TOMOYO

Fork

[tomoyo-users-en 22] tomoyo and grsecurity? part2

• Previous message (by thread): [tomoyo-users-en 31] Re: tomoyo and grsecurity?
• Next message (by thread): [tomoyo-users-en 23] Re: tomoyo and grsecurity? part2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

well...
it seems that (by mistake) i've send an answers to unspawns question
to his addres, instead of list.
i apology for that; i've no time to properly configure a
client-program (well... no time and no skills :|), and i'm sending
everything via firefox.
anyway, this is what i wanted to send:


root at linugrat:/usr/src/linux-2.6.27.10/fs# cat namei.c.rej
*************** static long do_unlinkat(int dfd, const c
*** 2352,2357 ****
       struct dentry *dentry;
       struct nameidata nd;
       struct inode *inode = NULL;

       error = user_path_parent(dfd, pathname, &nd, &name);
       if (error)
--- 2422,2431 ----
       struct dentry *dentry;
       struct nameidata nd;
       struct inode *inode = NULL;
+       /***** TOMOYO Linux start. *****/
+       if (!ccs_capable(TOMOYO_SYS_UNLINK))
+               return -EPERM;
+       /***** TOMOYO Linux end. *****/

       error = user_path_parent(dfd, pathname, &nd, &name);
       if (error)
root at linugrat:/usr/src/linux-2.6.27.10/fs#

root at linugrat:/usr/src/linux-2.6.27.10/fs# cat open.c
open.c       open.c.orig  open.c.rej
root at linugrat:/usr/src/linux-2.6.27.10/fs# cat open.c.rej
***************
*** 29,34 ****
 #include <linux/rcupdate.h>
 #include <linux/audit.h>
 #include <linux/falloc.h>

 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
 {
--- 29,40 ----
 #include <linux/rcupdate.h>
 #include <linux/audit.h>
 #include <linux/falloc.h>
+ /***** SAKURA Linux start. *****/
+ #include <linux/sakura.h>
+ /***** SAKURA Linux end. *****/
+ /***** TOMOYO Linux start. *****/
+ #include <linux/tomoyo.h>
+ /***** TOMOYO Linux end. *****/

 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
 {
root at linugrat:/usr/src/linux-2.6.27.10/fs#

root at linugrat:/usr/src/linux-2.6.27.10/net/unix# cat af_unix.c.rej
***************
*** 114,119 ****
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>

 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
 static DEFINE_SPINLOCK(unix_table_lock);
--- 114,122 ----
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>
+ /***** TOMOYO Linux start. *****/
+ #include <linux/tomoyo.h>
+ /***** TOMOYO Linux end. *****/

 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
 static DEFINE_SPINLOCK(unix_table_lock);
*************** static int unix_bind(struct socket *sock
*** 841,846 ****
               err = mnt_want_write(nd.path.mnt);
               if (err)
                       goto out_mknod_dput;
               err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
               mnt_drop_write(nd.path.mnt);
               if (err)
--- 849,861 ----
               err = mnt_want_write(nd.path.mnt);
               if (err)
                       goto out_mknod_dput;
+               /***** TOMOYO Linux start. *****/
+               err = pre_vfs_mknod(nd.path.dentry->d_inode, dentry, mode);
+               if (!err)
+                       err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
+                                                  nd.path.mnt);
+               if (!err)
+               /***** TOMOYO Linux end. *****/
               err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
               mnt_drop_write(nd.path.mnt);
               if (err)
root at linugrat:/usr/src/linux-2.6.27.10/net/unix#

regards,
szymon

• Previous message (by thread): [tomoyo-users-en 31] Re: tomoyo and grsecurity?
• Next message (by thread): [tomoyo-users-en 23] Re: tomoyo and grsecurity? part2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]