs/compat_ioctl.c         |    3 +++   fs/compat_ioctl.c         |    3 +++
# Line 37  Source code for this patch is http://vau Line 37  Source code for this patch is http://vau
37   security/Makefile         |    3 +++   security/Makefile         |    3 +++
38   33 files changed, 201 insertions(+), 2 deletions(-)   33 files changed, 201 insertions(+), 2 deletions(-)
39    
40  --- linux-2.6.32-754.2.1.el6.orig/fs/compat.c  --- linux-2.6.32-754.3.5.el6.orig/fs/compat.c
41  +++ linux-2.6.32-754.2.1.el6/fs/compat.c  +++ linux-2.6.32-754.3.5.el6/fs/compat.c
42  @@ -1524,7 +1524,7 @@ int compat_do_execve(const char * filena  @@ -1524,7 +1524,7 @@ int compat_do_execve(const char * filena
43          if (retval < 0)          if (retval < 0)
44                  goto out;                  goto out;
# Line 48  Source code for this patch is http://vau Line 48  Source code for this patch is http://vau
48          if (retval < 0)          if (retval < 0)
49                  goto out;                  goto out;
50    
51  --- linux-2.6.32-754.2.1.el6.orig/fs/compat_ioctl.c  --- linux-2.6.32-754.3.5.el6.orig/fs/compat_ioctl.c
52  +++ linux-2.6.32-754.2.1.el6/fs/compat_ioctl.c  +++ linux-2.6.32-754.3.5.el6/fs/compat_ioctl.c
53  @@ -114,6 +114,7 @@  @@ -114,6 +114,7 @@
54   #ifdef CONFIG_SPARC   #ifdef CONFIG_SPARC
55   #include <asm/fbio.h>   #include <asm/fbio.h>
# Line 67  Source code for this patch is http://vau Line 67  Source code for this patch is http://vau
67          if (error)          if (error)
68                  goto out_fput;                  goto out_fput;
69    
70  --- linux-2.6.32-754.2.1.el6.orig/fs/exec.c  --- linux-2.6.32-754.3.5.el6.orig/fs/exec.c
71  +++ linux-2.6.32-754.2.1.el6/fs/exec.c  +++ linux-2.6.32-754.3.5.el6/fs/exec.c
72  @@ -1490,7 +1490,7 @@ int do_execve(const char * filename,  @@ -1490,7 +1490,7 @@ int do_execve(const char * filename,
73                  goto out;                  goto out;
74    
# Line 78  Source code for this patch is http://vau Line 78  Source code for this patch is http://vau
78          if (retval < 0)          if (retval < 0)
79                  goto out;                  goto out;
80    
81  --- linux-2.6.32-754.2.1.el6.orig/fs/fcntl.c  --- linux-2.6.32-754.3.5.el6.orig/fs/fcntl.c
82  +++ linux-2.6.32-754.2.1.el6/fs/fcntl.c  +++ linux-2.6.32-754.3.5.el6/fs/fcntl.c
83  @@ -428,6 +428,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,  @@ -431,6 +431,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
84                  goto out;                  goto out;
85    
86          err = security_file_fcntl(filp, cmd, arg);          err = security_file_fcntl(filp, cmd, arg);
# Line 89  Source code for this patch is http://vau Line 89  Source code for this patch is http://vau
89          if (err) {          if (err) {
90                  fput(filp);                  fput(filp);
91                  return err;                  return err;
92  @@ -453,6 +455,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f  @@ -456,6 +458,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f
93                  goto out;                  goto out;
94    
95          err = security_file_fcntl(filp, cmd, arg);          err = security_file_fcntl(filp, cmd, arg);
# Line 98  Source code for this patch is http://vau Line 98  Source code for this patch is http://vau
98          if (err) {          if (err) {
99                  fput(filp);                  fput(filp);
100                  return err;                  return err;
101  --- linux-2.6.32-754.2.1.el6.orig/fs/ioctl.c  --- linux-2.6.32-754.3.5.el6.orig/fs/ioctl.c
102  +++ linux-2.6.32-754.2.1.el6/fs/ioctl.c  +++ linux-2.6.32-754.3.5.el6/fs/ioctl.c
103  @@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,  @@ -639,6 +639,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
104                  goto out;                  goto out;
105    
# Line 109  Source code for this patch is http://vau Line 109  Source code for this patch is http://vau
109          if (error)          if (error)
110                  goto out_fput;                  goto out_fput;
111    
112  --- linux-2.6.32-754.2.1.el6.orig/fs/namei.c  --- linux-2.6.32-754.3.5.el6.orig/fs/namei.c
113  +++ linux-2.6.32-754.2.1.el6/fs/namei.c  +++ linux-2.6.32-754.3.5.el6/fs/namei.c
114  @@ -2067,6 +2067,11 @@ int may_open(struct path *path, int acc_  @@ -2070,6 +2070,11 @@ int may_open(struct path *path, int acc_
115          if (flag & O_NOATIME && !is_owner_or_cap(inode))          if (flag & O_NOATIME && !is_owner_or_cap(inode))
116                  return -EPERM;                  return -EPERM;
117    
# Line 123  Source code for this patch is http://vau Line 123  Source code for this patch is http://vau
123          /*          /*
124           * Ensure there are no outstanding leases on the file.           * Ensure there are no outstanding leases on the file.
125           */           */
126  @@ -2110,6 +2115,9 @@ static int __open_namei_create(struct na  @@ -2113,6 +2118,9 @@ static int __open_namei_create(struct na
127          if (!IS_POSIXACL(dir->d_inode))          if (!IS_POSIXACL(dir->d_inode))
128                  mode &= ~current_umask();                  mode &= ~current_umask();
129          error = security_path_mknod(&nd->path, path->dentry, mode, 0);          error = security_path_mknod(&nd->path, path->dentry, mode, 0);
# Line 133  Source code for this patch is http://vau Line 133  Source code for this patch is http://vau
133          if (error)          if (error)
134                  goto out_unlock;                  goto out_unlock;
135          error = vfs_create(dir->d_inode, path->dentry, mode, nd);          error = vfs_create(dir->d_inode, path->dentry, mode, nd);
136  @@ -2612,6 +2620,8 @@ retry:  @@ -2615,6 +2623,8 @@ retry:
137          if (error)          if (error)
138                  goto out_dput;                  goto out_dput;
139          error = security_path_mknod(&nd.path, dentry, mode, dev);          error = security_path_mknod(&nd.path, dentry, mode, dev);
# Line 142  Source code for this patch is http://vau Line 142  Source code for this patch is http://vau
142          if (error)          if (error)
143                  goto out_dput;                  goto out_dput;
144          switch (mode & S_IFMT) {          switch (mode & S_IFMT) {
145  @@ -2696,6 +2706,8 @@ retry:  @@ -2699,6 +2709,8 @@ retry:
146          if (!IS_POSIXACL(nd.path.dentry->d_inode))          if (!IS_POSIXACL(nd.path.dentry->d_inode))
147                  mode &= ~current_umask();                  mode &= ~current_umask();
148          error = security_path_mkdir(&nd.path, dentry, mode);          error = security_path_mkdir(&nd.path, dentry, mode);
# Line 151  Source code for this patch is http://vau Line 151  Source code for this patch is http://vau
151          if (error)          if (error)
152                  goto out_dput;                  goto out_dput;
153          error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);          error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
154  @@ -2814,6 +2826,8 @@ retry:  @@ -2817,6 +2829,8 @@ retry:
155          if (IS_ERR(dentry))          if (IS_ERR(dentry))
156                  goto exit2;                  goto exit2;
157          error = security_path_rmdir(&nd.path, dentry);          error = security_path_rmdir(&nd.path, dentry);
# Line 160  Source code for this patch is http://vau Line 160  Source code for this patch is http://vau
160          if (error)          if (error)
161                  goto exit3;                  goto exit3;
162          error = vfs_rmdir(nd.path.dentry->d_inode, dentry);          error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
163  @@ -2907,6 +2921,8 @@ retry:  @@ -2910,6 +2924,8 @@ retry:
164                  if (inode)                  if (inode)
165                          atomic_inc(&inode->i_count);                          atomic_inc(&inode->i_count);
166                  error = security_path_unlink(&nd.path, dentry);                  error = security_path_unlink(&nd.path, dentry);
# Line 169  Source code for this patch is http://vau Line 169  Source code for this patch is http://vau
169                  if (error)                  if (error)
170                          goto exit2;                          goto exit2;
171                  error = vfs_unlink(nd.path.dentry->d_inode, dentry);                  error = vfs_unlink(nd.path.dentry->d_inode, dentry);
172  @@ -3003,6 +3019,8 @@ retry:  @@ -3006,6 +3022,8 @@ retry:
173                  goto out_dput;                  goto out_dput;
174          }          }
175          error = security_path_symlink(&nd.path, dentry, from->name);          error = security_path_symlink(&nd.path, dentry, from->name);
# Line 178  Source code for this patch is http://vau Line 178  Source code for this patch is http://vau
178          if (error)          if (error)
179                  goto out_dput;                  goto out_dput;
180          error = vfs_symlink(nd.path.dentry->d_inode, dentry, from->name);          error = vfs_symlink(nd.path.dentry->d_inode, dentry, from->name);
181  @@ -3118,6 +3136,9 @@ retry:  @@ -3121,6 +3139,9 @@ retry:
182          if (IS_ERR(new_dentry))          if (IS_ERR(new_dentry))
183                  goto out_unlock;                  goto out_unlock;
184          error = security_path_link(old_path.dentry, &nd.path, new_dentry);          error = security_path_link(old_path.dentry, &nd.path, new_dentry);
# Line 188  Source code for this patch is http://vau Line 188  Source code for this patch is http://vau
188          if (error)          if (error)
189                  goto out_dput;                  goto out_dput;
190          error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);          error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
191  @@ -3370,6 +3391,9 @@ retry:  @@ -3373,6 +3394,9 @@ retry:
192    
193          error = security_path_rename(&oldnd.path, old_dentry,          error = security_path_rename(&oldnd.path, old_dentry,
194                                       &newnd.path, new_dentry);                                       &newnd.path, new_dentry);
# Line 198  Source code for this patch is http://vau Line 198  Source code for this patch is http://vau
198          if (error)          if (error)
199                  goto exit5;                  goto exit5;
200          error = vfs_rename(old_dir->d_inode, old_dentry,          error = vfs_rename(old_dir->d_inode, old_dentry,
201  --- linux-2.6.32-754.2.1.el6.orig/fs/namespace.c  --- linux-2.6.32-754.3.5.el6.orig/fs/namespace.c
202  +++ linux-2.6.32-754.2.1.el6/fs/namespace.c  +++ linux-2.6.32-754.3.5.el6/fs/namespace.c
203  @@ -1097,6 +1097,8 @@ static int do_umount(struct vfsmount *mn  @@ -1097,6 +1097,8 @@ static int do_umount(struct vfsmount *mn
204          LIST_HEAD(umount_list);          LIST_HEAD(umount_list);
205    
# Line 236  Source code for this patch is http://vau Line 236  Source code for this patch is http://vau
236          if (error) {          if (error) {
237                  path_put(&old);                  path_put(&old);
238                  goto out1;                  goto out1;
239  --- linux-2.6.32-754.2.1.el6.orig/fs/open.c  --- linux-2.6.32-754.3.5.el6.orig/fs/open.c
240  +++ linux-2.6.32-754.2.1.el6/fs/open.c  +++ linux-2.6.32-754.3.5.el6/fs/open.c
241  @@ -102,6 +102,8 @@ long vfs_truncate(struct path *path, lof  @@ -103,6 +103,8 @@ long vfs_truncate(struct path *path, lof
242          error = locks_verify_truncate(inode, NULL, length);          error = locks_verify_truncate(inode, NULL, length);
243          if (!error)          if (!error)
244                  error = security_path_truncate(path, length, 0);                  error = security_path_truncate(path, length, 0);
# Line 247  Source code for this patch is http://vau Line 247  Source code for this patch is http://vau
247          if (!error) {          if (!error) {
248                  vfs_dq_init(inode);                  vfs_dq_init(inode);
249                  error = do_truncate(path->dentry, length, 0, NULL);                  error = do_truncate(path->dentry, length, 0, NULL);
250  @@ -183,6 +185,8 @@ static long do_sys_ftruncate(unsigned in  @@ -184,6 +186,8 @@ static long do_sys_ftruncate(unsigned in
251                  error = security_path_truncate(&file->f_path, length,                  error = security_path_truncate(&file->f_path, length,
252                                                 ATTR_MTIME|ATTR_CTIME);                                                 ATTR_MTIME|ATTR_CTIME);
253          if (!error)          if (!error)
# Line 256  Source code for this patch is http://vau Line 256  Source code for this patch is http://vau
256                  error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);                  error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
257          sb_end_write(inode->i_sb);          sb_end_write(inode->i_sb);
258   out_putf:   out_putf:
259  @@ -464,6 +468,8 @@ retry:  @@ -465,6 +469,8 @@ retry:
260          error = -EPERM;          error = -EPERM;
261          if (!capable(CAP_SYS_CHROOT))          if (!capable(CAP_SYS_CHROOT))
262                  goto dput_and_out;                  goto dput_and_out;
# Line 265  Source code for this patch is http://vau Line 265  Source code for this patch is http://vau
265    
266          set_fs_root(current->fs, &path);          set_fs_root(current->fs, &path);
267          error = 0;          error = 0;
268  @@ -497,6 +503,9 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd  @@ -498,6 +504,9 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
269          err = mnt_want_write_file(file);          err = mnt_want_write_file(file);
270          if (err)          if (err)
271                  goto out_putf;                  goto out_putf;
# Line 275  Source code for this patch is http://vau Line 275  Source code for this patch is http://vau
275          mutex_lock(&inode->i_mutex);          mutex_lock(&inode->i_mutex);
276          if (mode == (mode_t) -1)          if (mode == (mode_t) -1)
277                  mode = inode->i_mode;                  mode = inode->i_mode;
278  @@ -504,6 +513,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd  @@ -505,6 +514,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
279          newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;          newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
280          err = notify_change(dentry, &newattrs);          err = notify_change(dentry, &newattrs);
281          mutex_unlock(&inode->i_mutex);          mutex_unlock(&inode->i_mutex);
# Line 283  Source code for this patch is http://vau Line 283  Source code for this patch is http://vau
283          mnt_drop_write(file->f_path.mnt);          mnt_drop_write(file->f_path.mnt);
284   out_putf:   out_putf:
285          fput(file);          fput(file);
286  @@ -527,6 +537,9 @@ retry:  @@ -528,6 +538,9 @@ retry:
287          error = mnt_want_write(path.mnt);          error = mnt_want_write(path.mnt);
288          if (error)          if (error)
289                  goto dput_and_out;                  goto dput_and_out;
# Line 293  Source code for this patch is http://vau Line 293  Source code for this patch is http://vau
293          mutex_lock(&inode->i_mutex);          mutex_lock(&inode->i_mutex);
294          if (mode == (mode_t) -1)          if (mode == (mode_t) -1)
295                  mode = inode->i_mode;                  mode = inode->i_mode;
296  @@ -534,6 +547,7 @@ retry:  @@ -535,6 +548,7 @@ retry:
297          newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;          newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
298          error = notify_change(path.dentry, &newattrs);          error = notify_change(path.dentry, &newattrs);
299          mutex_unlock(&inode->i_mutex);          mutex_unlock(&inode->i_mutex);
# Line 301  Source code for this patch is http://vau Line 301  Source code for this patch is http://vau
301          mnt_drop_write(path.mnt);          mnt_drop_write(path.mnt);
302   dput_and_out:   dput_and_out:
303          path_put(&path);          path_put(&path);
304  @@ -593,6 +607,8 @@ retry:  @@ -594,6 +608,8 @@ retry:
305          error = mnt_want_write(path.mnt);          error = mnt_want_write(path.mnt);
306          if (error)          if (error)
307                  goto out_release;                  goto out_release;
# Line 310  Source code for this patch is http://vau Line 310  Source code for this patch is http://vau
310          error = chown_common(path.dentry, user, group);          error = chown_common(path.dentry, user, group);
311          mnt_drop_write(path.mnt);          mnt_drop_write(path.mnt);
312   out_release:   out_release:
313  @@ -631,6 +647,8 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd  @@ -632,6 +648,8 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
314                  goto out_fput;                  goto out_fput;
315          dentry = file->f_path.dentry;          dentry = file->f_path.dentry;
316          audit_inode(NULL, dentry, 0);          audit_inode(NULL, dentry, 0);
# Line 319  Source code for this patch is http://vau Line 319  Source code for this patch is http://vau
319          error = chown_common(dentry, user, group);          error = chown_common(dentry, user, group);
320          mnt_drop_write(file->f_path.mnt);          mnt_drop_write(file->f_path.mnt);
321   out_fput:   out_fput:
322  @@ -1028,6 +1046,8 @@ EXPORT_SYMBOL(sys_close);  @@ -1032,6 +1050,8 @@ EXPORT_SYMBOL(sys_close);
323    */    */
324   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
325   {   {
# Line 328  Source code for this patch is http://vau Line 328  Source code for this patch is http://vau
328          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
329                  tty_vhangup_self();                  tty_vhangup_self();
330                  return 0;                  return 0;
331  --- linux-2.6.32-754.2.1.el6.orig/fs/proc/version.c  --- linux-2.6.32-754.3.5.el6.orig/fs/proc/version.c
332  +++ linux-2.6.32-754.2.1.el6/fs/proc/version.c  +++ linux-2.6.32-754.3.5.el6/fs/proc/version.c
333  @@ -32,3 +32,10 @@ static int __init proc_version_init(void  @@ -32,3 +32,10 @@ static int __init proc_version_init(void
334          return 0;          return 0;
335   }   }
# Line 337  Source code for this patch is http://vau Line 337  Source code for this patch is http://vau
337  +  +
338  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
339  +{  +{
340  +       printk(KERN_INFO "Hook version: 2.6.32-754.2.1.el6 2018/07/14\n");  +       printk(KERN_INFO "Hook version: 2.6.32-754.3.5.el6 2018/08/25\n");
341  +       return 0;  +       return 0;
342  +}  +}
343  +module_init(ccs_show_version);  +module_init(ccs_show_version);
344  --- linux-2.6.32-754.2.1.el6.orig/fs/stat.c  --- linux-2.6.32-754.3.5.el6.orig/fs/stat.c
345  +++ linux-2.6.32-754.2.1.el6/fs/stat.c  +++ linux-2.6.32-754.3.5.el6/fs/stat.c
346  @@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st  @@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st
347          int retval;          int retval;
348    
# Line 352  Source code for this patch is http://vau Line 352  Source code for this patch is http://vau
352          if (retval)          if (retval)
353                  return retval;                  return retval;
354    
355  --- linux-2.6.32-754.2.1.el6.orig/include/linux/init_task.h  --- linux-2.6.32-754.3.5.el6.orig/include/linux/init_task.h
356  +++ linux-2.6.32-754.2.1.el6/include/linux/init_task.h  +++ linux-2.6.32-754.3.5.el6/include/linux/init_task.h
357  @@ -123,6 +123,14 @@ extern struct cred init_cred;  @@ -123,6 +123,14 @@ extern struct cred init_cred;
358   # define INIT_PERF_EVENTS(tsk)   # define INIT_PERF_EVENTS(tsk)
359   #endif   #endif
# Line 377  Source code for this patch is http://vau Line 377  Source code for this patch is http://vau
377   }   }
378    
379    
380  --- linux-2.6.32-754.2.1.el6.orig/include/linux/sched.h  --- linux-2.6.32-754.3.5.el6.orig/include/linux/sched.h
381  +++ linux-2.6.32-754.2.1.el6/include/linux/sched.h  +++ linux-2.6.32-754.3.5.el6/include/linux/sched.h
382  @@ -43,6 +43,8 @@  @@ -43,6 +43,8 @@
383    
384   #ifdef __KERNEL__   #ifdef __KERNEL__
# Line 399  Source code for this patch is http://vau Line 399  Source code for this patch is http://vau
399   };   };
400    
401   /* Future-safe accessor for struct task_struct's cpus_allowed. */   /* Future-safe accessor for struct task_struct's cpus_allowed. */
402  --- linux-2.6.32-754.2.1.el6.orig/include/linux/security.h  --- linux-2.6.32-754.3.5.el6.orig/include/linux/security.h
403  +++ linux-2.6.32-754.2.1.el6/include/linux/security.h  +++ linux-2.6.32-754.3.5.el6/include/linux/security.h
404  @@ -35,6 +35,7 @@  @@ -35,6 +35,7 @@
405   #include <linux/xfrm.h>   #include <linux/xfrm.h>
406   #include <linux/gfp.h>   #include <linux/gfp.h>
# Line 409  Source code for this patch is http://vau Line 409  Source code for this patch is http://vau
409    
410   /* Maximum number of letters for an LSM name string */   /* Maximum number of letters for an LSM name string */
411   #define SECURITY_NAME_MAX      10   #define SECURITY_NAME_MAX      10
412  --- linux-2.6.32-754.2.1.el6.orig/include/net/ip.h  --- linux-2.6.32-754.3.5.el6.orig/include/net/ip.h
413  +++ linux-2.6.32-754.2.1.el6/include/net/ip.h  +++ linux-2.6.32-754.3.5.el6/include/net/ip.h
414  @@ -33,6 +33,7 @@  @@ -33,6 +33,7 @@
415   #endif   #endif
416   #include <net/snmp.h>   #include <net/snmp.h>
# Line 428  Source code for this patch is http://vau Line 428  Source code for this patch is http://vau
428          return test_bit(port, sysctl_local_reserved_ports);          return test_bit(port, sysctl_local_reserved_ports);
429   }   }
430    
431  --- linux-2.6.32-754.2.1.el6.orig/kernel/compat.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/compat.c
432  +++ linux-2.6.32-754.2.1.el6/kernel/compat.c  +++ linux-2.6.32-754.3.5.el6/kernel/compat.c
433  @@ -1005,6 +1005,8 @@ asmlinkage long compat_sys_stime(compat_  @@ -1005,6 +1005,8 @@ asmlinkage long compat_sys_stime(compat_
434          err = security_settime(&tv, NULL);          err = security_settime(&tv, NULL);
435          if (err)          if (err)
# Line 439  Source code for this patch is http://vau Line 439  Source code for this patch is http://vau
439    
440          do_settimeofday(&tv);          do_settimeofday(&tv);
441          return 0;          return 0;
442  --- linux-2.6.32-754.2.1.el6.orig/kernel/fork.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/fork.c
443  +++ linux-2.6.32-754.2.1.el6/kernel/fork.c  +++ linux-2.6.32-754.3.5.el6/kernel/fork.c
444  @@ -206,6 +206,7 @@ void __put_task_struct(struct task_struc  @@ -206,6 +206,7 @@ void __put_task_struct(struct task_struc
445          exit_creds(tsk);          exit_creds(tsk);
446          delayacct_tsk_free(tsk);          delayacct_tsk_free(tsk);
# Line 467  Source code for this patch is http://vau Line 467  Source code for this patch is http://vau
467   bad_fork_cleanup_perf:   bad_fork_cleanup_perf:
468          perf_event_free_task(p);          perf_event_free_task(p);
469   bad_fork_cleanup_policy:   bad_fork_cleanup_policy:
470  --- linux-2.6.32-754.2.1.el6.orig/kernel/kexec.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/kexec.c
471  +++ linux-2.6.32-754.2.1.el6/kernel/kexec.c  +++ linux-2.6.32-754.3.5.el6/kernel/kexec.c
472  @@ -41,6 +41,7 @@  @@ -41,6 +41,7 @@
473   #include <asm/system.h>   #include <asm/system.h>
474   #include <asm/sections.h>   #include <asm/sections.h>
# Line 486  Source code for this patch is http://vau Line 486  Source code for this patch is http://vau
486    
487          if (kexec_load_disabled)          if (kexec_load_disabled)
488                  return -EPERM;                  return -EPERM;
489  --- linux-2.6.32-754.2.1.el6.orig/kernel/module.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/module.c
490  +++ linux-2.6.32-754.2.1.el6/kernel/module.c  +++ linux-2.6.32-754.3.5.el6/kernel/module.c
491  @@ -56,6 +56,7 @@  @@ -57,6 +57,7 @@
492   #include <linux/percpu.h>   #include <linux/percpu.h>
493   #include <linux/kmemleak.h>   #include <linux/kmemleak.h>
494   #include "module-verify.h"   #include "module-verify.h"
# Line 496  Source code for this patch is http://vau Line 496  Source code for this patch is http://vau
496    
497   #define CREATE_TRACE_POINTS   #define CREATE_TRACE_POINTS
498   #include <trace/events/module.h>   #include <trace/events/module.h>
499  @@ -805,6 +806,8 @@ SYSCALL_DEFINE2(delete_module, const cha  @@ -806,6 +807,8 @@ SYSCALL_DEFINE2(delete_module, const cha
500    
501          if (!capable(CAP_SYS_MODULE) || modules_disabled)          if (!capable(CAP_SYS_MODULE) || modules_disabled)
502                  return -EPERM;                  return -EPERM;
# Line 505  Source code for this patch is http://vau Line 505  Source code for this patch is http://vau
505    
506          if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)          if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
507                  return -EFAULT;                  return -EFAULT;
508  @@ -2625,6 +2628,8 @@ SYSCALL_DEFINE3(init_module, void __user  @@ -2626,6 +2629,8 @@ SYSCALL_DEFINE3(init_module, void __user
509          /* Must have permission */          /* Must have permission */
510          if (!capable(CAP_SYS_MODULE) || modules_disabled)          if (!capable(CAP_SYS_MODULE) || modules_disabled)
511                  return -EPERM;                  return -EPERM;
512  +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))  +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
513  +               return -EPERM;  +               return -EPERM;
514    
515          /* Only one module load at a time, please */          /*
516          if (mutex_lock_interruptible(&module_mutex) != 0)           * Make sure we don't speculate past the CAP_SYS_MODULE check.  The
517  --- linux-2.6.32-754.2.1.el6.orig/kernel/ptrace.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/ptrace.c
518  +++ linux-2.6.32-754.2.1.el6/kernel/ptrace.c  +++ linux-2.6.32-754.3.5.el6/kernel/ptrace.c
519  @@ -199,6 +199,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -199,6 +199,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
520   {   {
521          struct task_struct *child;          struct task_struct *child;
# Line 540  Source code for this patch is http://vau Line 540  Source code for this patch is http://vau
540    
541          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
542                  ret = ptrace_traceme();                  ret = ptrace_traceme();
543  --- linux-2.6.32-754.2.1.el6.orig/kernel/sched.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/sched.c
544  +++ linux-2.6.32-754.2.1.el6/kernel/sched.c  +++ linux-2.6.32-754.3.5.el6/kernel/sched.c
545  @@ -6868,6 +6868,8 @@ int can_nice(const struct task_struct *p  @@ -6868,6 +6868,8 @@ int can_nice(const struct task_struct *p
546   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
547   {   {
# Line 551  Source code for this patch is http://vau Line 551  Source code for this patch is http://vau
551    
552          /*          /*
553           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
554  --- linux-2.6.32-754.2.1.el6.orig/kernel/signal.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/signal.c
555  +++ linux-2.6.32-754.2.1.el6/kernel/signal.c  +++ linux-2.6.32-754.3.5.el6/kernel/signal.c
556  @@ -2312,6 +2312,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s  @@ -2316,6 +2316,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
557   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
558   {   {
559          struct siginfo info;          struct siginfo info;
# Line 562  Source code for this patch is http://vau Line 562  Source code for this patch is http://vau
562    
563          info.si_signo = sig;          info.si_signo = sig;
564          info.si_errno = 0;          info.si_errno = 0;
565  @@ -2380,6 +2382,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid  @@ -2384,6 +2386,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
566          /* This is only valid for single tasks */          /* This is only valid for single tasks */
567          if (pid <= 0 || tgid <= 0)          if (pid <= 0 || tgid <= 0)
568                  return -EINVAL;                  return -EINVAL;
# Line 571  Source code for this patch is http://vau Line 571  Source code for this patch is http://vau
571    
572          return do_tkill(tgid, pid, sig);          return do_tkill(tgid, pid, sig);
573   }   }
574  @@ -2392,6 +2396,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,  @@ -2396,6 +2400,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
575          /* This is only valid for single tasks */          /* This is only valid for single tasks */
576          if (pid <= 0)          if (pid <= 0)
577                  return -EINVAL;                  return -EINVAL;
# Line 580  Source code for this patch is http://vau Line 580  Source code for this patch is http://vau
580    
581          return do_tkill(0, pid, sig);          return do_tkill(0, pid, sig);
582   }   }
583  @@ -2411,6 +2417,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,  @@ -2415,6 +2421,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
584                  return -EPERM;                  return -EPERM;
585    
586          info.si_signo = sig;          info.si_signo = sig;
# Line 589  Source code for this patch is http://vau Line 589  Source code for this patch is http://vau
589    
590          /* POSIX.1b doesn't mention process groups.  */          /* POSIX.1b doesn't mention process groups.  */
591          return kill_proc_info(sig, &info, pid);          return kill_proc_info(sig, &info, pid);
592  @@ -2429,6 +2437,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi  @@ -2433,6 +2441,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
593                  return -EPERM;                  return -EPERM;
594    
595          info->si_signo = sig;          info->si_signo = sig;
# Line 598  Source code for this patch is http://vau Line 598  Source code for this patch is http://vau
598    
599          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
600   }   }
601  --- linux-2.6.32-754.2.1.el6.orig/kernel/sys.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/sys.c
602  +++ linux-2.6.32-754.2.1.el6/kernel/sys.c  +++ linux-2.6.32-754.3.5.el6/kernel/sys.c
603  @@ -159,6 +159,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -163,6 +163,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
604    
605          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
606                  goto out;                  goto out;
# Line 611  Source code for this patch is http://vau Line 611  Source code for this patch is http://vau
611    
612          /* normalize: avoid signed division (rounding problems) */          /* normalize: avoid signed division (rounding problems) */
613          error = -ESRCH;          error = -ESRCH;
614  @@ -382,6 +386,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int  @@ -386,6 +390,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
615                          magic2 != LINUX_REBOOT_MAGIC2B &&                          magic2 != LINUX_REBOOT_MAGIC2B &&
616                          magic2 != LINUX_REBOOT_MAGIC2C))                          magic2 != LINUX_REBOOT_MAGIC2C))
617                  return -EINVAL;                  return -EINVAL;
# Line 620  Source code for this patch is http://vau Line 620  Source code for this patch is http://vau
620    
621          /*          /*
622           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
623  @@ -1155,6 +1161,8 @@ SYSCALL_DEFINE2(sethostname, char __user  @@ -1159,6 +1165,8 @@ SYSCALL_DEFINE2(sethostname, char __user
624                  return -EPERM;                  return -EPERM;
625          if (len < 0 || len > __NEW_UTS_LEN)          if (len < 0 || len > __NEW_UTS_LEN)
626                  return -EINVAL;                  return -EINVAL;
# Line 629  Source code for this patch is http://vau Line 629  Source code for this patch is http://vau
629          down_write(&uts_sem);          down_write(&uts_sem);
630          errno = -EFAULT;          errno = -EFAULT;
631          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
632  @@ -1204,6 +1212,8 @@ SYSCALL_DEFINE2(setdomainname, char __us  @@ -1208,6 +1216,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
633                  return -EPERM;                  return -EPERM;
634          if (len < 0 || len > __NEW_UTS_LEN)          if (len < 0 || len > __NEW_UTS_LEN)
635                  return -EINVAL;                  return -EINVAL;
# Line 638  Source code for this patch is http://vau Line 638  Source code for this patch is http://vau
638    
639          down_write(&uts_sem);          down_write(&uts_sem);
640          errno = -EFAULT;          errno = -EFAULT;
641  --- linux-2.6.32-754.2.1.el6.orig/kernel/sysctl.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/sysctl.c
642  +++ linux-2.6.32-754.2.1.el6/kernel/sysctl.c  +++ linux-2.6.32-754.3.5.el6/kernel/sysctl.c
643  @@ -2130,6 +2130,9 @@ int do_sysctl(int __user *name, int nlen  @@ -2130,6 +2130,9 @@ int do_sysctl(int __user *name, int nlen
644    
645          for (head = sysctl_head_next(NULL); head;          for (head = sysctl_head_next(NULL); head;
# Line 650  Source code for this patch is http://vau Line 650  Source code for this patch is http://vau
650                  error = parse_table(name, nlen, oldval, oldlenp,                  error = parse_table(name, nlen, oldval, oldlenp,
651                                          newval, newlen,                                          newval, newlen,
652                                          head->root, head->ctl_table);                                          head->root, head->ctl_table);
653  --- linux-2.6.32-754.2.1.el6.orig/kernel/time.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/time.c
654  +++ linux-2.6.32-754.2.1.el6/kernel/time.c  +++ linux-2.6.32-754.3.5.el6/kernel/time.c
655  @@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,  @@ -92,6 +92,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
656          err = security_settime(&tv, NULL);          err = security_settime(&tv, NULL);
657          if (err)          if (err)
# Line 670  Source code for this patch is http://vau Line 670  Source code for this patch is http://vau
670    
671          if (tz) {          if (tz) {
672                  /* SMP safe, global irq locking makes it work. */                  /* SMP safe, global irq locking makes it work. */
673  --- linux-2.6.32-754.2.1.el6.orig/kernel/time/ntp.c  --- linux-2.6.32-754.3.5.el6.orig/kernel/time/ntp.c
674  +++ linux-2.6.32-754.2.1.el6/kernel/time/ntp.c  +++ linux-2.6.32-754.3.5.el6/kernel/time/ntp.c
675  @@ -14,6 +14,7 @@  @@ -14,6 +14,7 @@
676   #include <linux/timex.h>   #include <linux/timex.h>
677   #include <linux/time.h>   #include <linux/time.h>
# Line 696  Source code for this patch is http://vau Line 696  Source code for this patch is http://vau
696    
697                  /*                  /*
698                   * if the quartz is off by more than 10% then                   * if the quartz is off by more than 10% then
699  --- linux-2.6.32-754.2.1.el6.orig/net/ipv4/raw.c  --- linux-2.6.32-754.3.5.el6.orig/net/ipv4/raw.c
700  +++ linux-2.6.32-754.2.1.el6/net/ipv4/raw.c  +++ linux-2.6.32-754.3.5.el6/net/ipv4/raw.c
701  @@ -77,6 +77,7 @@  @@ -77,6 +77,7 @@
702   #include <linux/seq_file.h>   #include <linux/seq_file.h>
703   #include <linux/netfilter.h>   #include <linux/netfilter.h>
# Line 717  Source code for this patch is http://vau Line 717  Source code for this patch is http://vau
717    
718          copied = skb->len;          copied = skb->len;
719          if (len < copied) {          if (len < copied) {
720  --- linux-2.6.32-754.2.1.el6.orig/net/ipv4/udp.c  --- linux-2.6.32-754.3.5.el6.orig/net/ipv4/udp.c
721  +++ linux-2.6.32-754.2.1.el6/net/ipv4/udp.c  +++ linux-2.6.32-754.3.5.el6/net/ipv4/udp.c
722  @@ -108,6 +108,7 @@  @@ -108,6 +108,7 @@
723   #include <trace/events/udp.h>   #include <trace/events/udp.h>
724   #include <net/busy_poll.h>   #include <net/busy_poll.h>
# Line 738  Source code for this patch is http://vau Line 738  Source code for this patch is http://vau
738    
739          ulen = skb->len - sizeof(struct udphdr);          ulen = skb->len - sizeof(struct udphdr);
740          copied = len;          copied = len;
741  --- linux-2.6.32-754.2.1.el6.orig/net/ipv6/raw.c  --- linux-2.6.32-754.3.5.el6.orig/net/ipv6/raw.c
742  +++ linux-2.6.32-754.2.1.el6/net/ipv6/raw.c  +++ linux-2.6.32-754.3.5.el6/net/ipv6/raw.c
743  @@ -59,6 +59,7 @@  @@ -59,6 +59,7 @@
744    
745   #include <linux/proc_fs.h>   #include <linux/proc_fs.h>
# Line 759  Source code for this patch is http://vau Line 759  Source code for this patch is http://vau
759    
760          copied = skb->len;          copied = skb->len;
761          if (copied > len) {          if (copied > len) {
762  --- linux-2.6.32-754.2.1.el6.orig/net/ipv6/udp.c  --- linux-2.6.32-754.3.5.el6.orig/net/ipv6/udp.c
763  +++ linux-2.6.32-754.2.1.el6/net/ipv6/udp.c  +++ linux-2.6.32-754.3.5.el6/net/ipv6/udp.c
764  @@ -50,6 +50,7 @@  @@ -50,6 +50,7 @@
765   #include <linux/proc_fs.h>   #include <linux/proc_fs.h>
766   #include <linux/seq_file.h>   #include <linux/seq_file.h>
# Line 780  Source code for this patch is http://vau Line 780  Source code for this patch is http://vau
780    
781          ulen = skb->len - sizeof(struct udphdr);          ulen = skb->len - sizeof(struct udphdr);
782          copied = len;          copied = len;
783  --- linux-2.6.32-754.2.1.el6.orig/net/socket.c  --- linux-2.6.32-754.3.5.el6.orig/net/socket.c
784  +++ linux-2.6.32-754.2.1.el6/net/socket.c  +++ linux-2.6.32-754.3.5.el6/net/socket.c
785  @@ -578,6 +578,8 @@ static inline int __sock_sendmsg(struct  @@ -579,6 +579,8 @@ static inline int __sock_sendmsg(struct
786                                   struct msghdr *msg, size_t size)                                   struct msghdr *msg, size_t size)
787   {   {
788          int err = security_socket_sendmsg(sock, msg, size);          int err = security_socket_sendmsg(sock, msg, size);
# Line 791  Source code for this patch is http://vau Line 791  Source code for this patch is http://vau
791    
792          return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);          return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
793   }   }
794  @@ -1242,6 +1244,8 @@ int __sock_create(struct net *net, int f  @@ -1243,6 +1245,8 @@ int __sock_create(struct net *net, int f
795          }          }
796    
797          err = security_socket_create(family, type, protocol, kern);          err = security_socket_create(family, type, protocol, kern);
# Line 800  Source code for this patch is http://vau Line 800  Source code for this patch is http://vau
800          if (err)          if (err)
801                  return err;                  return err;
802    
803  @@ -1471,6 +1475,11 @@ SYSCALL_DEFINE3(bind, int, fd, struct so  @@ -1472,6 +1476,11 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
804                                                     (struct sockaddr *)&address,                                                     (struct sockaddr *)&address,
805                                                     addrlen);                                                     addrlen);
806                          if (!err)                          if (!err)
# Line 812  Source code for this patch is http://vau Line 812  Source code for this patch is http://vau
812                                  err = sock->ops->bind(sock,                                  err = sock->ops->bind(sock,
813                                                        (struct sockaddr *)                                                        (struct sockaddr *)
814                                                        &address, addrlen);                                                        &address, addrlen);
815  @@ -1500,6 +1509,8 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba  @@ -1501,6 +1510,8 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
816    
817                  err = security_socket_listen(sock, backlog);                  err = security_socket_listen(sock, backlog);
818                  if (!err)                  if (!err)
# Line 821  Source code for this patch is http://vau Line 821  Source code for this patch is http://vau
821                          err = sock->ops->listen(sock, backlog);                          err = sock->ops->listen(sock, backlog);
822    
823                  fput_light(sock->file, fput_needed);                  fput_light(sock->file, fput_needed);
824  @@ -1565,6 +1576,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct  @@ -1566,6 +1577,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
825          if (err < 0)          if (err < 0)
826                  goto out_fd;                  goto out_fd;
827    
# Line 832  Source code for this patch is http://vau Line 832  Source code for this patch is http://vau
832          if (upeer_sockaddr) {          if (upeer_sockaddr) {
833                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
834                                            &len, 2) < 0) {                                            &len, 2) < 0) {
835  @@ -1626,6 +1641,9 @@ SYSCALL_DEFINE3(connect, int, fd, struct  @@ -1627,6 +1642,9 @@ SYSCALL_DEFINE3(connect, int, fd, struct
836    
837          err =          err =
838              security_socket_connect(sock, (struct sockaddr *)&address, addrlen);              security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
# Line 842  Source code for this patch is http://vau Line 842  Source code for this patch is http://vau
842          if (err)          if (err)
843                  goto out_put;                  goto out_put;
844    
845  --- linux-2.6.32-754.2.1.el6.orig/net/unix/af_unix.c  --- linux-2.6.32-754.3.5.el6.orig/net/unix/af_unix.c
846  +++ linux-2.6.32-754.2.1.el6/net/unix/af_unix.c  +++ linux-2.6.32-754.3.5.el6/net/unix/af_unix.c
847  @@ -981,6 +981,9 @@ static int unix_bind(struct socket *sock  @@ -984,6 +984,9 @@ static int unix_bind(struct socket *sock
848                  mode = S_IFSOCK |                  mode = S_IFSOCK |
849                         (SOCK_INODE(sock)->i_mode & ~current_umask());                         (SOCK_INODE(sock)->i_mode & ~current_umask());
850                  err = security_path_mknod(&nd.path, dentry, mode, 0);                  err = security_path_mknod(&nd.path, dentry, mode, 0);
# Line 854  Source code for this patch is http://vau Line 854  Source code for this patch is http://vau
854                  if (err)                  if (err)
855                          goto out_mknod_dput;                          goto out_mknod_dput;
856                  err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);                  err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
857  @@ -1948,6 +1951,10 @@ static int unix_dgram_recvmsg(struct kio  @@ -1951,6 +1954,10 @@ static int unix_dgram_recvmsg(struct kio
858    
859          wake_up_interruptible_sync(&u->peer_wait);          wake_up_interruptible_sync(&u->peer_wait);
860    
# Line 865  Source code for this patch is http://vau Line 865  Source code for this patch is http://vau
865          if (msg->msg_name)          if (msg->msg_name)
866                  unix_copy_addr(msg, skb->sk);                  unix_copy_addr(msg, skb->sk);
867    
868  --- linux-2.6.32-754.2.1.el6.orig/security/Kconfig  --- linux-2.6.32-754.3.5.el6.orig/security/Kconfig
869  +++ linux-2.6.32-754.2.1.el6/security/Kconfig  +++ linux-2.6.32-754.3.5.el6/security/Kconfig
870  @@ -188,5 +188,7 @@ source security/tomoyo/Kconfig  @@ -188,5 +188,7 @@ source security/tomoyo/Kconfig
871    
872   source security/integrity/ima/Kconfig   source security/integrity/ima/Kconfig
# Line 875  Source code for this patch is http://vau Line 875  Source code for this patch is http://vau
875  +  +
876   endmenu   endmenu
877    
878  --- linux-2.6.32-754.2.1.el6.orig/security/Makefile  --- linux-2.6.32-754.3.5.el6.orig/security/Makefile
879  +++ linux-2.6.32-754.2.1.el6/security/Makefile  +++ linux-2.6.32-754.3.5.el6/security/Makefile
880  @@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c  @@ -25,3 +25,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
881   # Object integrity file lists   # Object integrity file lists
882   subdir-$(CONFIG_IMA)                   += integrity/ima   subdir-$(CONFIG_IMA)                   += integrity/ima
Legend:
Removed from v.266  
changed lines
  Added in v.267
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help