• R/O
  • SSH
  • HTTPS

tomoyo: Commit


Commit MetaInfo

Revision6638 (tree)
Time2018-04-01 14:22:08
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.9.diff (revision 6637)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.9.diff (revision 6638)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 4.9.91.
1+This is TOMOYO Linux patch for kernel 4.9.92.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.91.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.92.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/Makefile | 3 ++
2929 24 files changed, 147 insertions(+), 26 deletions(-)
3030
31---- linux-4.9.91.orig/fs/exec.c
32-+++ linux-4.9.91/fs/exec.c
31+--- linux-4.9.92.orig/fs/exec.c
32++++ linux-4.9.92/fs/exec.c
3333 @@ -1661,7 +1661,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.9.91.orig/fs/open.c
43-+++ linux-4.9.91/fs/open.c
42+--- linux-4.9.92.orig/fs/open.c
43++++ linux-4.9.92/fs/open.c
4444 @@ -1151,6 +1151,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.9.91.orig/fs/proc/version.c
54-+++ linux-4.9.91/fs/proc/version.c
53+--- linux-4.9.92.orig/fs/proc/version.c
54++++ linux-4.9.92/fs/proc/version.c
5555 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.9.91 2018/03/31\n");
62++ printk(KERN_INFO "Hook version: 4.9.92 2018/04/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.9.91.orig/include/linux/init_task.h
67-+++ linux-4.9.91/include/linux/init_task.h
66+--- linux-4.9.92.orig/include/linux/init_task.h
67++++ linux-4.9.92/include/linux/init_task.h
6868 @@ -193,6 +193,14 @@ extern struct task_group root_task_group
6969 # define INIT_TASK_TI(tsk)
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.9.91.orig/include/linux/sched.h
92-+++ linux-4.9.91/include/linux/sched.h
91+--- linux-4.9.92.orig/include/linux/sched.h
92++++ linux-4.9.92/include/linux/sched.h
9393 @@ -6,6 +6,8 @@
9494 #include <linux/sched/prio.h>
9595
@@ -110,8 +110,8 @@
110110 /* CPU-specific state of this task */
111111 struct thread_struct thread;
112112 /*
113---- linux-4.9.91.orig/include/linux/security.h
114-+++ linux-4.9.91/include/linux/security.h
113+--- linux-4.9.92.orig/include/linux/security.h
114++++ linux-4.9.92/include/linux/security.h
115115 @@ -55,6 +55,7 @@ struct msg_queue;
116116 struct xattr;
117117 struct xfrm_sec_ctx;
@@ -318,8 +318,8 @@
318318 }
319319 #endif /* CONFIG_SECURITY_PATH */
320320
321---- linux-4.9.91.orig/include/net/ip.h
322-+++ linux-4.9.91/include/net/ip.h
321+--- linux-4.9.92.orig/include/net/ip.h
322++++ linux-4.9.92/include/net/ip.h
323323 @@ -254,6 +254,8 @@ void inet_get_local_port_range(struct ne
324324 #ifdef CONFIG_SYSCTL
325325 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -338,8 +338,8 @@
338338 return 0;
339339 }
340340 #endif
341---- linux-4.9.91.orig/kernel/fork.c
342-+++ linux-4.9.91/kernel/fork.c
341+--- linux-4.9.92.orig/kernel/fork.c
342++++ linux-4.9.92/kernel/fork.c
343343 @@ -392,6 +392,7 @@ void __put_task_struct(struct task_struc
344344 delayacct_tsk_free(tsk);
345345 put_signal_struct(tsk->signal);
@@ -366,8 +366,8 @@
366366 bad_fork_cleanup_perf:
367367 perf_event_free_task(p);
368368 bad_fork_cleanup_policy:
369---- linux-4.9.91.orig/kernel/kexec.c
370-+++ linux-4.9.91/kernel/kexec.c
369+--- linux-4.9.92.orig/kernel/kexec.c
370++++ linux-4.9.92/kernel/kexec.c
371371 @@ -17,7 +17,7 @@
372372 #include <linux/syscalls.h>
373373 #include <linux/vmalloc.h>
@@ -386,8 +386,8 @@
386386
387387 /*
388388 * Verify we have a legal set of flags
389---- linux-4.9.91.orig/kernel/module.c
390-+++ linux-4.9.91/kernel/module.c
389+--- linux-4.9.92.orig/kernel/module.c
390++++ linux-4.9.92/kernel/module.c
391391 @@ -63,6 +63,7 @@
392392 #include <linux/dynamic_debug.h>
393393 #include <uapi/linux/module.h>
@@ -414,8 +414,8 @@
414414
415415 return 0;
416416 }
417---- linux-4.9.91.orig/kernel/ptrace.c
418-+++ linux-4.9.91/kernel/ptrace.c
417+--- linux-4.9.92.orig/kernel/ptrace.c
418++++ linux-4.9.92/kernel/ptrace.c
419419 @@ -1122,6 +1122,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420420 {
421421 struct task_struct *child;
@@ -440,8 +440,8 @@
440440
441441 if (request == PTRACE_TRACEME) {
442442 ret = ptrace_traceme();
443---- linux-4.9.91.orig/kernel/reboot.c
444-+++ linux-4.9.91/kernel/reboot.c
443+--- linux-4.9.92.orig/kernel/reboot.c
444++++ linux-4.9.92/kernel/reboot.c
445445 @@ -16,6 +16,7 @@
446446 #include <linux/syscalls.h>
447447 #include <linux/syscore_ops.h>
@@ -459,8 +459,8 @@
459459
460460 /*
461461 * If pid namespaces are enabled and the current task is in a child
462---- linux-4.9.91.orig/kernel/sched/core.c
463-+++ linux-4.9.91/kernel/sched/core.c
462+--- linux-4.9.92.orig/kernel/sched/core.c
463++++ linux-4.9.92/kernel/sched/core.c
464464 @@ -3812,6 +3812,8 @@ int can_nice(const struct task_struct *p
465465 SYSCALL_DEFINE1(nice, int, increment)
466466 {
@@ -470,8 +470,8 @@
470470
471471 /*
472472 * Setpriority might change our priority at the same moment.
473---- linux-4.9.91.orig/kernel/signal.c
474-+++ linux-4.9.91/kernel/signal.c
473+--- linux-4.9.92.orig/kernel/signal.c
474++++ linux-4.9.92/kernel/signal.c
475475 @@ -2857,6 +2857,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476476 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477477 {
@@ -517,8 +517,8 @@
517517
518518 return do_send_specific(tgid, pid, sig, info);
519519 }
520---- linux-4.9.91.orig/kernel/sys.c
521-+++ linux-4.9.91/kernel/sys.c
520+--- linux-4.9.92.orig/kernel/sys.c
521++++ linux-4.9.92/kernel/sys.c
522522 @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523523
524524 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -548,8 +548,8 @@
548548
549549 down_write(&uts_sem);
550550 errno = -EFAULT;
551---- linux-4.9.91.orig/kernel/time/ntp.c
552-+++ linux-4.9.91/kernel/time/ntp.c
551+--- linux-4.9.92.orig/kernel/time/ntp.c
552++++ linux-4.9.92/kernel/time/ntp.c
553553 @@ -17,6 +17,7 @@
554554 #include <linux/module.h>
555555 #include <linux/rtc.h>
@@ -583,8 +583,8 @@
583583
584584 if (txc->modes & ADJ_NANO) {
585585 struct timespec ts;
586---- linux-4.9.91.orig/net/ipv4/raw.c
587-+++ linux-4.9.91/net/ipv4/raw.c
586+--- linux-4.9.92.orig/net/ipv4/raw.c
587++++ linux-4.9.92/net/ipv4/raw.c
588588 @@ -744,6 +744,10 @@ static int raw_recvmsg(struct sock *sk,
589589 skb = skb_recv_datagram(sk, flags, noblock, &err);
590590 if (!skb)
@@ -596,8 +596,8 @@
596596
597597 copied = skb->len;
598598 if (len < copied) {
599---- linux-4.9.91.orig/net/ipv4/udp.c
600-+++ linux-4.9.91/net/ipv4/udp.c
599+--- linux-4.9.92.orig/net/ipv4/udp.c
600++++ linux-4.9.92/net/ipv4/udp.c
601601 @@ -1264,6 +1264,8 @@ try_again:
602602 &peeked, &off, &err);
603603 if (!skb)
@@ -607,8 +607,8 @@
607607
608608 ulen = skb->len;
609609 copied = len;
610---- linux-4.9.91.orig/net/ipv6/raw.c
611-+++ linux-4.9.91/net/ipv6/raw.c
610+--- linux-4.9.92.orig/net/ipv6/raw.c
611++++ linux-4.9.92/net/ipv6/raw.c
612612 @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
613613 skb = skb_recv_datagram(sk, flags, noblock, &err);
614614 if (!skb)
@@ -620,8 +620,8 @@
620620
621621 copied = skb->len;
622622 if (copied > len) {
623---- linux-4.9.91.orig/net/ipv6/udp.c
624-+++ linux-4.9.91/net/ipv6/udp.c
623+--- linux-4.9.92.orig/net/ipv6/udp.c
624++++ linux-4.9.92/net/ipv6/udp.c
625625 @@ -348,6 +348,8 @@ try_again:
626626 &peeked, &off, &err);
627627 if (!skb)
@@ -631,8 +631,8 @@
631631
632632 ulen = skb->len;
633633 copied = len;
634---- linux-4.9.91.orig/net/socket.c
635-+++ linux-4.9.91/net/socket.c
634+--- linux-4.9.92.orig/net/socket.c
635++++ linux-4.9.92/net/socket.c
636636 @@ -1481,6 +1481,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
637637 if (err < 0)
638638 goto out_fd;
@@ -644,8 +644,8 @@
644644 if (upeer_sockaddr) {
645645 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
646646 &len, 2) < 0) {
647---- linux-4.9.91.orig/net/unix/af_unix.c
648-+++ linux-4.9.91/net/unix/af_unix.c
647+--- linux-4.9.92.orig/net/unix/af_unix.c
648++++ linux-4.9.92/net/unix/af_unix.c
649649 @@ -2150,6 +2150,10 @@ static int unix_dgram_recvmsg(struct soc
650650 POLLOUT | POLLWRNORM |
651651 POLLWRBAND);
@@ -665,8 +665,8 @@
665665 mutex_unlock(&u->iolock);
666666 out:
667667 return err;
668---- linux-4.9.91.orig/security/Kconfig
669-+++ linux-4.9.91/security/Kconfig
668+--- linux-4.9.92.orig/security/Kconfig
669++++ linux-4.9.92/security/Kconfig
670670 @@ -214,5 +214,7 @@ config DEFAULT_SECURITY
671671 default "apparmor" if DEFAULT_SECURITY_APPARMOR
672672 default "" if DEFAULT_SECURITY_DAC
@@ -675,8 +675,8 @@
675675 +
676676 endmenu
677677
678---- linux-4.9.91.orig/security/Makefile
679-+++ linux-4.9.91/security/Makefile
678+--- linux-4.9.92.orig/security/Makefile
679++++ linux-4.9.92/security/Makefile
680680 @@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
681681 # Object integrity file lists
682682 subdir-$(CONFIG_INTEGRITY) += integrity
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.17.diff (revision 0)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.17.diff (revision 6638)
@@ -0,0 +1,682 @@
1+This is TOMOYO Linux patch for linux-next.
2+
3+Source code for this patch is https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/snapshot/linux-next-next-20180329.tar.gz
4+---
5+ fs/exec.c | 2 -
6+ fs/open.c | 2 +
7+ fs/proc/version.c | 7 ++++
8+ include/linux/sched.h | 5 +++
9+ include/linux/security.h | 68 ++++++++++++++++++++++++++++------------------
10+ include/net/ip.h | 4 ++
11+ init/init_task.c | 4 ++
12+ kernel/kexec.c | 4 ++
13+ kernel/module.c | 5 +++
14+ kernel/ptrace.c | 10 ++++++
15+ kernel/reboot.c | 3 ++
16+ kernel/sched/core.c | 2 +
17+ kernel/signal.c | 10 ++++++
18+ kernel/sys.c | 8 +++++
19+ kernel/time/timekeeping.c | 8 +++++
20+ net/ipv4/raw.c | 4 ++
21+ net/ipv4/udp.c | 2 +
22+ net/ipv6/raw.c | 4 ++
23+ net/ipv6/udp.c | 2 +
24+ net/socket.c | 4 ++
25+ net/unix/af_unix.c | 5 +++
26+ security/Kconfig | 2 +
27+ security/Makefile | 3 ++
28+ security/security.c | 9 +++++-
29+ 24 files changed, 148 insertions(+), 29 deletions(-)
30+
31+--- linux-next.orig/fs/exec.c
32++++ linux-next/fs/exec.c
33+@@ -1693,7 +1693,7 @@ static int exec_binprm(struct linux_binp
34+ old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35+ rcu_read_unlock();
36+
37+- ret = search_binary_handler(bprm);
38++ ret = ccs_search_binary_handler(bprm);
39+ if (ret >= 0) {
40+ audit_bprm(bprm);
41+ trace_sched_process_exec(current, old_pid, bprm);
42+--- linux-next.orig/fs/open.c
43++++ linux-next/fs/open.c
44+@@ -1204,6 +1204,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
45+ */
46+ SYSCALL_DEFINE0(vhangup)
47+ {
48++ if (!ccs_capable(CCS_SYS_VHANGUP))
49++ return -EPERM;
50+ if (capable(CAP_SYS_TTY_CONFIG)) {
51+ tty_vhangup_self();
52+ return 0;
53+--- linux-next.orig/fs/proc/version.c
54++++ linux-next/fs/proc/version.c
55+@@ -33,3 +33,10 @@ static int __init proc_version_init(void
56+ return 0;
57+ }
58+ fs_initcall(proc_version_init);
59++
60++static int __init ccs_show_version(void)
61++{
62++ printk(KERN_INFO "Hook version: 4.16-rc7-next-20180329 2018/04/01\n");
63++ return 0;
64++}
65++fs_initcall(ccs_show_version);
66+--- linux-next.orig/include/linux/sched.h
67++++ linux-next/include/linux/sched.h
68+@@ -33,6 +33,7 @@ struct audit_context;
69+ struct backing_dev_info;
70+ struct bio_list;
71+ struct blk_plug;
72++struct ccs_domain_info;
73+ struct cfs_rq;
74+ struct fs_struct;
75+ struct futex_pi_state;
76+@@ -1130,6 +1131,10 @@ struct task_struct {
77+ /* Used by LSM modules for access restriction: */
78+ void *security;
79+ #endif
80++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
81++ struct ccs_domain_info *ccs_domain_info;
82++ u32 ccs_flags;
83++#endif
84+
85+ /*
86+ * New fields for task_struct should be added above here, so that
87+--- linux-next.orig/include/linux/security.h
88++++ linux-next/include/linux/security.h
89+@@ -53,6 +53,7 @@ struct msg_msg;
90+ struct xattr;
91+ struct xfrm_sec_ctx;
92+ struct mm_struct;
93++#include <linux/ccsecurity.h>
94+
95+ /* If capable should audit the security request */
96+ #define SECURITY_CAP_NOAUDIT 0
97+@@ -505,7 +506,10 @@ static inline int security_syslog(int ty
98+ static inline int security_settime64(const struct timespec64 *ts,
99+ const struct timezone *tz)
100+ {
101+- return cap_settime(ts, tz);
102++ int error = cap_settime(ts, tz);
103++ if (!error)
104++ error = ccs_settime(ts, tz);
105++ return error;
106+ }
107+
108+ static inline int security_settime(const struct timespec *ts,
109+@@ -577,18 +581,18 @@ static inline int security_sb_mount(cons
110+ const char *type, unsigned long flags,
111+ void *data)
112+ {
113+- return 0;
114++ return ccs_sb_mount(dev_name, path, type, flags, data);
115+ }
116+
117+ static inline int security_sb_umount(struct vfsmount *mnt, int flags)
118+ {
119+- return 0;
120++ return ccs_sb_umount(mnt, flags);
121+ }
122+
123+ static inline int security_sb_pivotroot(const struct path *old_path,
124+ const struct path *new_path)
125+ {
126+- return 0;
127++ return ccs_sb_pivotroot(old_path, new_path);
128+ }
129+
130+ static inline int security_sb_set_mnt_opts(struct super_block *sb,
131+@@ -737,7 +741,7 @@ static inline int security_inode_setattr
132+
133+ static inline int security_inode_getattr(const struct path *path)
134+ {
135+- return 0;
136++ return ccs_inode_getattr(path);
137+ }
138+
139+ static inline int security_inode_setxattr(struct dentry *dentry,
140+@@ -823,7 +827,7 @@ static inline void security_file_free(st
141+ static inline int security_file_ioctl(struct file *file, unsigned int cmd,
142+ unsigned long arg)
143+ {
144+- return 0;
145++ return ccs_file_ioctl(file, cmd, arg);
146+ }
147+
148+ static inline int security_mmap_file(struct file *file, unsigned long prot,
149+@@ -852,7 +856,7 @@ static inline int security_file_lock(str
150+ static inline int security_file_fcntl(struct file *file, unsigned int cmd,
151+ unsigned long arg)
152+ {
153+- return 0;
154++ return ccs_file_fcntl(file, cmd, arg);
155+ }
156+
157+ static inline void security_file_set_fowner(struct file *file)
158+@@ -875,17 +879,19 @@ static inline int security_file_receive(
159+ static inline int security_file_open(struct file *file,
160+ const struct cred *cred)
161+ {
162+- return 0;
163++ return ccs_file_open(file, cred);
164+ }
165+
166+ static inline int security_task_alloc(struct task_struct *task,
167+ unsigned long clone_flags)
168+ {
169+- return 0;
170++ return ccs_alloc_task_security(task);
171+ }
172+
173+ static inline void security_task_free(struct task_struct *task)
174+-{ }
175++{
176++ ccs_free_task_security(task);
177++}
178+
179+ static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
180+ {
181+@@ -1251,7 +1257,7 @@ static inline int security_unix_may_send
182+ static inline int security_socket_create(int family, int type,
183+ int protocol, int kern)
184+ {
185+- return 0;
186++ return ccs_socket_create(family, type, protocol, kern);
187+ }
188+
189+ static inline int security_socket_post_create(struct socket *sock,
190+@@ -1266,19 +1272,19 @@ static inline int security_socket_bind(s
191+ struct sockaddr *address,
192+ int addrlen)
193+ {
194+- return 0;
195++ return ccs_socket_bind(sock, address, addrlen);
196+ }
197+
198+ static inline int security_socket_connect(struct socket *sock,
199+ struct sockaddr *address,
200+ int addrlen)
201+ {
202+- return 0;
203++ return ccs_socket_connect(sock, address, addrlen);
204+ }
205+
206+ static inline int security_socket_listen(struct socket *sock, int backlog)
207+ {
208+- return 0;
209++ return ccs_socket_listen(sock, backlog);
210+ }
211+
212+ static inline int security_socket_accept(struct socket *sock,
213+@@ -1290,7 +1296,7 @@ static inline int security_socket_accept
214+ static inline int security_socket_sendmsg(struct socket *sock,
215+ struct msghdr *msg, int size)
216+ {
217+- return 0;
218++ return ccs_socket_sendmsg(sock, msg, size);
219+ }
220+
221+ static inline int security_socket_recvmsg(struct socket *sock,
222+@@ -1577,42 +1583,42 @@ int security_path_chroot(const struct pa
223+ #else /* CONFIG_SECURITY_PATH */
224+ static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
225+ {
226+- return 0;
227++ return ccs_path_unlink(dir, dentry);
228+ }
229+
230+ static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
231+ umode_t mode)
232+ {
233+- return 0;
234++ return ccs_path_mkdir(dir, dentry, mode);
235+ }
236+
237+ static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
238+ {
239+- return 0;
240++ return ccs_path_rmdir(dir, dentry);
241+ }
242+
243+ static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
244+ umode_t mode, unsigned int dev)
245+ {
246+- return 0;
247++ return ccs_path_mknod(dir, dentry, mode, dev);
248+ }
249+
250+ static inline int security_path_truncate(const struct path *path)
251+ {
252+- return 0;
253++ return ccs_path_truncate(path);
254+ }
255+
256+ static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
257+ const char *old_name)
258+ {
259+- return 0;
260++ return ccs_path_symlink(dir, dentry, old_name);
261+ }
262+
263+ static inline int security_path_link(struct dentry *old_dentry,
264+ const struct path *new_dir,
265+ struct dentry *new_dentry)
266+ {
267+- return 0;
268++ return ccs_path_link(old_dentry, new_dir, new_dentry);
269+ }
270+
271+ static inline int security_path_rename(const struct path *old_dir,
272+@@ -1621,22 +1627,32 @@ static inline int security_path_rename(c
273+ struct dentry *new_dentry,
274+ unsigned int flags)
275+ {
276+- return 0;
277++ /*
278++ * Not using RENAME_EXCHANGE here in order to avoid KABI breakage
279++ * by doing "#include <uapi/linux/fs.h>" .
280++ */
281++ if (flags & (1 << 1)) {
282++ int err = ccs_path_rename(new_dir, new_dentry, old_dir,
283++ old_dentry);
284++ if (err)
285++ return err;
286++ }
287++ return ccs_path_rename(old_dir, old_dentry, new_dir, new_dentry);
288+ }
289+
290+ static inline int security_path_chmod(const struct path *path, umode_t mode)
291+ {
292+- return 0;
293++ return ccs_path_chmod(path, mode);
294+ }
295+
296+ static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
297+ {
298+- return 0;
299++ return ccs_path_chown(path, uid, gid);
300+ }
301+
302+ static inline int security_path_chroot(const struct path *path)
303+ {
304+- return 0;
305++ return ccs_path_chroot(path);
306+ }
307+ #endif /* CONFIG_SECURITY_PATH */
308+
309+--- linux-next.orig/include/net/ip.h
310++++ linux-next/include/net/ip.h
311+@@ -277,6 +277,8 @@ void inet_get_local_port_range(struct ne
312+ #ifdef CONFIG_SYSCTL
313+ static inline int inet_is_local_reserved_port(struct net *net, int port)
314+ {
315++ if (ccs_lport_reserved(port))
316++ return 1;
317+ if (!net->ipv4.sysctl_local_reserved_ports)
318+ return 0;
319+ return test_bit(port, net->ipv4.sysctl_local_reserved_ports);
320+@@ -295,6 +297,8 @@ static inline int inet_prot_sock(struct
321+ #else
322+ static inline int inet_is_local_reserved_port(struct net *net, int port)
323+ {
324++ if (ccs_lport_reserved(port))
325++ return 1;
326+ return 0;
327+ }
328+
329+--- linux-next.orig/init/init_task.c
330++++ linux-next/init/init_task.c
331+@@ -175,6 +175,10 @@ struct task_struct init_task
332+ #ifdef CONFIG_SECURITY
333+ .security = NULL,
334+ #endif
335++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
336++ .ccs_domain_info = NULL,
337++ .ccs_flags = 0,
338++#endif
339+ };
340+ EXPORT_SYMBOL(init_task);
341+
342+--- linux-next.orig/kernel/kexec.c
343++++ linux-next/kernel/kexec.c
344+@@ -17,7 +17,7 @@
345+ #include <linux/syscalls.h>
346+ #include <linux/vmalloc.h>
347+ #include <linux/slab.h>
348+-
349++#include <linux/ccsecurity.h>
350+ #include "kexec_internal.h"
351+
352+ static int copy_user_segment_list(struct kimage *image,
353+@@ -198,6 +198,8 @@ static inline int kexec_load_check(unsig
354+ /* We only trust the superuser with rebooting the system. */
355+ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
356+ return -EPERM;
357++ if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
358++ return -EPERM;
359+
360+ /*
361+ * kexec can be used to circumvent module loading restrictions, so
362+--- linux-next.orig/kernel/module.c
363++++ linux-next/kernel/module.c
364+@@ -67,6 +67,7 @@
365+ #include <linux/ima.h>
366+ #include <uapi/linux/module.h>
367+ #include "module-internal.h"
368++#include <linux/ccsecurity.h>
369+
370+ #define CREATE_TRACE_POINTS
371+ #include <trace/events/module.h>
372+@@ -969,6 +970,8 @@ SYSCALL_DEFINE2(delete_module, const cha
373+
374+ if (!capable(CAP_SYS_MODULE) || modules_disabled)
375+ return -EPERM;
376++ if (!ccs_capable(CCS_USE_KERNEL_MODULE))
377++ return -EPERM;
378+
379+ if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
380+ return -EFAULT;
381+@@ -3573,6 +3576,8 @@ static int may_init_module(void)
382+ {
383+ if (!capable(CAP_SYS_MODULE) || modules_disabled)
384+ return -EPERM;
385++ if (!ccs_capable(CCS_USE_KERNEL_MODULE))
386++ return -EPERM;
387+
388+ return 0;
389+ }
390+--- linux-next.orig/kernel/ptrace.c
391++++ linux-next/kernel/ptrace.c
392+@@ -1112,6 +1112,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393+ {
394+ struct task_struct *child;
395+ long ret;
396++ {
397++ const int rc = ccs_ptrace_permission(request, pid);
398++ if (rc)
399++ return rc;
400++ }
401+
402+ if (request == PTRACE_TRACEME) {
403+ ret = ptrace_traceme();
404+@@ -1260,6 +1265,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
405+ {
406+ struct task_struct *child;
407+ long ret;
408++ {
409++ const int rc = ccs_ptrace_permission(request, pid);
410++ if (rc)
411++ return rc;
412++ }
413+
414+ if (request == PTRACE_TRACEME) {
415+ ret = ptrace_traceme();
416+--- linux-next.orig/kernel/reboot.c
417++++ linux-next/kernel/reboot.c
418+@@ -16,6 +16,7 @@
419+ #include <linux/syscalls.h>
420+ #include <linux/syscore_ops.h>
421+ #include <linux/uaccess.h>
422++#include <linux/ccsecurity.h>
423+
424+ /*
425+ * this indicates whether you can reboot with ctrl-alt-del: the default is yes
426+@@ -322,6 +323,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
427+ magic2 != LINUX_REBOOT_MAGIC2B &&
428+ magic2 != LINUX_REBOOT_MAGIC2C))
429+ return -EINVAL;
430++ if (!ccs_capable(CCS_SYS_REBOOT))
431++ return -EPERM;
432+
433+ /*
434+ * If pid namespaces are enabled and the current task is in a child
435+--- linux-next.orig/kernel/sched/core.c
436++++ linux-next/kernel/sched/core.c
437+@@ -3976,6 +3976,8 @@ int can_nice(const struct task_struct *p
438+ SYSCALL_DEFINE1(nice, int, increment)
439+ {
440+ long nice, retval;
441++ if (!ccs_capable(CCS_SYS_NICE))
442++ return -EPERM;
443+
444+ /*
445+ * Setpriority might change our priority at the same moment.
446+--- linux-next.orig/kernel/signal.c
447++++ linux-next/kernel/signal.c
448+@@ -3241,6 +3241,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
449+ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
450+ {
451+ struct siginfo info;
452++ if (ccs_kill_permission(pid, sig))
453++ return -EPERM;
454+
455+ clear_siginfo(&info);
456+ info.si_signo = sig;
457+@@ -3311,6 +3313,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
458+ /* This is only valid for single tasks */
459+ if (pid <= 0 || tgid <= 0)
460+ return -EINVAL;
461++ if (ccs_tgkill_permission(tgid, pid, sig))
462++ return -EPERM;
463+
464+ return do_tkill(tgid, pid, sig);
465+ }
466+@@ -3327,6 +3331,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
467+ /* This is only valid for single tasks */
468+ if (pid <= 0)
469+ return -EINVAL;
470++ if (ccs_tkill_permission(pid, sig))
471++ return -EPERM;
472+
473+ return do_tkill(0, pid, sig);
474+ }
475+@@ -3341,6 +3347,8 @@ static int do_rt_sigqueueinfo(pid_t pid,
476+ return -EPERM;
477+
478+ info->si_signo = sig;
479++ if (ccs_sigqueue_permission(pid, sig))
480++ return -EPERM;
481+
482+ /* POSIX.1b doesn't mention process groups. */
483+ return kill_proc_info(sig, info, pid);
484+@@ -3389,6 +3397,8 @@ static int do_rt_tgsigqueueinfo(pid_t tg
485+ return -EPERM;
486+
487+ info->si_signo = sig;
488++ if (ccs_tgsigqueue_permission(tgid, pid, sig))
489++ return -EPERM;
490+
491+ return do_send_specific(tgid, pid, sig, info);
492+ }
493+--- linux-next.orig/kernel/sys.c
494++++ linux-next/kernel/sys.c
495+@@ -199,6 +199,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496+
497+ if (which > PRIO_USER || which < PRIO_PROCESS)
498+ goto out;
499++ if (!ccs_capable(CCS_SYS_NICE)) {
500++ error = -EPERM;
501++ goto out;
502++ }
503+
504+ /* normalize: avoid signed division (rounding problems) */
505+ error = -ESRCH;
506+@@ -1314,6 +1318,8 @@ SYSCALL_DEFINE2(sethostname, char __user
507+
508+ if (len < 0 || len > __NEW_UTS_LEN)
509+ return -EINVAL;
510++ if (!ccs_capable(CCS_SYS_SETHOSTNAME))
511++ return -EPERM;
512+ down_write(&uts_sem);
513+ errno = -EFAULT;
514+ if (!copy_from_user(tmp, name, len)) {
515+@@ -1364,6 +1370,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
516+ return -EPERM;
517+ if (len < 0 || len > __NEW_UTS_LEN)
518+ return -EINVAL;
519++ if (!ccs_capable(CCS_SYS_SETHOSTNAME))
520++ return -EPERM;
521+
522+ down_write(&uts_sem);
523+ errno = -EFAULT;
524+--- linux-next.orig/kernel/time/timekeeping.c
525++++ linux-next/kernel/time/timekeeping.c
526+@@ -25,6 +25,7 @@
527+ #include <linux/stop_machine.h>
528+ #include <linux/pvclock_gtod.h>
529+ #include <linux/compiler.h>
530++#include <linux/ccsecurity.h>
531+
532+ #include "tick-internal.h"
533+ #include "ntp_internal.h"
534+@@ -2245,10 +2246,15 @@ static int timekeeping_validate_timex(st
535+ if (!(txc->modes & ADJ_OFFSET_READONLY) &&
536+ !capable(CAP_SYS_TIME))
537+ return -EPERM;
538++ if (!(txc->modes & ADJ_OFFSET_READONLY) &&
539++ !ccs_capable(CCS_SYS_SETTIME))
540++ return -EPERM;
541+ } else {
542+ /* In order to modify anything, you gotta be super-user! */
543+ if (txc->modes && !capable(CAP_SYS_TIME))
544+ return -EPERM;
545++ if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
546++ return -EPERM;
547+ /*
548+ * if the quartz is off by more than 10% then
549+ * something is VERY wrong!
550+@@ -2263,6 +2269,8 @@ static int timekeeping_validate_timex(st
551+ /* In order to inject time, you gotta be super-user! */
552+ if (!capable(CAP_SYS_TIME))
553+ return -EPERM;
554++ if (!ccs_capable(CCS_SYS_SETTIME))
555++ return -EPERM;
556+
557+ /*
558+ * Validate if a timespec/timeval used to inject a time
559+--- linux-next.orig/net/ipv4/raw.c
560++++ linux-next/net/ipv4/raw.c
561+@@ -779,6 +779,10 @@ static int raw_recvmsg(struct sock *sk,
562+ skb = skb_recv_datagram(sk, flags, noblock, &err);
563+ if (!skb)
564+ goto out;
565++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
566++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
567++ goto out;
568++ }
569+
570+ copied = skb->len;
571+ if (len < copied) {
572+--- linux-next.orig/net/ipv4/udp.c
573++++ linux-next/net/ipv4/udp.c
574+@@ -1576,6 +1576,8 @@ try_again:
575+ skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576+ if (!skb)
577+ return err;
578++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags))
579++ return -EAGAIN; /* Hope less harmful than -EPERM. */
580+
581+ ulen = udp_skb_len(skb);
582+ copied = len;
583+--- linux-next.orig/net/ipv6/raw.c
584++++ linux-next/net/ipv6/raw.c
585+@@ -483,6 +483,10 @@ static int rawv6_recvmsg(struct sock *sk
586+ skb = skb_recv_datagram(sk, flags, noblock, &err);
587+ if (!skb)
588+ goto out;
589++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
590++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
591++ goto out;
592++ }
593+
594+ copied = skb->len;
595+ if (copied > len) {
596+--- linux-next.orig/net/ipv6/udp.c
597++++ linux-next/net/ipv6/udp.c
598+@@ -341,6 +341,8 @@ try_again:
599+ skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600+ if (!skb)
601+ return err;
602++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags))
603++ return -EAGAIN; /* Hope less harmful than -EPERM. */
604+
605+ ulen = udp6_skb_len(skb);
606+ copied = len;
607+--- linux-next.orig/net/socket.c
608++++ linux-next/net/socket.c
609+@@ -1592,6 +1592,10 @@ int __sys_accept4(int fd, struct sockadd
610+ if (err < 0)
611+ goto out_fd;
612+
613++ if (ccs_socket_post_accept_permission(sock, newsock)) {
614++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
615++ goto out_fd;
616++ }
617+ if (upeer_sockaddr) {
618+ len = newsock->ops->getname(newsock,
619+ (struct sockaddr *)&address, 2);
620+--- linux-next.orig/net/unix/af_unix.c
621++++ linux-next/net/unix/af_unix.c
622+@@ -2132,6 +2132,10 @@ static int unix_dgram_recvmsg(struct soc
623+ EPOLLOUT | EPOLLWRNORM |
624+ EPOLLWRBAND);
625+
626++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
627++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
628++ goto out_unlock;
629++ }
630+ if (msg->msg_name)
631+ unix_copy_addr(msg, skb->sk);
632+
633+@@ -2182,6 +2186,7 @@ static int unix_dgram_recvmsg(struct soc
634+
635+ out_free:
636+ skb_free_datagram(sk, skb);
637++out_unlock:
638+ mutex_unlock(&u->iolock);
639+ out:
640+ return err;
641+--- linux-next.orig/security/Kconfig
642++++ linux-next/security/Kconfig
643+@@ -309,5 +309,7 @@ config DEFAULT_SECURITY
644+ default "apparmor" if DEFAULT_SECURITY_APPARMOR
645+ default "" if DEFAULT_SECURITY_DAC
646+
647++source security/ccsecurity/Kconfig
648++
649+ endmenu
650+
651+--- linux-next.orig/security/Makefile
652++++ linux-next/security/Makefile
653+@@ -33,3 +33,6 @@ obj-$(CONFIG_INTEGRITY) += integrity/
654+
655+ # Allow the kernel to be locked down
656+ obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o
657++
658++subdir-$(CONFIG_CCSECURITY) += ccsecurity
659++obj-$(CONFIG_CCSECURITY) += ccsecurity/
660+--- linux-next.orig/security/security.c
661++++ linux-next/security/security.c
662+@@ -977,12 +977,19 @@ int security_file_open(struct file *file
663+
664+ int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
665+ {
666+- return call_int_hook(task_alloc, 0, task, clone_flags);
667++ int ret = ccs_alloc_task_security(task);
668++ if (ret)
669++ return ret;
670++ ret = call_int_hook(task_alloc, 0, task, clone_flags);
671++ if (ret)
672++ ccs_free_task_security(task);
673++ return ret;
674+ }
675+
676+ void security_task_free(struct task_struct *task)
677+ {
678+ call_void_hook(task_free, task);
679++ ccs_free_task_security(task);
680+ }
681+
682+ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.14.diff (revision 6637)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.14.diff (revision 6638)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 4.14.31.
1+This is TOMOYO Linux patch for kernel 4.14.32.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.31.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.32.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 9 +++++-
2929 24 files changed, 153 insertions(+), 29 deletions(-)
3030
31---- linux-4.14.31.orig/fs/exec.c
32-+++ linux-4.14.31/fs/exec.c
31+--- linux-4.14.32.orig/fs/exec.c
32++++ linux-4.14.32/fs/exec.c
3333 @@ -1677,7 +1677,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.14.31.orig/fs/open.c
43-+++ linux-4.14.31/fs/open.c
42+--- linux-4.14.32.orig/fs/open.c
43++++ linux-4.14.32/fs/open.c
4444 @@ -1171,6 +1171,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.14.31.orig/fs/proc/version.c
54-+++ linux-4.14.31/fs/proc/version.c
53+--- linux-4.14.32.orig/fs/proc/version.c
54++++ linux-4.14.32/fs/proc/version.c
5555 @@ -33,3 +33,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.14.31 2018/03/31\n");
62++ printk(KERN_INFO "Hook version: 4.14.32 2018/04/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.14.31.orig/include/linux/init_task.h
67-+++ linux-4.14.31/include/linux/init_task.h
66+--- linux-4.14.32.orig/include/linux/init_task.h
67++++ linux-4.14.32/include/linux/init_task.h
6868 @@ -219,6 +219,14 @@ extern struct cred init_cred;
6969 #define INIT_TASK_SECURITY
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.14.31.orig/include/linux/sched.h
92-+++ linux-4.14.31/include/linux/sched.h
91+--- linux-4.14.32.orig/include/linux/sched.h
92++++ linux-4.14.32/include/linux/sched.h
9393 @@ -33,6 +33,7 @@ struct audit_context;
9494 struct backing_dev_info;
9595 struct bio_list;
@@ -109,8 +109,8 @@
109109
110110 /*
111111 * New fields for task_struct should be added above here, so that
112---- linux-4.14.31.orig/include/linux/security.h
113-+++ linux-4.14.31/include/linux/security.h
112+--- linux-4.14.32.orig/include/linux/security.h
113++++ linux-4.14.32/include/linux/security.h
114114 @@ -56,6 +56,7 @@ struct msg_queue;
115115 struct xattr;
116116 struct xfrm_sec_ctx;
@@ -331,8 +331,8 @@
331331 }
332332 #endif /* CONFIG_SECURITY_PATH */
333333
334---- linux-4.14.31.orig/include/net/ip.h
335-+++ linux-4.14.31/include/net/ip.h
334+--- linux-4.14.32.orig/include/net/ip.h
335++++ linux-4.14.32/include/net/ip.h
336336 @@ -266,6 +266,8 @@ void inet_get_local_port_range(struct ne
337337 #ifdef CONFIG_SYSCTL
338338 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -351,8 +351,8 @@
351351 return 0;
352352 }
353353
354---- linux-4.14.31.orig/kernel/kexec.c
355-+++ linux-4.14.31/kernel/kexec.c
354+--- linux-4.14.32.orig/kernel/kexec.c
355++++ linux-4.14.32/kernel/kexec.c
356356 @@ -17,7 +17,7 @@
357357 #include <linux/syscalls.h>
358358 #include <linux/vmalloc.h>
@@ -371,8 +371,8 @@
371371
372372 /*
373373 * Verify we have a legal set of flags
374---- linux-4.14.31.orig/kernel/module.c
375-+++ linux-4.14.31/kernel/module.c
374+--- linux-4.14.32.orig/kernel/module.c
375++++ linux-4.14.32/kernel/module.c
376376 @@ -66,6 +66,7 @@
377377 #include <linux/audit.h>
378378 #include <uapi/linux/module.h>
@@ -399,8 +399,8 @@
399399
400400 return 0;
401401 }
402---- linux-4.14.31.orig/kernel/ptrace.c
403-+++ linux-4.14.31/kernel/ptrace.c
402+--- linux-4.14.32.orig/kernel/ptrace.c
403++++ linux-4.14.32/kernel/ptrace.c
404404 @@ -1123,6 +1123,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405405 {
406406 struct task_struct *child;
@@ -425,8 +425,8 @@
425425
426426 if (request == PTRACE_TRACEME) {
427427 ret = ptrace_traceme();
428---- linux-4.14.31.orig/kernel/reboot.c
429-+++ linux-4.14.31/kernel/reboot.c
428+--- linux-4.14.32.orig/kernel/reboot.c
429++++ linux-4.14.32/kernel/reboot.c
430430 @@ -16,6 +16,7 @@
431431 #include <linux/syscalls.h>
432432 #include <linux/syscore_ops.h>
@@ -444,8 +444,8 @@
444444
445445 /*
446446 * If pid namespaces are enabled and the current task is in a child
447---- linux-4.14.31.orig/kernel/sched/core.c
448-+++ linux-4.14.31/kernel/sched/core.c
447+--- linux-4.14.32.orig/kernel/sched/core.c
448++++ linux-4.14.32/kernel/sched/core.c
449449 @@ -3852,6 +3852,8 @@ int can_nice(const struct task_struct *p
450450 SYSCALL_DEFINE1(nice, int, increment)
451451 {
@@ -455,8 +455,8 @@
455455
456456 /*
457457 * Setpriority might change our priority at the same moment.
458---- linux-4.14.31.orig/kernel/signal.c
459-+++ linux-4.14.31/kernel/signal.c
458+--- linux-4.14.32.orig/kernel/signal.c
459++++ linux-4.14.32/kernel/signal.c
460460 @@ -2954,6 +2954,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
461461 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
462462 {
@@ -502,8 +502,8 @@
502502
503503 return do_send_specific(tgid, pid, sig, info);
504504 }
505---- linux-4.14.31.orig/kernel/sys.c
506-+++ linux-4.14.31/kernel/sys.c
505+--- linux-4.14.32.orig/kernel/sys.c
506++++ linux-4.14.32/kernel/sys.c
507507 @@ -191,6 +191,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
508508
509509 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -533,8 +533,8 @@
533533
534534 down_write(&uts_sem);
535535 errno = -EFAULT;
536---- linux-4.14.31.orig/kernel/time/ntp.c
537-+++ linux-4.14.31/kernel/time/ntp.c
536+--- linux-4.14.32.orig/kernel/time/ntp.c
537++++ linux-4.14.32/kernel/time/ntp.c
538538 @@ -18,6 +18,7 @@
539539 #include <linux/module.h>
540540 #include <linux/rtc.h>
@@ -568,8 +568,8 @@
568568
569569 if (txc->modes & ADJ_NANO) {
570570 struct timespec ts;
571---- linux-4.14.31.orig/net/ipv4/raw.c
572-+++ linux-4.14.31/net/ipv4/raw.c
571+--- linux-4.14.32.orig/net/ipv4/raw.c
572++++ linux-4.14.32/net/ipv4/raw.c
573573 @@ -766,6 +766,10 @@ static int raw_recvmsg(struct sock *sk,
574574 skb = skb_recv_datagram(sk, flags, noblock, &err);
575575 if (!skb)
@@ -581,8 +581,8 @@
581581
582582 copied = skb->len;
583583 if (len < copied) {
584---- linux-4.14.31.orig/net/ipv4/udp.c
585-+++ linux-4.14.31/net/ipv4/udp.c
584+--- linux-4.14.32.orig/net/ipv4/udp.c
585++++ linux-4.14.32/net/ipv4/udp.c
586586 @@ -1590,6 +1590,8 @@ try_again:
587587 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
588588 if (!skb)
@@ -592,8 +592,8 @@
592592
593593 ulen = udp_skb_len(skb);
594594 copied = len;
595---- linux-4.14.31.orig/net/ipv6/raw.c
596-+++ linux-4.14.31/net/ipv6/raw.c
595+--- linux-4.14.32.orig/net/ipv6/raw.c
596++++ linux-4.14.32/net/ipv6/raw.c
597597 @@ -483,6 +483,10 @@ static int rawv6_recvmsg(struct sock *sk
598598 skb = skb_recv_datagram(sk, flags, noblock, &err);
599599 if (!skb)
@@ -605,8 +605,8 @@
605605
606606 copied = skb->len;
607607 if (copied > len) {
608---- linux-4.14.31.orig/net/ipv6/udp.c
609-+++ linux-4.14.31/net/ipv6/udp.c
608+--- linux-4.14.32.orig/net/ipv6/udp.c
609++++ linux-4.14.32/net/ipv6/udp.c
610610 @@ -371,6 +371,8 @@ try_again:
611611 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
612612 if (!skb)
@@ -616,8 +616,8 @@
616616
617617 ulen = udp6_skb_len(skb);
618618 copied = len;
619---- linux-4.14.31.orig/net/socket.c
620-+++ linux-4.14.31/net/socket.c
619+--- linux-4.14.32.orig/net/socket.c
620++++ linux-4.14.32/net/socket.c
621621 @@ -1574,6 +1574,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
622622 if (err < 0)
623623 goto out_fd;
@@ -629,8 +629,8 @@
629629 if (upeer_sockaddr) {
630630 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
631631 &len, 2) < 0) {
632---- linux-4.14.31.orig/net/unix/af_unix.c
633-+++ linux-4.14.31/net/unix/af_unix.c
632+--- linux-4.14.32.orig/net/unix/af_unix.c
633++++ linux-4.14.32/net/unix/af_unix.c
634634 @@ -2131,6 +2131,10 @@ static int unix_dgram_recvmsg(struct soc
635635 POLLOUT | POLLWRNORM |
636636 POLLWRBAND);
@@ -650,8 +650,8 @@
650650 mutex_unlock(&u->iolock);
651651 out:
652652 return err;
653---- linux-4.14.31.orig/security/Kconfig
654-+++ linux-4.14.31/security/Kconfig
653+--- linux-4.14.32.orig/security/Kconfig
654++++ linux-4.14.32/security/Kconfig
655655 @@ -263,5 +263,7 @@ config DEFAULT_SECURITY
656656 default "apparmor" if DEFAULT_SECURITY_APPARMOR
657657 default "" if DEFAULT_SECURITY_DAC
@@ -660,8 +660,8 @@
660660 +
661661 endmenu
662662
663---- linux-4.14.31.orig/security/Makefile
664-+++ linux-4.14.31/security/Makefile
663+--- linux-4.14.32.orig/security/Makefile
664++++ linux-4.14.32/security/Makefile
665665 @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
666666 # Object integrity file lists
667667 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -669,8 +669,8 @@
669669 +
670670 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
671671 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
672---- linux-4.14.31.orig/security/security.c
673-+++ linux-4.14.31/security/security.c
672+--- linux-4.14.32.orig/security/security.c
673++++ linux-4.14.32/security/security.c
674674 @@ -976,12 +976,19 @@ int security_file_open(struct file *file
675675
676676 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.15.diff (revision 6637)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.15.diff (revision 6638)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 4.15.14.
1+This is TOMOYO Linux patch for kernel 4.15.15.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.14.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.15.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 9 +++++-
2929 24 files changed, 153 insertions(+), 29 deletions(-)
3030
31---- linux-4.15.14.orig/fs/exec.c
32-+++ linux-4.15.14/fs/exec.c
31+--- linux-4.15.15.orig/fs/exec.c
32++++ linux-4.15.15/fs/exec.c
3333 @@ -1677,7 +1677,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.15.14.orig/fs/open.c
43-+++ linux-4.15.14/fs/open.c
42+--- linux-4.15.15.orig/fs/open.c
43++++ linux-4.15.15/fs/open.c
4444 @@ -1171,6 +1171,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.15.14.orig/fs/proc/version.c
54-+++ linux-4.15.14/fs/proc/version.c
53+--- linux-4.15.15.orig/fs/proc/version.c
54++++ linux-4.15.15/fs/proc/version.c
5555 @@ -33,3 +33,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.15.14 2018/03/31\n");
62++ printk(KERN_INFO "Hook version: 4.15.15 2018/04/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.15.14.orig/include/linux/init_task.h
67-+++ linux-4.15.14/include/linux/init_task.h
66+--- linux-4.15.15.orig/include/linux/init_task.h
67++++ linux-4.15.15/include/linux/init_task.h
6868 @@ -218,6 +218,14 @@ extern struct cred init_cred;
6969 #define INIT_TASK_SECURITY
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.15.14.orig/include/linux/sched.h
92-+++ linux-4.15.14/include/linux/sched.h
91+--- linux-4.15.15.orig/include/linux/sched.h
92++++ linux-4.15.15/include/linux/sched.h
9393 @@ -33,6 +33,7 @@ struct audit_context;
9494 struct backing_dev_info;
9595 struct bio_list;
@@ -109,8 +109,8 @@
109109
110110 /*
111111 * New fields for task_struct should be added above here, so that
112---- linux-4.15.14.orig/include/linux/security.h
113-+++ linux-4.15.14/include/linux/security.h
112+--- linux-4.15.15.orig/include/linux/security.h
113++++ linux-4.15.15/include/linux/security.h
114114 @@ -56,6 +56,7 @@ struct msg_queue;
115115 struct xattr;
116116 struct xfrm_sec_ctx;
@@ -331,8 +331,8 @@
331331 }
332332 #endif /* CONFIG_SECURITY_PATH */
333333
334---- linux-4.15.14.orig/include/net/ip.h
335-+++ linux-4.15.14/include/net/ip.h
334+--- linux-4.15.15.orig/include/net/ip.h
335++++ linux-4.15.15/include/net/ip.h
336336 @@ -266,6 +266,8 @@ void inet_get_local_port_range(struct ne
337337 #ifdef CONFIG_SYSCTL
338338 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -351,8 +351,8 @@
351351 return 0;
352352 }
353353
354---- linux-4.15.14.orig/kernel/kexec.c
355-+++ linux-4.15.14/kernel/kexec.c
354+--- linux-4.15.15.orig/kernel/kexec.c
355++++ linux-4.15.15/kernel/kexec.c
356356 @@ -17,7 +17,7 @@
357357 #include <linux/syscalls.h>
358358 #include <linux/vmalloc.h>
@@ -371,8 +371,8 @@
371371
372372 /*
373373 * Verify we have a legal set of flags
374---- linux-4.15.14.orig/kernel/module.c
375-+++ linux-4.15.14/kernel/module.c
374+--- linux-4.15.15.orig/kernel/module.c
375++++ linux-4.15.15/kernel/module.c
376376 @@ -66,6 +66,7 @@
377377 #include <linux/audit.h>
378378 #include <uapi/linux/module.h>
@@ -399,8 +399,8 @@
399399
400400 return 0;
401401 }
402---- linux-4.15.14.orig/kernel/ptrace.c
403-+++ linux-4.15.14/kernel/ptrace.c
402+--- linux-4.15.15.orig/kernel/ptrace.c
403++++ linux-4.15.15/kernel/ptrace.c
404404 @@ -1123,6 +1123,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405405 {
406406 struct task_struct *child;
@@ -425,8 +425,8 @@
425425
426426 if (request == PTRACE_TRACEME) {
427427 ret = ptrace_traceme();
428---- linux-4.15.14.orig/kernel/reboot.c
429-+++ linux-4.15.14/kernel/reboot.c
428+--- linux-4.15.15.orig/kernel/reboot.c
429++++ linux-4.15.15/kernel/reboot.c
430430 @@ -16,6 +16,7 @@
431431 #include <linux/syscalls.h>
432432 #include <linux/syscore_ops.h>
@@ -444,8 +444,8 @@
444444
445445 /*
446446 * If pid namespaces are enabled and the current task is in a child
447---- linux-4.15.14.orig/kernel/sched/core.c
448-+++ linux-4.15.14/kernel/sched/core.c
447+--- linux-4.15.15.orig/kernel/sched/core.c
448++++ linux-4.15.15/kernel/sched/core.c
449449 @@ -3862,6 +3862,8 @@ int can_nice(const struct task_struct *p
450450 SYSCALL_DEFINE1(nice, int, increment)
451451 {
@@ -455,8 +455,8 @@
455455
456456 /*
457457 * Setpriority might change our priority at the same moment.
458---- linux-4.15.14.orig/kernel/signal.c
459-+++ linux-4.15.14/kernel/signal.c
458+--- linux-4.15.15.orig/kernel/signal.c
459++++ linux-4.15.15/kernel/signal.c
460460 @@ -2936,6 +2936,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
461461 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
462462 {
@@ -502,8 +502,8 @@
502502
503503 return do_send_specific(tgid, pid, sig, info);
504504 }
505---- linux-4.15.14.orig/kernel/sys.c
506-+++ linux-4.15.14/kernel/sys.c
505+--- linux-4.15.15.orig/kernel/sys.c
506++++ linux-4.15.15/kernel/sys.c
507507 @@ -197,6 +197,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
508508
509509 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -533,8 +533,8 @@
533533
534534 down_write(&uts_sem);
535535 errno = -EFAULT;
536---- linux-4.15.14.orig/kernel/time/timekeeping.c
537-+++ linux-4.15.14/kernel/time/timekeeping.c
536+--- linux-4.15.15.orig/kernel/time/timekeeping.c
537++++ linux-4.15.15/kernel/time/timekeeping.c
538538 @@ -25,6 +25,7 @@
539539 #include <linux/stop_machine.h>
540540 #include <linux/pvclock_gtod.h>
@@ -568,8 +568,8 @@
568568
569569 /*
570570 * Validate if a timespec/timeval used to inject a time
571---- linux-4.15.14.orig/net/ipv4/raw.c
572-+++ linux-4.15.14/net/ipv4/raw.c
571+--- linux-4.15.15.orig/net/ipv4/raw.c
572++++ linux-4.15.15/net/ipv4/raw.c
573573 @@ -768,6 +768,10 @@ static int raw_recvmsg(struct sock *sk,
574574 skb = skb_recv_datagram(sk, flags, noblock, &err);
575575 if (!skb)
@@ -581,8 +581,8 @@
581581
582582 copied = skb->len;
583583 if (len < copied) {
584---- linux-4.15.14.orig/net/ipv4/udp.c
585-+++ linux-4.15.14/net/ipv4/udp.c
584+--- linux-4.15.15.orig/net/ipv4/udp.c
585++++ linux-4.15.15/net/ipv4/udp.c
586586 @@ -1589,6 +1589,8 @@ try_again:
587587 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
588588 if (!skb)
@@ -592,8 +592,8 @@
592592
593593 ulen = udp_skb_len(skb);
594594 copied = len;
595---- linux-4.15.14.orig/net/ipv6/raw.c
596-+++ linux-4.15.14/net/ipv6/raw.c
595+--- linux-4.15.15.orig/net/ipv6/raw.c
596++++ linux-4.15.15/net/ipv6/raw.c
597597 @@ -483,6 +483,10 @@ static int rawv6_recvmsg(struct sock *sk
598598 skb = skb_recv_datagram(sk, flags, noblock, &err);
599599 if (!skb)
@@ -605,8 +605,8 @@
605605
606606 copied = skb->len;
607607 if (copied > len) {
608---- linux-4.15.14.orig/net/ipv6/udp.c
609-+++ linux-4.15.14/net/ipv6/udp.c
608+--- linux-4.15.15.orig/net/ipv6/udp.c
609++++ linux-4.15.15/net/ipv6/udp.c
610610 @@ -371,6 +371,8 @@ try_again:
611611 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
612612 if (!skb)
@@ -616,8 +616,8 @@
616616
617617 ulen = udp6_skb_len(skb);
618618 copied = len;
619---- linux-4.15.14.orig/net/socket.c
620-+++ linux-4.15.14/net/socket.c
619+--- linux-4.15.15.orig/net/socket.c
620++++ linux-4.15.15/net/socket.c
621621 @@ -1554,6 +1554,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
622622 if (err < 0)
623623 goto out_fd;
@@ -629,8 +629,8 @@
629629 if (upeer_sockaddr) {
630630 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
631631 &len, 2) < 0) {
632---- linux-4.15.14.orig/net/unix/af_unix.c
633-+++ linux-4.15.14/net/unix/af_unix.c
632+--- linux-4.15.15.orig/net/unix/af_unix.c
633++++ linux-4.15.15/net/unix/af_unix.c
634634 @@ -2132,6 +2132,10 @@ static int unix_dgram_recvmsg(struct soc
635635 POLLOUT | POLLWRNORM |
636636 POLLWRBAND);
@@ -650,8 +650,8 @@
650650 mutex_unlock(&u->iolock);
651651 out:
652652 return err;
653---- linux-4.15.14.orig/security/Kconfig
654-+++ linux-4.15.14/security/Kconfig
653+--- linux-4.15.15.orig/security/Kconfig
654++++ linux-4.15.15/security/Kconfig
655655 @@ -263,5 +263,7 @@ config DEFAULT_SECURITY
656656 default "apparmor" if DEFAULT_SECURITY_APPARMOR
657657 default "" if DEFAULT_SECURITY_DAC
@@ -660,8 +660,8 @@
660660 +
661661 endmenu
662662
663---- linux-4.15.14.orig/security/Makefile
664-+++ linux-4.15.14/security/Makefile
663+--- linux-4.15.15.orig/security/Makefile
664++++ linux-4.15.15/security/Makefile
665665 @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
666666 # Object integrity file lists
667667 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -669,8 +669,8 @@
669669 +
670670 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
671671 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
672---- linux-4.15.14.orig/security/security.c
673-+++ linux-4.15.14/security/security.c
672+--- linux-4.15.15.orig/security/security.c
673++++ linux-4.15.15/security/security.c
674674 @@ -977,12 +977,19 @@ int security_file_open(struct file *file
675675
676676 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.4.diff (revision 6637)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.4.diff (revision 6638)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 4.4.125.
1+This is TOMOYO Linux patch for kernel 4.4.126.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.125.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.126.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/Makefile | 3 ++
2929 24 files changed, 150 insertions(+), 26 deletions(-)
3030
31---- linux-4.4.125.orig/fs/exec.c
32-+++ linux-4.4.125/fs/exec.c
31+--- linux-4.4.126.orig/fs/exec.c
32++++ linux-4.4.126/fs/exec.c
3333 @@ -1508,7 +1508,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.4.125.orig/fs/open.c
43-+++ linux-4.4.125/fs/open.c
42+--- linux-4.4.126.orig/fs/open.c
43++++ linux-4.4.126/fs/open.c
4444 @@ -1117,6 +1117,8 @@ EXPORT_SYMBOL(sys_close);
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.4.125.orig/fs/proc/version.c
54-+++ linux-4.4.125/fs/proc/version.c
53+--- linux-4.4.126.orig/fs/proc/version.c
54++++ linux-4.4.126/fs/proc/version.c
5555 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.4.125 2018/03/31\n");
62++ printk(KERN_INFO "Hook version: 4.4.126 2018/04/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.4.125.orig/include/linux/init_task.h
67-+++ linux-4.4.125/include/linux/init_task.h
66+--- linux-4.4.126.orig/include/linux/init_task.h
67++++ linux-4.4.126/include/linux/init_task.h
6868 @@ -183,6 +183,14 @@ extern struct task_group root_task_group
6969 # define INIT_KASAN(tsk)
7070 #endif
@@ -88,8 +88,8 @@
8888 }
8989
9090
91---- linux-4.4.125.orig/include/linux/sched.h
92-+++ linux-4.4.125/include/linux/sched.h
91+--- linux-4.4.126.orig/include/linux/sched.h
92++++ linux-4.4.126/include/linux/sched.h
9393 @@ -6,6 +6,8 @@
9494 #include <linux/sched/prio.h>
9595
@@ -110,8 +110,8 @@
110110 /* CPU-specific state of this task */
111111 struct thread_struct thread;
112112 /*
113---- linux-4.4.125.orig/include/linux/security.h
114-+++ linux-4.4.125/include/linux/security.h
113+--- linux-4.4.126.orig/include/linux/security.h
114++++ linux-4.4.126/include/linux/security.h
115115 @@ -53,6 +53,7 @@ struct msg_queue;
116116 struct xattr;
117117 struct xfrm_sec_ctx;
@@ -318,8 +318,8 @@
318318 }
319319 #endif /* CONFIG_SECURITY_PATH */
320320
321---- linux-4.4.125.orig/include/net/ip.h
322-+++ linux-4.4.125/include/net/ip.h
321+--- linux-4.4.126.orig/include/net/ip.h
322++++ linux-4.4.126/include/net/ip.h
323323 @@ -225,6 +225,8 @@ void inet_get_local_port_range(struct ne
324324 #ifdef CONFIG_SYSCTL
325325 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -338,8 +338,8 @@
338338 return 0;
339339 }
340340 #endif
341---- linux-4.4.125.orig/kernel/fork.c
342-+++ linux-4.4.125/kernel/fork.c
341+--- linux-4.4.126.orig/kernel/fork.c
342++++ linux-4.4.126/kernel/fork.c
343343 @@ -260,6 +260,7 @@ void __put_task_struct(struct task_struc
344344 delayacct_tsk_free(tsk);
345345 put_signal_struct(tsk->signal);
@@ -366,8 +366,8 @@
366366 bad_fork_cleanup_perf:
367367 perf_event_free_task(p);
368368 bad_fork_cleanup_policy:
369---- linux-4.4.125.orig/kernel/kexec.c
370-+++ linux-4.4.125/kernel/kexec.c
369+--- linux-4.4.126.orig/kernel/kexec.c
370++++ linux-4.4.126/kernel/kexec.c
371371 @@ -17,7 +17,7 @@
372372 #include <linux/syscalls.h>
373373 #include <linux/vmalloc.h>
@@ -386,8 +386,8 @@
386386
387387 /*
388388 * Verify we have a legal set of flags
389---- linux-4.4.125.orig/kernel/module.c
390-+++ linux-4.4.125/kernel/module.c
389+--- linux-4.4.126.orig/kernel/module.c
390++++ linux-4.4.126/kernel/module.c
391391 @@ -61,6 +61,7 @@
392392 #include <linux/bsearch.h>
393393 #include <uapi/linux/module.h>
@@ -414,8 +414,8 @@
414414
415415 return 0;
416416 }
417---- linux-4.4.125.orig/kernel/ptrace.c
418-+++ linux-4.4.125/kernel/ptrace.c
417+--- linux-4.4.126.orig/kernel/ptrace.c
418++++ linux-4.4.126/kernel/ptrace.c
419419 @@ -1085,6 +1085,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
420420 {
421421 struct task_struct *child;
@@ -440,8 +440,8 @@
440440
441441 if (request == PTRACE_TRACEME) {
442442 ret = ptrace_traceme();
443---- linux-4.4.125.orig/kernel/reboot.c
444-+++ linux-4.4.125/kernel/reboot.c
443+--- linux-4.4.126.orig/kernel/reboot.c
444++++ linux-4.4.126/kernel/reboot.c
445445 @@ -16,6 +16,7 @@
446446 #include <linux/syscalls.h>
447447 #include <linux/syscore_ops.h>
@@ -459,8 +459,8 @@
459459
460460 /*
461461 * If pid namespaces are enabled and the current task is in a child
462---- linux-4.4.125.orig/kernel/sched/core.c
463-+++ linux-4.4.125/kernel/sched/core.c
462+--- linux-4.4.126.orig/kernel/sched/core.c
463++++ linux-4.4.126/kernel/sched/core.c
464464 @@ -3549,6 +3549,8 @@ int can_nice(const struct task_struct *p
465465 SYSCALL_DEFINE1(nice, int, increment)
466466 {
@@ -470,8 +470,8 @@
470470
471471 /*
472472 * Setpriority might change our priority at the same moment.
473---- linux-4.4.125.orig/kernel/signal.c
474-+++ linux-4.4.125/kernel/signal.c
473+--- linux-4.4.126.orig/kernel/signal.c
474++++ linux-4.4.126/kernel/signal.c
475475 @@ -2857,6 +2857,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
476476 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
477477 {
@@ -517,8 +517,8 @@
517517
518518 return do_send_specific(tgid, pid, sig, info);
519519 }
520---- linux-4.4.125.orig/kernel/sys.c
521-+++ linux-4.4.125/kernel/sys.c
520+--- linux-4.4.126.orig/kernel/sys.c
521++++ linux-4.4.126/kernel/sys.c
522522 @@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523523
524524 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -548,8 +548,8 @@
548548
549549 down_write(&uts_sem);
550550 errno = -EFAULT;
551---- linux-4.4.125.orig/kernel/time/ntp.c
552-+++ linux-4.4.125/kernel/time/ntp.c
551+--- linux-4.4.126.orig/kernel/time/ntp.c
552++++ linux-4.4.126/kernel/time/ntp.c
553553 @@ -16,6 +16,7 @@
554554 #include <linux/mm.h>
555555 #include <linux/module.h>
@@ -583,8 +583,8 @@
583583
584584 if (txc->modes & ADJ_NANO) {
585585 struct timespec ts;
586---- linux-4.4.125.orig/net/ipv4/raw.c
587-+++ linux-4.4.125/net/ipv4/raw.c
586+--- linux-4.4.126.orig/net/ipv4/raw.c
587++++ linux-4.4.126/net/ipv4/raw.c
588588 @@ -747,6 +747,10 @@ static int raw_recvmsg(struct sock *sk,
589589 skb = skb_recv_datagram(sk, flags, noblock, &err);
590590 if (!skb)
@@ -596,8 +596,8 @@
596596
597597 copied = skb->len;
598598 if (len < copied) {
599---- linux-4.4.125.orig/net/ipv4/udp.c
600-+++ linux-4.4.125/net/ipv4/udp.c
599+--- linux-4.4.126.orig/net/ipv4/udp.c
600++++ linux-4.4.126/net/ipv4/udp.c
601601 @@ -1286,6 +1286,10 @@ try_again:
602602 &peeked, &off, &err);
603603 if (!skb)
@@ -609,8 +609,8 @@
609609
610610 ulen = skb->len - sizeof(struct udphdr);
611611 copied = len;
612---- linux-4.4.125.orig/net/ipv6/raw.c
613-+++ linux-4.4.125/net/ipv6/raw.c
612+--- linux-4.4.126.orig/net/ipv6/raw.c
613++++ linux-4.4.126/net/ipv6/raw.c
614614 @@ -478,6 +478,10 @@ static int rawv6_recvmsg(struct sock *sk
615615 skb = skb_recv_datagram(sk, flags, noblock, &err);
616616 if (!skb)
@@ -622,8 +622,8 @@
622622
623623 copied = skb->len;
624624 if (copied > len) {
625---- linux-4.4.125.orig/net/ipv6/udp.c
626-+++ linux-4.4.125/net/ipv6/udp.c
625+--- linux-4.4.126.orig/net/ipv6/udp.c
626++++ linux-4.4.126/net/ipv6/udp.c
627627 @@ -417,6 +417,10 @@ try_again:
628628 &peeked, &off, &err);
629629 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = skb->len - sizeof(struct udphdr);
637637 copied = len;
638---- linux-4.4.125.orig/net/socket.c
639-+++ linux-4.4.125/net/socket.c
638+--- linux-4.4.126.orig/net/socket.c
639++++ linux-4.4.126/net/socket.c
640640 @@ -1476,6 +1476,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
650650 &len, 2) < 0) {
651---- linux-4.4.125.orig/net/unix/af_unix.c
652-+++ linux-4.4.125/net/unix/af_unix.c
651+--- linux-4.4.126.orig/net/unix/af_unix.c
652++++ linux-4.4.126/net/unix/af_unix.c
653653 @@ -2144,6 +2144,10 @@ static int unix_dgram_recvmsg(struct soc
654654 wake_up_interruptible_sync_poll(&u->peer_wait,
655655 POLLOUT | POLLWRNORM | POLLWRBAND);
@@ -661,8 +661,8 @@
661661 if (msg->msg_name)
662662 unix_copy_addr(msg, skb->sk);
663663
664---- linux-4.4.125.orig/security/Kconfig
665-+++ linux-4.4.125/security/Kconfig
664+--- linux-4.4.126.orig/security/Kconfig
665++++ linux-4.4.126/security/Kconfig
666666 @@ -173,5 +173,7 @@ config DEFAULT_SECURITY
667667 default "apparmor" if DEFAULT_SECURITY_APPARMOR
668668 default "" if DEFAULT_SECURITY_DAC
@@ -671,8 +671,8 @@
671671 +
672672 endmenu
673673
674---- linux-4.4.125.orig/security/Makefile
675-+++ linux-4.4.125/security/Makefile
674+--- linux-4.4.126.orig/security/Makefile
675++++ linux-4.4.126/security/Makefile
676676 @@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
677677 # Object integrity file lists
678678 subdir-$(CONFIG_INTEGRITY) += integrity
--- trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c (revision 6637)
+++ trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c (revision 6638)
@@ -3,7 +3,7 @@
33 *
44 * Copyright (C) 2005-2012 NTT DATA CORPORATION
55 *
6- * Version: 1.8.5+ 2017/02/20
6+ * Version: 1.8.5+ 2018/04/01
77 */
88
99 #include "internal.h"
@@ -2419,7 +2419,7 @@
24192419 struct ccs_domain_info *domain;
24202420 const int idx = ccs_read_lock();
24212421 ccs_policy_loaded = true;
2422- printk(KERN_INFO "CCSecurity: 1.8.5+ 2017/02/20\n");
2422+ printk(KERN_INFO "CCSecurity: 1.8.5+ 2018/04/01\n");
24232423 list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) {
24242424 const u8 profile = domain->profile;
24252425 struct ccs_policy_namespace *ns = domain->ns;
--- trunk/1.8.x/ccs-patch/security/ccsecurity/memory.c (revision 6637)
+++ trunk/1.8.x/ccs-patch/security/ccsecurity/memory.c (revision 6638)
@@ -3,7 +3,7 @@
33 *
44 * Copyright (C) 2005-2012 NTT DATA CORPORATION
55 *
6- * Version: 1.8.5 2015/11/11
6+ * Version: 1.8.5+ 2018/04/01
77 */
88
99 #include "internal.h"
@@ -254,7 +254,8 @@
254254 struct list_head *list = &ccs_task_security_list
255255 [hash_ptr((void *) task, CCS_TASK_SECURITY_HASH_BITS)];
256256 /* Make sure INIT_LIST_HEAD() in ccs_mm_init() takes effect. */
257- while (!list->next);
257+ while (!list->next)
258+ smp_rmb();
258259 rcu_read_lock();
259260 list_for_each_entry_rcu(ptr, list, list) {
260261 if (ptr->task != task)
--- trunk/1.8.x/ccs-patch/security/ccsecurity/permission.c (revision 6637)
+++ trunk/1.8.x/ccs-patch/security/ccsecurity/permission.c (revision 6638)
@@ -3,7 +3,7 @@
33 *
44 * Copyright (C) 2005-2012 NTT DATA CORPORATION
55 *
6- * Version: 1.8.5 2015/11/11
6+ * Version: 1.8.5+ 2018/04/01
77 */
88
99 #include "internal.h"
@@ -3361,6 +3361,7 @@
33613361 int addr_len;
33623362 if (!family || (type != SOCK_STREAM && type != SOCK_SEQPACKET))
33633363 return 0;
3364+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)
33643365 {
33653366 const int error = sock->ops->getname(sock, (struct sockaddr *)
33663367 &addr, &addr_len, 0);
@@ -3367,6 +3368,11 @@
33673368 if (error)
33683369 return error;
33693370 }
3371+#else
3372+ addr_len = sock->ops->getname(sock, (struct sockaddr *) &addr, 0);
3373+ if (addr_len < 0)
3374+ return addr_len;
3375+#endif
33703376 address.protocol = type;
33713377 address.operation = CCS_NETWORK_LISTEN;
33723378 if (family == PF_UNIX)
@@ -3493,6 +3499,7 @@
34933499 int addr_len;
34943500 if (!family || (type != SOCK_STREAM && type != SOCK_SEQPACKET))
34953501 return 0;
3502+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)
34963503 {
34973504 const int error = newsock->ops->getname(newsock,
34983505 (struct sockaddr *)
@@ -3500,6 +3507,12 @@
35003507 if (error)
35013508 return error;
35023509 }
3510+#else
3511+ addr_len = newsock->ops->getname(newsock, (struct sockaddr *) &addr,
3512+ 2);
3513+ if (addr_len < 0)
3514+ return addr_len;
3515+#endif
35033516 address.protocol = type;
35043517 address.operation = CCS_NETWORK_ACCEPT;
35053518 if (family == PF_UNIX)
--- trunk/1.8.x/ccs-patch/specs/build-f19-3.14.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-f19-3.14.sh (revision 6638)
@@ -20,9 +20,9 @@
2020 rpm -ivh kernel-3.14.27-100.fc19.src.rpm || die "Can't install source package."
2121
2222 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
23-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
23+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2424 then
25- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
25+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2626 fi
2727
2828 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -35,7 +35,7 @@
3535 # (Uncomment the '#' and both spaces below to set the buildid.)
3636 #
3737 -# % define buildid .local
38-+%define buildid _tomoyo_1.8.5p1
38++%define buildid _tomoyo_1.8.5p2
3939 ###################################################################
4040
4141 # The buildid can also be specified on the rpmbuild command line
@@ -71,7 +71,7 @@
7171 # END OF PATCH APPLICATIONS
7272
7373 +# TOMOYO Linux
74-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
74++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
7575 +patch -sp1 < patches/ccs-patch-3.14-fedora-19.diff
7676 +
7777 %endif
--- trunk/1.8.x/ccs-patch/specs/build-debian_squeeze.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-debian_squeeze.sh (revision 6638)
@@ -38,9 +38,9 @@
3838 # Download TOMOYO Linux patches.
3939 mkdir -p ~/rpmbuild/SOURCES/
4040 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
41-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
41+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
4242 then
43- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
43+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
4444 fi
4545
4646 # Install kernel source packages.
@@ -52,7 +52,7 @@
5252
5353 # Apply patches and create kernel config.
5454 cd linux-source-2.6.32 || die "Can't chdir to linux-source-2.6.32/ ."
55-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
55+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
5656 patch -p1 < patches/ccs-patch-2.6.32-debian-squeeze.diff || die "Can't apply patch."
5757 cat /boot/config-2.6.32-5-686 config.ccs > .config || die "Can't create config."
5858
--- trunk/1.8.x/ccs-patch/specs/build-ax3-2.6.18.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ax3-2.6.18.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-398.1.AXS3.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/asianux/SOURCES/ || die "Can't chdir to /usr/src/asianux/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -33,7 +33,7 @@
3333 %define rpmversion 2.6.%{sublevel}
3434 # %dist is defined in Asianux VPBS
3535 -%define release %{revision}.1%{dist}
36-+%define release %{revision}.1%{dist}_tomoyo_1.8.5p1
36++%define release %{revision}.1%{dist}_tomoyo_1.8.5p2
3737 %define signmodules 0
3838 %define xen_hv_cset 15502
3939 %define xen_abi_ver 3.1
@@ -61,7 +61,7 @@
6161 # end of Asianux patches
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.18-asianux-3.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-c3-2.4.21.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-c3-2.4.21.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.4.21-63.EL.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -33,7 +33,7 @@
3333 # adding some text to the end of the version number.
3434 #
3535 -%define release 63.EL
36-+%define release 63.EL_tomoyo_1.8.5p1
36++%define release 63.EL_tomoyo_1.8.5p2
3737 %define sublevel 21
3838 %define kversion 2.4.%{sublevel}
3939 # /usr/src/%{kslnk} -> /usr/src/linux-%{KVERREL}
@@ -51,7 +51,7 @@
5151 # END OF PATCH APPLICATIONS
5252
5353 +# TOMOYO Linux
54-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
54++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
5555 +patch -sp1 < patches/ccs-patch-2.4.21-centos-3.diff
5656 +
5757 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-c7-3.10.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-c7-3.10.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-3.10.0-693.21.1.el7.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -33,7 +33,7 @@
3333 Summary: The Linux kernel
3434
3535 -# % define buildid .local
36-+%define buildid _tomoyo_1.8.5p1
36++%define buildid _tomoyo_1.8.5p2
3737
3838 # For a kernel released for public testing, released_kernel should be 1.
3939 # For internal testing builds during development, it should be 0.
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch debrand-rh-i686-cpu.patch
7070
7171 +# TOMOYO Linux
72-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
72++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
7373 +patch -sp1 < patches/ccs-patch-3.10-centos-7.diff
7474 +
7575 # Any further pre-build tree manipulations happen here.
--- trunk/1.8.x/ccs-patch/specs/build-suse12.3-3.7.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-suse12.3-3.7.sh (revision 6638)
@@ -75,9 +75,9 @@
7575 rpm -ivh kernel-default-3.7.10-1.45.1.nosrc.rpm || die "Can't install source package."
7676
7777 cd /usr/src/packages/SOURCES/ || die "Can't chdir to /usr/src/packages/SOURCES/ ."
78-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
78+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
7979 then
80- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
80+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
8181 fi
8282
8383 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -96,7 +96,7 @@
9696 Group: System/Kernel
9797 Version: 3.7.10
9898 -Release: 1.45.1
99-+Release: 1.45.1_tomoyo_1.8.5p1
99++Release: 1.45.1_tomoyo_1.8.5p2
100100 %if 0%{?is_kotd}
101101 %else
102102 %endif
@@ -105,7 +105,7 @@
105105 %_sourcedir/series.conf .. $SYMBOLS
106106
107107 +# TOMOYO Linux
108-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
108++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
109109 +patch -sp1 < patches/ccs-patch-3.7-suse-12.3.diff
110110 +cat config.ccs >> ../config/%cpu_arch_flavor
111111 +
--- trunk/1.8.x/ccs-patch/specs/build-c6-2.6.32.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-c6-2.6.32.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.32-696.23.1.el6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -33,7 +33,7 @@
3333 # by setting the define to ".local" or ".bz123456"
3434 #
3535 -# % define buildid .local
36-+%define buildid _tomoyo_1.8.5p1
36++%define buildid _tomoyo_1.8.5p2
3737
3838 %define distro_build 696.23.1
3939 %define signmodules 1
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch linux-kernel-test.patch
7070
7171 +# TOMOYO Linux
72-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
72++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
7373 +patch -sp1 < patches/ccs-patch-2.6.32-centos-6.diff
7474 +
7575 # Any further pre-build tree manipulations happen here.
--- trunk/1.8.x/ccs-patch/specs/build-c5-2.6.18.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-c5-2.6.18.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-419.el5.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -33,7 +33,7 @@
3333 # by setting the define to ".local" or ".bz123456"
3434 #
3535 -#% define buildid
36-+%define buildid _tomoyo_1.8.5p1
36++%define buildid _tomoyo_1.8.5p2
3737 #
3838 %define sublevel 18
3939 %define stablerev 4
@@ -61,7 +61,7 @@
6161 %endif
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.18-centos-5.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.10.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.10.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.5.0/ || die "Can't chdir to linux-3.5.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.5-ubuntu-12.10.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_10.04.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_10.04.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-2.6.32/ || die "Can't chdir to linux-2.6.32/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-2.6.32-ubuntu-10.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.10.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.10.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.11.0/ || die "Can't chdir to linux-3.11.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.11-ubuntu-13.10.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.04.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.04.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.2.0/ || die "Can't chdir to linux-3.2.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.2-ubuntu-12.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.04.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.04.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.8.0/ || die "Can't chdir to linux-3.8.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.8-ubuntu-13.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_14.04.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_14.04.sh (revision 6638)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.13.0/ || die "Can't chdir to linux-3.13.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.13-ubuntu-14.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-vl6-4.4.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-vl6-4.4.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-4.4.110-2vl6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpm/SOURCES/ || die "Can't chdir to ~/rpm/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -33,7 +33,7 @@
3333 %define kversion 4.%{sublevel}
3434 %define rpmversion 4.%{sublevel}.%{patchlevel}
3535 -%define release 2%{?_dist_release}
36-+%define release 2%{?_dist_release}_tomoyo_1.8.5p1
36++%define release 2%{?_dist_release}_tomoyo_1.8.5p2
3737
3838 %define make_target bzImage
3939 %define hdrarch %_target_cpu
@@ -61,7 +61,7 @@
6161 # END OF PATCH APPLICATIONS
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
6565 +patch -sp1 < patches/ccs-patch-4.4-vine-linux-6.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-debian_wheezy.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-debian_wheezy.sh (revision 6638)
@@ -23,10 +23,10 @@
2323 # Download TOMOYO Linux patches.
2424 mkdir -p ~/rpmbuild/SOURCES/
2525 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
26-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
26+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2727 then
2828 apt-get -y install wget
29- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
29+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
3030 fi
3131
3232 # Install kernel source packages.
@@ -38,7 +38,7 @@
3838
3939 # Apply patches and create kernel config.
4040 cd linux-source-3.2 || die "Can't chdir to linux-source-3.2/ ."
41-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180212.tar.gz || die "Can't extract patch."
41+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180401.tar.gz || die "Can't extract patch."
4242 patch -p1 < patches/ccs-patch-3.2-debian-wheezy.diff || die "Can't apply patch."
4343 cat /boot/config-3.2.0-$ABI_VERSION-$ORIGINAL_FLAVOUR config.ccs > .config || die "Can't create config."
4444 sed -i -e 's/SUBLEVEL = .*/SUBLEVEL = 0/' Makefile || die "Can't edit Makefile"
--- trunk/1.8.x/ccs-patch/specs/build-f20-3.19.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-f20-3.19.sh (revision 6638)
@@ -20,9 +20,9 @@
2020 rpm -ivh kernel-3.19.8-100.fc20.src.rpm || die "Can't install source package."
2121
2222 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
23-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
23+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2424 then
25- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
25+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2626 fi
2727
2828 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -35,7 +35,7 @@
3535 # (Uncomment the '#' and both spaces below to set the buildid.)
3636 #
3737 -# % define buildid .local
38-+%define buildid _tomoyo_1.8.5p1
38++%define buildid _tomoyo_1.8.5p2
3939 ###################################################################
4040
4141 # The buildid can also be specified on the rpmbuild command line
@@ -71,7 +71,7 @@
7171 # END OF PATCH APPLICATIONS
7272
7373 +# TOMOYO Linux
74-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
74++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
7575 +patch -sp1 < patches/ccs-patch-3.19-fedora-20.diff
7676 +
7777 %endif
--- trunk/1.8.x/ccs-patch/specs/build-c4-2.6.9.sh (revision 6637)
+++ trunk/1.8.x/ccs-patch/specs/build-c4-2.6.9.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.9-103.EL.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180212.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180212.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180212.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -33,7 +33,7 @@
3333 # adding some text to the end of the version number.
3434 #
3535 -%define release 103.EL
36-+%define release 103.EL_tomoyo_1.8.5p1
36++%define release 103.EL_tomoyo_1.8.5p2
3737 %define sublevel 9
3838 %define kversion 2.6.%{sublevel}
3939 %define rpmversion 2.6.%{sublevel}
@@ -61,7 +61,7 @@
6161 # END OF PATCH APPLICATIONS
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180212.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.9-centos-4.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- branches/build-f13-2.6.33.sh (revision 6637)
+++ branches/build-f13-2.6.33.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.33.3-85.fc13.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20171111.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20171111.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20171111.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 if [ ! -r ccs-patch-2.6.33-fedora-13-20110614.diff ]
@@ -77,7 +77,7 @@
7777 # END OF PATCH APPLICATIONS
7878
7979 +# TOMOYO Linux
80-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20171111.tar.gz
80++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
8181 +patch -sp1 < %_sourcedir/ccs-patch-2.6.33-fedora-13-20110614.diff
8282 +
8383 %endif
--- branches/build-c53-2.6.18.sh (revision 6637)
+++ branches/build-c53-2.6.18.sh (revision 6638)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-128.7.1.el5.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20171111.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180401.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20171111.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20171111.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180401.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180401.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 if [ ! -r ccs-patch-2.6.18-centos-5.3-20110614.diff ]
@@ -66,7 +66,7 @@
6666 # END OF PATCH APPLICATIONS
6767
6868 +# TOMOYO Linux
69-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20171111.tar.gz
69++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180401.tar.gz
7070 +patch -sp1 < %_sourcedir/ccs-patch-2.6.18-centos-5.3-20110614.diff
7171 +
7272 cp %{SOURCE10} Documentation/
Show on old repository browser