Diff of /trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff

OSDN > Find Software > CaitSith

 Browse Subversion Repository



/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff




Diff of /trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff



 Parent Directory

|  Revision Log



|  Patch














revision 129 by kumaneko,
Thu Nov 20 12:52:57 2014 UTC




revision 137 by kumaneko,
Mon Jan 12 13:02:37 2015 UTC






#

Line 1 



Line 1 













1
 This is TOMOYO Linux patch for CentOS 7.
 This is TOMOYO Linux patch for CentOS 7.

















2
 
 















3


 Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-123.9.3.el7.src.rpm


 Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-123.13.2.el7.src.rpm















4
 ---
 ---

















5
  fs/exec.c                 |    2 
  fs/exec.c                 |    2 

















6
  fs/open.c                 |    2 
  fs/open.c                 |    2 











#

Line 28 
 Source code for this patch is http://vau


Line 28 
 Source code for this patch is http://vau












28
  security/security.c       |  107 ++++++++++++++++++++++++++++++++++++++++------
  security/security.c       |  107 ++++++++++++++++++++++++++++++++++++++++------

















29
  24 files changed, 234 insertions(+), 37 deletions(-)
  24 files changed, 234 insertions(+), 37 deletions(-)

















30
 
 















31


 --- linux-3.10.0-123.9.3.el7.orig/fs/exec.c


 --- linux-3.10.0-123.13.2.el7.orig/fs/exec.c













32


 +++ linux-3.10.0-123.9.3.el7/fs/exec.c


 +++ linux-3.10.0-123.13.2.el7/fs/exec.c















33
 @@ -1536,7 +1536,7 @@ static int do_execve_common(const char *
 @@ -1536,7 +1536,7 @@ static int do_execve_common(const char *

















34
         if (retval < 0)
         if (retval < 0)

















35
                 goto out;
                 goto out;











#

Line 39 
 Source code for this patch is http://vau


Line 39 
 Source code for this patch is http://vau












39
         if (retval < 0)
         if (retval < 0)

















40
                 goto out;
                 goto out;

















41
  
  















42


 --- linux-3.10.0-123.9.3.el7.orig/fs/open.c


 --- linux-3.10.0-123.13.2.el7.orig/fs/open.c













43


 +++ linux-3.10.0-123.9.3.el7/fs/open.c


 +++ linux-3.10.0-123.13.2.el7/fs/open.c















44
 @@ -1064,6 +1064,8 @@ EXPORT_SYMBOL(sys_close);
 @@ -1064,6 +1064,8 @@ EXPORT_SYMBOL(sys_close);

















45
   */
   */

















46
  SYSCALL_DEFINE0(vhangup)
  SYSCALL_DEFINE0(vhangup)











#

Line 50 
 Source code for this patch is http://vau


Line 50 
 Source code for this patch is http://vau












50
         if (capable(CAP_SYS_TTY_CONFIG)) {
         if (capable(CAP_SYS_TTY_CONFIG)) {

















51
                 tty_vhangup_self();
                 tty_vhangup_self();

















52
                 return 0;
                 return 0;















53


 --- linux-3.10.0-123.9.3.el7.orig/fs/proc/version.c


 --- linux-3.10.0-123.13.2.el7.orig/fs/proc/version.c













54


 +++ linux-3.10.0-123.9.3.el7/fs/proc/version.c


 +++ linux-3.10.0-123.13.2.el7/fs/proc/version.c















55
 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
 @@ -32,3 +32,10 @@ static int __init proc_version_init(void

















56
         return 0;
         return 0;

















57
  }
  }











#

Line 59 
 Source code for this patch is http://vau


Line 59 
 Source code for this patch is http://vau












59
 +
 +

















60
 +static int __init ccs_show_version(void)
 +static int __init ccs_show_version(void)

















61
 +{
 +{















62


 +       printk(KERN_INFO "Hook version: 3.10.0-123.9.3.el7 2014/11/10\n");


 +       printk(KERN_INFO "Hook version: 3.10.0-123.13.2.el7 2015/01/04\n");















63
 +       return 0;
 +       return 0;

















64
 +}
 +}

















65
 +module_init(ccs_show_version);
 +module_init(ccs_show_version);















66


 --- linux-3.10.0-123.9.3.el7.orig/include/linux/init_task.h


 --- linux-3.10.0-123.13.2.el7.orig/include/linux/init_task.h













67


 +++ linux-3.10.0-123.9.3.el7/include/linux/init_task.h


 +++ linux-3.10.0-123.13.2.el7/include/linux/init_task.h















68
 @@ -155,6 +155,14 @@ extern struct task_group root_task_group
 @@ -155,6 +155,14 @@ extern struct task_group root_task_group

















69
  
  

















70
  #define INIT_TASK_COMM "swapper"
  #define INIT_TASK_COMM "swapper"











#

Line 88 
 Source code for this patch is http://vau


Line 88 
 Source code for this patch is http://vau












88
  }
  }

















89
  
  

















90
  
  















91


 --- linux-3.10.0-123.9.3.el7.orig/include/linux/sched.h


 --- linux-3.10.0-123.13.2.el7.orig/include/linux/sched.h













92


 +++ linux-3.10.0-123.9.3.el7/include/linux/sched.h


 +++ linux-3.10.0-123.13.2.el7/include/linux/sched.h















93
 @@ -4,6 +4,8 @@
 @@ -4,6 +4,8 @@

















94
  #include <uapi/linux/sched.h>
  #include <uapi/linux/sched.h>

















95
  
  











#

Line 99 
 Source code for this patch is http://vau


Line 99 
 Source code for this patch is http://vau












99
  struct sched_param {
  struct sched_param {

















100
         int sched_priority;
         int sched_priority;

















101
  };
  };















102


 @@ -1498,6 +1500,10 @@ struct task_struct {


 @@ -1502,6 +1504,10 @@ struct task_struct {















103
         unsigned long rh_reserved6;
         unsigned long rh_reserved6;

















104
         unsigned long rh_reserved7;
         unsigned long rh_reserved7;

















105
         unsigned long rh_reserved8;
         unsigned long rh_reserved8;











#

Line 110 
 Source code for this patch is http://vau


Line 110 
 Source code for this patch is http://vau












110
  };
  };

















111
  
  

















112
  /* Future-safe accessor for struct task_struct's cpus_allowed. */
  /* Future-safe accessor for struct task_struct's cpus_allowed. */















113


 --- linux-3.10.0-123.9.3.el7.orig/include/linux/security.h


 --- linux-3.10.0-123.13.2.el7.orig/include/linux/security.h













114


 +++ linux-3.10.0-123.9.3.el7/include/linux/security.h


 +++ linux-3.10.0-123.13.2.el7/include/linux/security.h















115
 @@ -53,6 +53,7 @@ struct msg_queue;
 @@ -53,6 +53,7 @@ struct msg_queue;

















116
  struct xattr;
  struct xattr;

















117
  struct xfrm_sec_ctx;
  struct xfrm_sec_ctx;











#

Line 313 
 Source code for this patch is http://vau


Line 313 
 Source code for this patch is http://vau












313
  }
  }

















314
  #endif /* CONFIG_SECURITY_PATH */
  #endif /* CONFIG_SECURITY_PATH */

















315
  
  















316


 --- linux-3.10.0-123.9.3.el7.orig/include/net/ip.h


 --- linux-3.10.0-123.13.2.el7.orig/include/net/ip.h













317


 +++ linux-3.10.0-123.9.3.el7/include/net/ip.h


 +++ linux-3.10.0-123.13.2.el7/include/net/ip.h















318
 @@ -229,6 +229,8 @@ extern void inet_get_local_port_range(in
 @@ -229,6 +229,8 @@ extern void inet_get_local_port_range(in

















319
  extern unsigned long *sysctl_local_reserved_ports;
  extern unsigned long *sysctl_local_reserved_ports;

















320
  static inline int inet_is_reserved_local_port(int port)
  static inline int inet_is_reserved_local_port(int port)











#

Line 324 
 Source code for this patch is http://vau


Line 324 
 Source code for this patch is http://vau












324
         return test_bit(port, sysctl_local_reserved_ports);
         return test_bit(port, sysctl_local_reserved_ports);

















325
  }
  }

















326
  
  















327


 --- linux-3.10.0-123.9.3.el7.orig/kernel/fork.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/fork.c













328


 +++ linux-3.10.0-123.9.3.el7/kernel/fork.c


 +++ linux-3.10.0-123.13.2.el7/kernel/fork.c















329
 @@ -242,6 +242,7 @@ void __put_task_struct(struct task_struc
 @@ -242,6 +242,7 @@ void __put_task_struct(struct task_struc

















330
         delayacct_tsk_free(tsk);
         delayacct_tsk_free(tsk);

















331
         put_signal_struct(tsk->signal);
         put_signal_struct(tsk->signal);











#

Line 352 
 Source code for this patch is http://vau


Line 352 
 Source code for this patch is http://vau












352
  bad_fork_cleanup_policy:
  bad_fork_cleanup_policy:

















353
         perf_event_free_task(p);
         perf_event_free_task(p);

















354
  #ifdef CONFIG_NUMA
  #ifdef CONFIG_NUMA















355


 --- linux-3.10.0-123.9.3.el7.orig/kernel/kexec.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/kexec.c













356


 +++ linux-3.10.0-123.9.3.el7/kernel/kexec.c


 +++ linux-3.10.0-123.13.2.el7/kernel/kexec.c















357
 @@ -943,6 +943,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
 @@ -943,6 +943,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon

















358
         /* We only trust the superuser with rebooting the system. */
         /* We only trust the superuser with rebooting the system. */

















359
         if (!capable(CAP_SYS_BOOT))
         if (!capable(CAP_SYS_BOOT))











#

Line 363 
 Source code for this patch is http://vau


Line 363 
 Source code for this patch is http://vau












363
  
  

















364
         if (get_securelevel() > 0)
         if (get_securelevel() > 0)

















365
                 return -EPERM;
                 return -EPERM;















366


 --- linux-3.10.0-123.9.3.el7.orig/kernel/module.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/module.c













367


 +++ linux-3.10.0-123.9.3.el7/kernel/module.c


 +++ linux-3.10.0-123.13.2.el7/kernel/module.c















368
 @@ -63,6 +63,7 @@
 @@ -63,6 +63,7 @@

















369
  #include <linux/fips.h>
  #include <linux/fips.h>

















370
  #include <uapi/linux/module.h>
  #include <uapi/linux/module.h>











#

Line 391 
 Source code for this patch is http://vau


Line 391 
 Source code for this patch is http://vau












391
  
  

















392
         return 0;
         return 0;

















393
  }
  }















394


 --- linux-3.10.0-123.9.3.el7.orig/kernel/ptrace.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/ptrace.c













395


 +++ linux-3.10.0-123.9.3.el7/kernel/ptrace.c


 +++ linux-3.10.0-123.13.2.el7/kernel/ptrace.c













396


 @@ -997,6 +997,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l


 @@ -998,6 +998,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l















397
  {
  {

















398
         struct task_struct *child;
         struct task_struct *child;

















399
         long ret;
         long ret;











#

Line 405 
 Source code for this patch is http://vau


Line 405 
 Source code for this patch is http://vau












405
  
  

















406
         if (request == PTRACE_TRACEME) {
         if (request == PTRACE_TRACEME) {

















407
                 ret = ptrace_traceme();
                 ret = ptrace_traceme();















408


 @@ -1144,6 +1149,11 @@ asmlinkage long compat_sys_ptrace(compat


 @@ -1145,6 +1150,11 @@ asmlinkage long compat_sys_ptrace(compat















409
  {
  {

















410
         struct task_struct *child;
         struct task_struct *child;

















411
         long ret;
         long ret;











#

Line 417 
 Source code for this patch is http://vau


Line 417 
 Source code for this patch is http://vau












417
  
  

















418
         if (request == PTRACE_TRACEME) {
         if (request == PTRACE_TRACEME) {

















419
                 ret = ptrace_traceme();
                 ret = ptrace_traceme();















420


 --- linux-3.10.0-123.9.3.el7.orig/kernel/sched/core.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/sched/core.c













421


 +++ linux-3.10.0-123.9.3.el7/kernel/sched/core.c


 +++ linux-3.10.0-123.13.2.el7/kernel/sched/core.c















422
 @@ -3886,6 +3886,8 @@ int can_nice(const struct task_struct *p
 @@ -3886,6 +3886,8 @@ int can_nice(const struct task_struct *p

















423
  SYSCALL_DEFINE1(nice, int, increment)
  SYSCALL_DEFINE1(nice, int, increment)

















424
  {
  {











#

Line 428 
 Source code for this patch is http://vau


Line 428 
 Source code for this patch is http://vau












428
  
  

















429
         /*
         /*

















430
          * Setpriority might change our priority at the same moment.
          * Setpriority might change our priority at the same moment.















431


 --- linux-3.10.0-123.9.3.el7.orig/kernel/signal.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/signal.c













432


 +++ linux-3.10.0-123.9.3.el7/kernel/signal.c


 +++ linux-3.10.0-123.13.2.el7/kernel/signal.c















433
 @@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
 @@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s

















434
  SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
  SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)

















435
  {
  {











#

Line 475 
 Source code for this patch is http://vau


Line 475 
 Source code for this patch is http://vau












475
  
  

















476
         return do_send_specific(tgid, pid, sig, info);
         return do_send_specific(tgid, pid, sig, info);

















477
  }
  }















478


 --- linux-3.10.0-123.9.3.el7.orig/kernel/sys.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/sys.c













479


 +++ linux-3.10.0-123.9.3.el7/kernel/sys.c


 +++ linux-3.10.0-123.13.2.el7/kernel/sys.c















480
 @@ -186,6 +186,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
 @@ -186,6 +186,10 @@ SYSCALL_DEFINE3(setpriority, int, which,

















481
  
  

















482
         if (which > PRIO_USER || which < PRIO_PROCESS)
         if (which > PRIO_USER || which < PRIO_PROCESS)











#

Line 515 
 Source code for this patch is http://vau


Line 515 
 Source code for this patch is http://vau












515
  
  

















516
         down_write(&uts_sem);
         down_write(&uts_sem);

















517
         errno = -EFAULT;
         errno = -EFAULT;















518


 --- linux-3.10.0-123.9.3.el7.orig/kernel/time/ntp.c


 --- linux-3.10.0-123.13.2.el7.orig/kernel/time/ntp.c













519


 +++ linux-3.10.0-123.9.3.el7/kernel/time/ntp.c


 +++ linux-3.10.0-123.13.2.el7/kernel/time/ntp.c















520
 @@ -16,6 +16,7 @@
 @@ -16,6 +16,7 @@

















521
  #include <linux/mm.h>
  #include <linux/mm.h>

















522
  #include <linux/module.h>
  #include <linux/module.h>











#

Line 550 
 Source code for this patch is http://vau


Line 550 
 Source code for this patch is http://vau












550
  
  

















551
         return 0;
         return 0;

















552
  }
  }















553


 --- linux-3.10.0-123.9.3.el7.orig/net/ipv4/raw.c


 --- linux-3.10.0-123.13.2.el7.orig/net/ipv4/raw.c













554


 +++ linux-3.10.0-123.9.3.el7/net/ipv4/raw.c


 +++ linux-3.10.0-123.13.2.el7/net/ipv4/raw.c















555
 @@ -702,6 +702,10 @@ static int raw_recvmsg(struct kiocb *ioc
 @@ -702,6 +702,10 @@ static int raw_recvmsg(struct kiocb *ioc

















556
         skb = skb_recv_datagram(sk, flags, noblock, &err);
         skb = skb_recv_datagram(sk, flags, noblock, &err);

















557
         if (!skb)
         if (!skb)











#

Line 563 
 Source code for this patch is http://vau


Line 563 
 Source code for this patch is http://vau












563
  
  

















564
         copied = skb->len;
         copied = skb->len;

















565
         if (len < copied) {
         if (len < copied) {















566


 --- linux-3.10.0-123.9.3.el7.orig/net/ipv4/udp.c


 --- linux-3.10.0-123.13.2.el7.orig/net/ipv4/udp.c













567


 +++ linux-3.10.0-123.9.3.el7/net/ipv4/udp.c


 +++ linux-3.10.0-123.13.2.el7/net/ipv4/udp.c















568
 @@ -1221,6 +1221,10 @@ try_again:
 @@ -1221,6 +1221,10 @@ try_again:

















569
                                   &peeked, &off, &err);
                                   &peeked, &off, &err);

















570
         if (!skb)
         if (!skb)











#

Line 576 
 Source code for this patch is http://vau


Line 576 
 Source code for this patch is http://vau












576
  
  

















577
         ulen = skb->len - sizeof(struct udphdr);
         ulen = skb->len - sizeof(struct udphdr);

















578
         copied = len;
         copied = len;















579


 --- linux-3.10.0-123.9.3.el7.orig/net/ipv6/raw.c


 --- linux-3.10.0-123.13.2.el7.orig/net/ipv6/raw.c













580


 +++ linux-3.10.0-123.9.3.el7/net/ipv6/raw.c


 +++ linux-3.10.0-123.13.2.el7/net/ipv6/raw.c















581
 @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
 @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i

















582
         skb = skb_recv_datagram(sk, flags, noblock, &err);
         skb = skb_recv_datagram(sk, flags, noblock, &err);

















583
         if (!skb)
         if (!skb)











#

Line 589 
 Source code for this patch is http://vau


Line 589 
 Source code for this patch is http://vau












589
  
  

















590
         copied = skb->len;
         copied = skb->len;

















591
         if (copied > len) {
         if (copied > len) {















592


 --- linux-3.10.0-123.9.3.el7.orig/net/ipv6/udp.c


 --- linux-3.10.0-123.13.2.el7.orig/net/ipv6/udp.c













593


 +++ linux-3.10.0-123.9.3.el7/net/ipv6/udp.c


 +++ linux-3.10.0-123.13.2.el7/net/ipv6/udp.c















594
 @@ -380,6 +380,10 @@ try_again:
 @@ -380,6 +380,10 @@ try_again:

















595
                                   &peeked, &off, &err);
                                   &peeked, &off, &err);

















596
         if (!skb)
         if (!skb)











#

Line 602 
 Source code for this patch is http://vau


Line 602 
 Source code for this patch is http://vau












602
  
  

















603
         ulen = skb->len - sizeof(struct udphdr);
         ulen = skb->len - sizeof(struct udphdr);

















604
         copied = len;
         copied = len;















605


 --- linux-3.10.0-123.9.3.el7.orig/net/socket.c


 --- linux-3.10.0-123.13.2.el7.orig/net/socket.c













606


 +++ linux-3.10.0-123.9.3.el7/net/socket.c


 +++ linux-3.10.0-123.13.2.el7/net/socket.c















607
 @@ -1628,6 +1628,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
 @@ -1628,6 +1628,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct

















608
         if (err < 0)
         if (err < 0)

















609
                 goto out_fd;
                 goto out_fd;











#

Line 615 
 Source code for this patch is http://vau


Line 615 
 Source code for this patch is http://vau












615
         if (upeer_sockaddr) {
         if (upeer_sockaddr) {

















616
                 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
                 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,

















617
                                           &len, 2) < 0) {
                                           &len, 2) < 0) {















618


 --- linux-3.10.0-123.9.3.el7.orig/net/unix/af_unix.c


 --- linux-3.10.0-123.13.2.el7.orig/net/unix/af_unix.c













619


 +++ linux-3.10.0-123.9.3.el7/net/unix/af_unix.c


 +++ linux-3.10.0-123.13.2.el7/net/unix/af_unix.c















620
 @@ -1807,6 +1807,10 @@ static int unix_dgram_recvmsg(struct kio
 @@ -1807,6 +1807,10 @@ static int unix_dgram_recvmsg(struct kio

















621
         wake_up_interruptible_sync_poll(&u->peer_wait,
         wake_up_interruptible_sync_poll(&u->peer_wait,

















622
                                         POLLOUT | POLLWRNORM | POLLWRBAND);
                                         POLLOUT | POLLWRNORM | POLLWRBAND);











#

Line 628 
 Source code for this patch is http://vau


Line 628 
 Source code for this patch is http://vau












628
         if (msg->msg_name)
         if (msg->msg_name)

















629
                 unix_copy_addr(msg, skb->sk);
                 unix_copy_addr(msg, skb->sk);

















630
  
  















631


 --- linux-3.10.0-123.9.3.el7.orig/security/Kconfig


 --- linux-3.10.0-123.13.2.el7.orig/security/Kconfig













632


 +++ linux-3.10.0-123.9.3.el7/security/Kconfig


 +++ linux-3.10.0-123.13.2.el7/security/Kconfig















633
 @@ -175,5 +175,7 @@ config DEFAULT_SECURITY
 @@ -175,5 +175,7 @@ config DEFAULT_SECURITY

















634
         default "yama" if DEFAULT_SECURITY_YAMA
         default "yama" if DEFAULT_SECURITY_YAMA

















635
         default "" if DEFAULT_SECURITY_DAC
         default "" if DEFAULT_SECURITY_DAC











#

Line 638 
 Source code for this patch is http://vau


Line 638 
 Source code for this patch is http://vau












638
 +
 +

















639
  endmenu
  endmenu

















640
  
  















641


 --- linux-3.10.0-123.9.3.el7.orig/security/Makefile


 --- linux-3.10.0-123.13.2.el7.orig/security/Makefile













642


 +++ linux-3.10.0-123.9.3.el7/security/Makefile


 +++ linux-3.10.0-123.13.2.el7/security/Makefile















643
 @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
 @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c

















644
  # Object integrity file lists
  # Object integrity file lists

















645
  subdir-$(CONFIG_INTEGRITY)             += integrity
  subdir-$(CONFIG_INTEGRITY)             += integrity











#

Line 647 
 Source code for this patch is http://vau


Line 647 
 Source code for this patch is http://vau












647
 +
 +

















648
 +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
 +subdir-$(CONFIG_CCSECURITY)            += ccsecurity

















649
 +obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o
 +obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o















650


 --- linux-3.10.0-123.9.3.el7.orig/security/security.c


 --- linux-3.10.0-123.13.2.el7.orig/security/security.c













651


 +++ linux-3.10.0-123.9.3.el7/security/security.c


 +++ linux-3.10.0-123.13.2.el7/security/security.c















652
 @@ -203,7 +203,10 @@ int security_syslog(int type)
 @@ -203,7 +203,10 @@ int security_syslog(int type)

















653
  
  

















654
  int security_settime(const struct timespec *ts, const struct timezone *tz)
  int security_settime(const struct timespec *ts, const struct timezone *tz)





























Legend:



Removed from v.129
 


changed lines


 
Added in v.137













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[caitsith]/trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff
-revision 129 by kumaneko,
Thu Nov 20 12:52:57 2014 UTC
+revision 137 by kumaneko,
Mon Jan 12 13:02:37 2015 UTC
 Line 1
  This is TOMOYO Linux patch for CentOS 7.
- Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-123.9.3.el7.src.rpm
+ Source code for this patch is http://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-123.13.2.el7.src.rpm
  ---
   fs/exec.c                 |    2
   fs/open.c                 |    2
 Line 28 
 Source code for this patch is http://vau
   security/security.c       |  107 ++++++++++++++++++++++++++++++++++++++++------
 files changed, 234 insertions(+), 37 deletions(-)
- --- linux-3.10.0-123.9.3.el7.orig/fs/exec.c
+ --- linux-3.10.0-123.13.2.el7.orig/fs/exec.c
- +++ linux-3.10.0-123.9.3.el7/fs/exec.c
+ +++ linux-3.10.0-123.13.2.el7/fs/exec.c
  @@ -1536,7 +1536,7 @@ static int do_execve_common(const char *
          if (retval < 0)
                  goto out;
 Line 39 
 Source code for this patch is http://vau
          if (retval < 0)
                  goto out;
- --- linux-3.10.0-123.9.3.el7.orig/fs/open.c
+ --- linux-3.10.0-123.13.2.el7.orig/fs/open.c
- +++ linux-3.10.0-123.9.3.el7/fs/open.c
+ +++ linux-3.10.0-123.13.2.el7/fs/open.c
  @@ -1064,6 +1064,8 @@ EXPORT_SYMBOL(sys_close);
    */
   SYSCALL_DEFINE0(vhangup)
 Line 50 
 Source code for this patch is http://vau
          if (capable(CAP_SYS_TTY_CONFIG)) {
                  tty_vhangup_self();
                  return 0;
- --- linux-3.10.0-123.9.3.el7.orig/fs/proc/version.c
+ --- linux-3.10.0-123.13.2.el7.orig/fs/proc/version.c
- +++ linux-3.10.0-123.9.3.el7/fs/proc/version.c
+ +++ linux-3.10.0-123.13.2.el7/fs/proc/version.c
  @@ -32,3 +32,10 @@ static int __init proc_version_init(void
          return 0;
   }
 Line 59 
 Source code for this patch is http://vau
  +
  +static int __init ccs_show_version(void)
  +{
- +       printk(KERN_INFO "Hook version: 3.10.0-123.9.3.el7 2014/11/10\n");
+ +       printk(KERN_INFO "Hook version: 3.10.0-123.13.2.el7 2015/01/04\n");
  +       return 0;
  +}
  +module_init(ccs_show_version);
- --- linux-3.10.0-123.9.3.el7.orig/include/linux/init_task.h
+ --- linux-3.10.0-123.13.2.el7.orig/include/linux/init_task.h
- +++ linux-3.10.0-123.9.3.el7/include/linux/init_task.h
+ +++ linux-3.10.0-123.13.2.el7/include/linux/init_task.h
  @@ -155,6 +155,14 @@ extern struct task_group root_task_group
   #define INIT_TASK_COMM "swapper"
 Line 88 
 Source code for this patch is http://vau
   }
- --- linux-3.10.0-123.9.3.el7.orig/include/linux/sched.h
+ --- linux-3.10.0-123.13.2.el7.orig/include/linux/sched.h
- +++ linux-3.10.0-123.9.3.el7/include/linux/sched.h
+ +++ linux-3.10.0-123.13.2.el7/include/linux/sched.h
  @@ -4,6 +4,8 @@
   #include <uapi/linux/sched.h>
 Line 99 
 Source code for this patch is http://vau
   struct sched_param {
          int sched_priority;
   };
- @@ -1498,6 +1500,10 @@ struct task_struct {
+ @@ -1502,6 +1504,10 @@ struct task_struct {
          unsigned long rh_reserved6;
          unsigned long rh_reserved7;
          unsigned long rh_reserved8;
 Line 110 
 Source code for this patch is http://vau
   };
   /* Future-safe accessor for struct task_struct's cpus_allowed. */
- --- linux-3.10.0-123.9.3.el7.orig/include/linux/security.h
+ --- linux-3.10.0-123.13.2.el7.orig/include/linux/security.h
- +++ linux-3.10.0-123.9.3.el7/include/linux/security.h
+ +++ linux-3.10.0-123.13.2.el7/include/linux/security.h
  @@ -53,6 +53,7 @@ struct msg_queue;
   struct xattr;
   struct xfrm_sec_ctx;
 Line 313 
 Source code for this patch is http://vau
   }
   #endif /* CONFIG_SECURITY_PATH */
- --- linux-3.10.0-123.9.3.el7.orig/include/net/ip.h
+ --- linux-3.10.0-123.13.2.el7.orig/include/net/ip.h
- +++ linux-3.10.0-123.9.3.el7/include/net/ip.h
+ +++ linux-3.10.0-123.13.2.el7/include/net/ip.h
  @@ -229,6 +229,8 @@ extern void inet_get_local_port_range(in
   extern unsigned long *sysctl_local_reserved_ports;
   static inline int inet_is_reserved_local_port(int port)
 Line 324 
 Source code for this patch is http://vau
          return test_bit(port, sysctl_local_reserved_ports);
   }
- --- linux-3.10.0-123.9.3.el7.orig/kernel/fork.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/fork.c
- +++ linux-3.10.0-123.9.3.el7/kernel/fork.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/fork.c
  @@ -242,6 +242,7 @@ void __put_task_struct(struct task_struc
          delayacct_tsk_free(tsk);
          put_signal_struct(tsk->signal);
 Line 352 
 Source code for this patch is http://vau
   bad_fork_cleanup_policy:
          perf_event_free_task(p);
   #ifdef CONFIG_NUMA
- --- linux-3.10.0-123.9.3.el7.orig/kernel/kexec.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/kexec.c
- +++ linux-3.10.0-123.9.3.el7/kernel/kexec.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/kexec.c
  @@ -943,6 +943,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
          /* We only trust the superuser with rebooting the system. */
          if (!capable(CAP_SYS_BOOT))
 Line 363 
 Source code for this patch is http://vau
          if (get_securelevel() > 0)
                  return -EPERM;
- --- linux-3.10.0-123.9.3.el7.orig/kernel/module.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/module.c
- +++ linux-3.10.0-123.9.3.el7/kernel/module.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/module.c
  @@ -63,6 +63,7 @@
   #include <linux/fips.h>
   #include <uapi/linux/module.h>
 Line 391 
 Source code for this patch is http://vau
          return 0;
   }
- --- linux-3.10.0-123.9.3.el7.orig/kernel/ptrace.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/ptrace.c
- +++ linux-3.10.0-123.9.3.el7/kernel/ptrace.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/ptrace.c
- @@ -997,6 +997,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
+ @@ -998,6 +998,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
   {
          struct task_struct *child;
          long ret;
 Line 405 
 Source code for this patch is http://vau
          if (request == PTRACE_TRACEME) {
                  ret = ptrace_traceme();
- @@ -1144,6 +1149,11 @@ asmlinkage long compat_sys_ptrace(compat
+ @@ -1145,6 +1150,11 @@ asmlinkage long compat_sys_ptrace(compat
   {
          struct task_struct *child;
          long ret;
 Line 417 
 Source code for this patch is http://vau
          if (request == PTRACE_TRACEME) {
                  ret = ptrace_traceme();
- --- linux-3.10.0-123.9.3.el7.orig/kernel/sched/core.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/sched/core.c
- +++ linux-3.10.0-123.9.3.el7/kernel/sched/core.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/sched/core.c
  @@ -3886,6 +3886,8 @@ int can_nice(const struct task_struct *p
   SYSCALL_DEFINE1(nice, int, increment)
   {
 Line 428 
 Source code for this patch is http://vau
          /*
           * Setpriority might change our priority at the same moment.
- --- linux-3.10.0-123.9.3.el7.orig/kernel/signal.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/signal.c
- +++ linux-3.10.0-123.9.3.el7/kernel/signal.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/signal.c
  @@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
   {
 Line 475 
 Source code for this patch is http://vau
          return do_send_specific(tgid, pid, sig, info);
   }
- --- linux-3.10.0-123.9.3.el7.orig/kernel/sys.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/sys.c
- +++ linux-3.10.0-123.9.3.el7/kernel/sys.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/sys.c
  @@ -186,6 +186,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
          if (which > PRIO_USER || which < PRIO_PROCESS)
 Line 515 
 Source code for this patch is http://vau
          down_write(&uts_sem);
          errno = -EFAULT;
- --- linux-3.10.0-123.9.3.el7.orig/kernel/time/ntp.c
+ --- linux-3.10.0-123.13.2.el7.orig/kernel/time/ntp.c
- +++ linux-3.10.0-123.9.3.el7/kernel/time/ntp.c
+ +++ linux-3.10.0-123.13.2.el7/kernel/time/ntp.c
  @@ -16,6 +16,7 @@
   #include <linux/mm.h>
   #include <linux/module.h>
 Line 550 
 Source code for this patch is http://vau
          return 0;
   }
- --- linux-3.10.0-123.9.3.el7.orig/net/ipv4/raw.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/ipv4/raw.c
- +++ linux-3.10.0-123.9.3.el7/net/ipv4/raw.c
+ +++ linux-3.10.0-123.13.2.el7/net/ipv4/raw.c
  @@ -702,6 +702,10 @@ static int raw_recvmsg(struct kiocb *ioc
          skb = skb_recv_datagram(sk, flags, noblock, &err);
          if (!skb)
 Line 563 
 Source code for this patch is http://vau
          copied = skb->len;
          if (len < copied) {
- --- linux-3.10.0-123.9.3.el7.orig/net/ipv4/udp.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/ipv4/udp.c
- +++ linux-3.10.0-123.9.3.el7/net/ipv4/udp.c
+ +++ linux-3.10.0-123.13.2.el7/net/ipv4/udp.c
  @@ -1221,6 +1221,10 @@ try_again:
                                    &peeked, &off, &err);
          if (!skb)
 Line 576 
 Source code for this patch is http://vau
          ulen = skb->len - sizeof(struct udphdr);
          copied = len;
- --- linux-3.10.0-123.9.3.el7.orig/net/ipv6/raw.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/ipv6/raw.c
- +++ linux-3.10.0-123.9.3.el7/net/ipv6/raw.c
+ +++ linux-3.10.0-123.13.2.el7/net/ipv6/raw.c
  @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
          skb = skb_recv_datagram(sk, flags, noblock, &err);
          if (!skb)
 Line 589 
 Source code for this patch is http://vau
          copied = skb->len;
          if (copied > len) {
- --- linux-3.10.0-123.9.3.el7.orig/net/ipv6/udp.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/ipv6/udp.c
- +++ linux-3.10.0-123.9.3.el7/net/ipv6/udp.c
+ +++ linux-3.10.0-123.13.2.el7/net/ipv6/udp.c
  @@ -380,6 +380,10 @@ try_again:
                                    &peeked, &off, &err);
          if (!skb)
 Line 602 
 Source code for this patch is http://vau
          ulen = skb->len - sizeof(struct udphdr);
          copied = len;
- --- linux-3.10.0-123.9.3.el7.orig/net/socket.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/socket.c
- +++ linux-3.10.0-123.9.3.el7/net/socket.c
+ +++ linux-3.10.0-123.13.2.el7/net/socket.c
  @@ -1628,6 +1628,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
          if (err < 0)
                  goto out_fd;
 Line 615 
 Source code for this patch is http://vau
          if (upeer_sockaddr) {
                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
                                            &len, 2) < 0) {
- --- linux-3.10.0-123.9.3.el7.orig/net/unix/af_unix.c
+ --- linux-3.10.0-123.13.2.el7.orig/net/unix/af_unix.c
- +++ linux-3.10.0-123.9.3.el7/net/unix/af_unix.c
+ +++ linux-3.10.0-123.13.2.el7/net/unix/af_unix.c
  @@ -1807,6 +1807,10 @@ static int unix_dgram_recvmsg(struct kio
          wake_up_interruptible_sync_poll(&u->peer_wait,
                                          POLLOUT | POLLWRNORM | POLLWRBAND);
 Line 628 
 Source code for this patch is http://vau
          if (msg->msg_name)
                  unix_copy_addr(msg, skb->sk);
- --- linux-3.10.0-123.9.3.el7.orig/security/Kconfig
+ --- linux-3.10.0-123.13.2.el7.orig/security/Kconfig
- +++ linux-3.10.0-123.9.3.el7/security/Kconfig
+ +++ linux-3.10.0-123.13.2.el7/security/Kconfig
  @@ -175,5 +175,7 @@ config DEFAULT_SECURITY
          default "yama" if DEFAULT_SECURITY_YAMA
          default "" if DEFAULT_SECURITY_DAC
 Line 638 
 Source code for this patch is http://vau
  +
   endmenu
- --- linux-3.10.0-123.9.3.el7.orig/security/Makefile
+ --- linux-3.10.0-123.13.2.el7.orig/security/Makefile
- +++ linux-3.10.0-123.9.3.el7/security/Makefile
+ +++ linux-3.10.0-123.13.2.el7/security/Makefile
  @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
   # Object integrity file lists
   subdir-$(CONFIG_INTEGRITY)             += integrity
 Line 647 
 Source code for this patch is http://vau
  +
  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o
- --- linux-3.10.0-123.9.3.el7.orig/security/security.c
+ --- linux-3.10.0-123.13.2.el7.orig/security/security.c
- +++ linux-3.10.0-123.9.3.el7/security/security.c
+ +++ linux-3.10.0-123.13.2.el7/security/security.c
  @@ -203,7 +203,10 @@ int security_syslog(int type)
   int security_settime(const struct timespec *ts, const struct timezone *tz)
 Legend:



Removed from v.129
 


changed lines


 
Added in v.137
 Legend:



Removed from v.129
 


changed lines


 
Added in v.137
-Removed from v.129
+Added in v.137
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

Develop and Download Open Source Software

CaitSith

Browse Subversion Repository