Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-3.10-centos-7.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 342 by kumaneko, Sun Apr 11 13:42:07 2021 UTC revision 343 by kumaneko, Mon May 31 00:47:08 2021 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for CentOS 7.  This is TOMOYO Linux patch for CentOS 7.
2    
3  Source code for this patch is https://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-1160.24.1.el7.src.rpm  Source code for this patch is https://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-1160.25.1.el7.src.rpm
4  ---  ---
5   fs/exec.c                 |    2   fs/exec.c                 |    2
6   fs/open.c                 |    2   fs/open.c                 |    2
# Line 28  Source code for this patch is https://va Line 28  Source code for this patch is https://va
28   security/security.c       |  111 +++++++++++++++++++++++++++++++++++++++++-----   security/security.c       |  111 +++++++++++++++++++++++++++++++++++++++++-----
29   24 files changed, 248 insertions(+), 37 deletions(-)   24 files changed, 248 insertions(+), 37 deletions(-)
30    
31  --- linux-3.10.0-1160.24.1.el7.orig/fs/exec.c  --- linux-3.10.0-1160.25.1.el7.orig/fs/exec.c
32  +++ linux-3.10.0-1160.24.1.el7/fs/exec.c  +++ linux-3.10.0-1160.25.1.el7/fs/exec.c
33  @@ -1506,7 +1506,7 @@ static int exec_binprm(struct linux_binp  @@ -1506,7 +1506,7 @@ static int exec_binprm(struct linux_binp
34          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35          rcu_read_unlock();          rcu_read_unlock();
# Line 39  Source code for this patch is https://va Line 39  Source code for this patch is https://va
39          if (ret >= 0) {          if (ret >= 0) {
40                  audit_bprm(bprm);                  audit_bprm(bprm);
41                  trace_sched_process_exec(current, old_pid, bprm);                  trace_sched_process_exec(current, old_pid, bprm);
42  --- linux-3.10.0-1160.24.1.el7.orig/fs/open.c  --- linux-3.10.0-1160.25.1.el7.orig/fs/open.c
43  +++ linux-3.10.0-1160.24.1.el7/fs/open.c  +++ linux-3.10.0-1160.25.1.el7/fs/open.c
44  @@ -1106,6 +1106,8 @@ EXPORT_SYMBOL(sys_close);  @@ -1106,6 +1106,8 @@ EXPORT_SYMBOL(sys_close);
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://va Line 50  Source code for this patch is https://va
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-3.10.0-1160.24.1.el7.orig/fs/proc/version.c  --- linux-3.10.0-1160.25.1.el7.orig/fs/proc/version.c
54  +++ linux-3.10.0-1160.24.1.el7/fs/proc/version.c  +++ linux-3.10.0-1160.25.1.el7/fs/proc/version.c
55  @@ -32,3 +32,10 @@ static int __init proc_version_init(void  @@ -32,3 +32,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://va Line 59  Source code for this patch is https://va
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 3.10.0-1160.24.1.el7 2021/04/11\n");  +       printk(KERN_INFO "Hook version: 3.10.0-1160.25.1.el7 2021/05/10\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +module_init(ccs_show_version);  +module_init(ccs_show_version);
66  --- linux-3.10.0-1160.24.1.el7.orig/include/linux/init_task.h  --- linux-3.10.0-1160.25.1.el7.orig/include/linux/init_task.h
67  +++ linux-3.10.0-1160.24.1.el7/include/linux/init_task.h  +++ linux-3.10.0-1160.25.1.el7/include/linux/init_task.h
68  @@ -173,6 +173,14 @@ extern struct task_group root_task_group  @@ -173,6 +173,14 @@ extern struct task_group root_task_group
69   # define INIT_RT_MUTEXES(tsk)   # define INIT_RT_MUTEXES(tsk)
70   #endif   #endif
# Line 88  Source code for this patch is https://va Line 88  Source code for this patch is https://va
88   }   }
89    
90    
91  --- linux-3.10.0-1160.24.1.el7.orig/include/linux/sched.h  --- linux-3.10.0-1160.25.1.el7.orig/include/linux/sched.h
92  +++ linux-3.10.0-1160.24.1.el7/include/linux/sched.h  +++ linux-3.10.0-1160.25.1.el7/include/linux/sched.h
93  @@ -4,6 +4,8 @@  @@ -4,6 +4,8 @@
94   #include <uapi/linux/sched.h>   #include <uapi/linux/sched.h>
95   #include <linux/rh_kabi.h>   #include <linux/rh_kabi.h>
# Line 110  Source code for this patch is https://va Line 110  Source code for this patch is https://va
110   };   };
111    
112   /* Future-safe accessor for struct task_struct's cpus_allowed. */   /* Future-safe accessor for struct task_struct's cpus_allowed. */
113  --- linux-3.10.0-1160.24.1.el7.orig/include/linux/security.h  --- linux-3.10.0-1160.25.1.el7.orig/include/linux/security.h
114  +++ linux-3.10.0-1160.24.1.el7/include/linux/security.h  +++ linux-3.10.0-1160.25.1.el7/include/linux/security.h
115  @@ -56,6 +56,7 @@ struct msg_queue;  @@ -56,6 +56,7 @@ struct msg_queue;
116   struct xattr;   struct xattr;
117   struct xfrm_sec_ctx;   struct xfrm_sec_ctx;
# Line 323  Source code for this patch is https://va Line 323  Source code for this patch is https://va
323   }   }
324   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
325    
326  --- linux-3.10.0-1160.24.1.el7.orig/include/net/ip.h  --- linux-3.10.0-1160.25.1.el7.orig/include/net/ip.h
327  +++ linux-3.10.0-1160.24.1.el7/include/net/ip.h  +++ linux-3.10.0-1160.25.1.el7/include/net/ip.h
328  @@ -232,6 +232,8 @@ void inet_get_local_port_range(struct ne  @@ -232,6 +232,8 @@ void inet_get_local_port_range(struct ne
329   extern unsigned long *sysctl_local_reserved_ports;   extern unsigned long *sysctl_local_reserved_ports;
330   static inline int inet_is_reserved_local_port(int port)   static inline int inet_is_reserved_local_port(int port)
# Line 334  Source code for this patch is https://va Line 334  Source code for this patch is https://va
334          return test_bit(port, sysctl_local_reserved_ports);          return test_bit(port, sysctl_local_reserved_ports);
335   }   }
336    
337  --- linux-3.10.0-1160.24.1.el7.orig/kernel/fork.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/fork.c
338  +++ linux-3.10.0-1160.24.1.el7/kernel/fork.c  +++ linux-3.10.0-1160.25.1.el7/kernel/fork.c
339  @@ -296,6 +296,7 @@ void __put_task_struct(struct task_struc  @@ -296,6 +296,7 @@ void __put_task_struct(struct task_struc
340          delayacct_tsk_free(tsk);          delayacct_tsk_free(tsk);
341          put_signal_struct(tsk->signal);          put_signal_struct(tsk->signal);
# Line 362  Source code for this patch is https://va Line 362  Source code for this patch is https://va
362   bad_fork_cleanup_perf:   bad_fork_cleanup_perf:
363          perf_event_free_task(p);          perf_event_free_task(p);
364   bad_fork_cleanup_policy:   bad_fork_cleanup_policy:
365  --- linux-3.10.0-1160.24.1.el7.orig/kernel/kexec.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/kexec.c
366  +++ linux-3.10.0-1160.24.1.el7/kernel/kexec.c  +++ linux-3.10.0-1160.25.1.el7/kernel/kexec.c
367  @@ -190,6 +190,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon  @@ -190,6 +190,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
368          /* We only trust the superuser with rebooting the system. */          /* We only trust the superuser with rebooting the system. */
369          if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)          if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
# Line 373  Source code for this patch is https://va Line 373  Source code for this patch is https://va
373    
374          if (get_securelevel() > 0)          if (get_securelevel() > 0)
375                  return -EPERM;                  return -EPERM;
376  --- linux-3.10.0-1160.24.1.el7.orig/kernel/module.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/module.c
377  +++ linux-3.10.0-1160.24.1.el7/kernel/module.c  +++ linux-3.10.0-1160.25.1.el7/kernel/module.c
378  @@ -66,6 +66,7 @@  @@ -66,6 +66,7 @@
379   #endif /* __GENKSYMS__ */   #endif /* __GENKSYMS__ */
380   #include <uapi/linux/module.h>   #include <uapi/linux/module.h>
# Line 401  Source code for this patch is https://va Line 401  Source code for this patch is https://va
401    
402          return 0;          return 0;
403   }   }
404  --- linux-3.10.0-1160.24.1.el7.orig/kernel/ptrace.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/ptrace.c
405  +++ linux-3.10.0-1160.24.1.el7/kernel/ptrace.c  +++ linux-3.10.0-1160.25.1.el7/kernel/ptrace.c
406  @@ -1082,6 +1082,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1082,6 +1082,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
407   {   {
408          struct task_struct *child;          struct task_struct *child;
# Line 427  Source code for this patch is https://va Line 427  Source code for this patch is https://va
427    
428          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
429                  ret = ptrace_traceme();                  ret = ptrace_traceme();
430  --- linux-3.10.0-1160.24.1.el7.orig/kernel/sched/core.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/sched/core.c
431  +++ linux-3.10.0-1160.24.1.el7/kernel/sched/core.c  +++ linux-3.10.0-1160.25.1.el7/kernel/sched/core.c
432  @@ -4423,6 +4423,8 @@ int can_nice(const struct task_struct *p  @@ -4423,6 +4423,8 @@ int can_nice(const struct task_struct *p
433   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
434   {   {
# Line 438  Source code for this patch is https://va Line 438  Source code for this patch is https://va
438    
439          /*          /*
440           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
441  --- linux-3.10.0-1160.24.1.el7.orig/kernel/signal.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/signal.c
442  +++ linux-3.10.0-1160.24.1.el7/kernel/signal.c  +++ linux-3.10.0-1160.25.1.el7/kernel/signal.c
443  @@ -2942,6 +2942,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s  @@ -2942,6 +2942,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
444   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
445   {   {
# Line 485  Source code for this patch is https://va Line 485  Source code for this patch is https://va
485    
486          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
487   }   }
488  --- linux-3.10.0-1160.24.1.el7.orig/kernel/sys.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/sys.c
489  +++ linux-3.10.0-1160.24.1.el7/kernel/sys.c  +++ linux-3.10.0-1160.25.1.el7/kernel/sys.c
490  @@ -197,6 +197,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -197,6 +197,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
491    
492          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 525  Source code for this patch is https://va Line 525  Source code for this patch is https://va
525    
526          down_write(&uts_sem);          down_write(&uts_sem);
527          errno = -EFAULT;          errno = -EFAULT;
528  --- linux-3.10.0-1160.24.1.el7.orig/kernel/time/ntp.c  --- linux-3.10.0-1160.25.1.el7.orig/kernel/time/ntp.c
529  +++ linux-3.10.0-1160.24.1.el7/kernel/time/ntp.c  +++ linux-3.10.0-1160.25.1.el7/kernel/time/ntp.c
530  @@ -16,6 +16,7 @@  @@ -16,6 +16,7 @@
531   #include <linux/mm.h>   #include <linux/mm.h>
532   #include <linux/module.h>   #include <linux/module.h>
# Line 560  Source code for this patch is https://va Line 560  Source code for this patch is https://va
560    
561          return 0;          return 0;
562   }   }
563  --- linux-3.10.0-1160.24.1.el7.orig/net/ipv4/raw.c  --- linux-3.10.0-1160.25.1.el7.orig/net/ipv4/raw.c
564  +++ linux-3.10.0-1160.24.1.el7/net/ipv4/raw.c  +++ linux-3.10.0-1160.25.1.el7/net/ipv4/raw.c
565  @@ -710,6 +710,10 @@ static int raw_recvmsg(struct kiocb *ioc  @@ -710,6 +710,10 @@ static int raw_recvmsg(struct kiocb *ioc
566          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
567          if (!skb)          if (!skb)
# Line 573  Source code for this patch is https://va Line 573  Source code for this patch is https://va
573    
574          copied = skb->len;          copied = skb->len;
575          if (len < copied) {          if (len < copied) {
576  --- linux-3.10.0-1160.24.1.el7.orig/net/ipv4/udp.c  --- linux-3.10.0-1160.25.1.el7.orig/net/ipv4/udp.c
577  +++ linux-3.10.0-1160.24.1.el7/net/ipv4/udp.c  +++ linux-3.10.0-1160.25.1.el7/net/ipv4/udp.c
578  @@ -1467,6 +1467,10 @@ try_again:  @@ -1467,6 +1467,10 @@ try_again:
579          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
580          if (!skb)          if (!skb)
# Line 586  Source code for this patch is https://va Line 586  Source code for this patch is https://va
586    
587          ulen = skb->len - sizeof(struct udphdr);          ulen = skb->len - sizeof(struct udphdr);
588          copied = len;          copied = len;
589  --- linux-3.10.0-1160.24.1.el7.orig/net/ipv6/raw.c  --- linux-3.10.0-1160.25.1.el7.orig/net/ipv6/raw.c
590  +++ linux-3.10.0-1160.24.1.el7/net/ipv6/raw.c  +++ linux-3.10.0-1160.25.1.el7/net/ipv6/raw.c
591  @@ -470,6 +470,10 @@ static int rawv6_recvmsg(struct kiocb *i  @@ -470,6 +470,10 @@ static int rawv6_recvmsg(struct kiocb *i
592          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
593          if (!skb)          if (!skb)
# Line 599  Source code for this patch is https://va Line 599  Source code for this patch is https://va
599    
600          copied = skb->len;          copied = skb->len;
601          if (copied > len) {          if (copied > len) {
602  --- linux-3.10.0-1160.24.1.el7.orig/net/ipv6/udp.c  --- linux-3.10.0-1160.25.1.el7.orig/net/ipv6/udp.c
603  +++ linux-3.10.0-1160.24.1.el7/net/ipv6/udp.c  +++ linux-3.10.0-1160.25.1.el7/net/ipv6/udp.c
604  @@ -384,6 +384,10 @@ try_again:  @@ -384,6 +384,10 @@ try_again:
605          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
606          if (!skb)          if (!skb)
# Line 612  Source code for this patch is https://va Line 612  Source code for this patch is https://va
612    
613          ulen = skb->len - sizeof(struct udphdr);          ulen = skb->len - sizeof(struct udphdr);
614          copied = len;          copied = len;
615  --- linux-3.10.0-1160.24.1.el7.orig/net/socket.c  --- linux-3.10.0-1160.25.1.el7.orig/net/socket.c
616  +++ linux-3.10.0-1160.24.1.el7/net/socket.c  +++ linux-3.10.0-1160.25.1.el7/net/socket.c
617  @@ -1661,6 +1661,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct  @@ -1661,6 +1661,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
618          if (err < 0)          if (err < 0)
619                  goto out_fd;                  goto out_fd;
# Line 625  Source code for this patch is https://va Line 625  Source code for this patch is https://va
625          if (upeer_sockaddr) {          if (upeer_sockaddr) {
626                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
627                                            &len, 2) < 0) {                                            &len, 2) < 0) {
628  --- linux-3.10.0-1160.24.1.el7.orig/net/unix/af_unix.c  --- linux-3.10.0-1160.25.1.el7.orig/net/unix/af_unix.c
629  +++ linux-3.10.0-1160.24.1.el7/net/unix/af_unix.c  +++ linux-3.10.0-1160.25.1.el7/net/unix/af_unix.c
630  @@ -2138,6 +2138,10 @@ static int unix_dgram_recvmsg(struct kio  @@ -2138,6 +2138,10 @@ static int unix_dgram_recvmsg(struct kio
631          wake_up_interruptible_sync_poll(&u->peer_wait,          wake_up_interruptible_sync_poll(&u->peer_wait,
632                                          POLLOUT | POLLWRNORM | POLLWRBAND);                                          POLLOUT | POLLWRNORM | POLLWRBAND);
# Line 638  Source code for this patch is https://va Line 638  Source code for this patch is https://va
638          if (msg->msg_name)          if (msg->msg_name)
639                  unix_copy_addr(msg, skb->sk);                  unix_copy_addr(msg, skb->sk);
640    
641  --- linux-3.10.0-1160.24.1.el7.orig/security/Kconfig  --- linux-3.10.0-1160.25.1.el7.orig/security/Kconfig
642  +++ linux-3.10.0-1160.24.1.el7/security/Kconfig  +++ linux-3.10.0-1160.25.1.el7/security/Kconfig
643  @@ -226,5 +226,7 @@ config DEFAULT_SECURITY  @@ -226,5 +226,7 @@ config DEFAULT_SECURITY
644          default "yama" if DEFAULT_SECURITY_YAMA          default "yama" if DEFAULT_SECURITY_YAMA
645          default "" if DEFAULT_SECURITY_DAC          default "" if DEFAULT_SECURITY_DAC
# Line 648  Source code for this patch is https://va Line 648  Source code for this patch is https://va
648  +  +
649   endmenu   endmenu
650    
651  --- linux-3.10.0-1160.24.1.el7.orig/security/Makefile  --- linux-3.10.0-1160.25.1.el7.orig/security/Makefile
652  +++ linux-3.10.0-1160.24.1.el7/security/Makefile  +++ linux-3.10.0-1160.25.1.el7/security/Makefile
653  @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c  @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
654   # Object integrity file lists   # Object integrity file lists
655   subdir-$(CONFIG_INTEGRITY)             += integrity   subdir-$(CONFIG_INTEGRITY)             += integrity
# Line 657  Source code for this patch is https://va Line 657  Source code for this patch is https://va
657  +  +
658  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
659  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o
660  --- linux-3.10.0-1160.24.1.el7.orig/security/security.c  --- linux-3.10.0-1160.25.1.el7.orig/security/security.c
661  +++ linux-3.10.0-1160.24.1.el7/security/security.c  +++ linux-3.10.0-1160.25.1.el7/security/security.c
662  @@ -229,7 +229,10 @@ int security_syslog(int type)  @@ -229,7 +229,10 @@ int security_syslog(int type)
663    
664   int security_settime(const struct timespec *ts, const struct timezone *tz)   int security_settime(const struct timespec *ts, const struct timezone *tz)
Legend:
Removed from v.342  
changed lines
  Added in v.343
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help