• R/O
  • SSH
  • HTTPS

tomoyo: Commit


Commit MetaInfo

Revision6663 (tree)
Time2018-08-27 19:15:37
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- branches/build-f13-2.6.33.sh (revision 6662)
+++ branches/build-f13-2.6.33.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.33.3-85.fc13.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 if [ ! -r ccs-patch-2.6.33-fedora-13-20110614.diff ]
@@ -77,7 +77,7 @@
7777 # END OF PATCH APPLICATIONS
7878
7979 +# TOMOYO Linux
80-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
80++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
8181 +patch -sp1 < %_sourcedir/ccs-patch-2.6.33-fedora-13-20110614.diff
8282 +
8383 %endif
--- branches/build-c53-2.6.18.sh (revision 6662)
+++ branches/build-c53-2.6.18.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-128.7.1.el5.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 if [ ! -r ccs-patch-2.6.18-centos-5.3-20110614.diff ]
@@ -66,7 +66,7 @@
6666 # END OF PATCH APPLICATIONS
6767
6868 +# TOMOYO Linux
69-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
69++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
7070 +patch -sp1 < %_sourcedir/ccs-patch-2.6.18-centos-5.3-20110614.diff
7171 +
7272 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/include/linux/lsm2ccsecurity.h (revision 6662)
+++ trunk/1.8.x/ccs-patch/include/linux/lsm2ccsecurity.h (revision 6663)
@@ -27,7 +27,11 @@
2727 #endif
2828 int ccs_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
2929 int ccs_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
30+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)
31+int ccs_file_open(struct file *file);
32+#else
3033 int ccs_file_open(struct file *file, const struct cred *cred);
34+#endif
3135 int ccs_socket_create(int family, int type, int protocol, int kern);
3236 int ccs_socket_bind(struct socket *sock, struct sockaddr *address,
3337 int addrlen);
@@ -128,10 +132,17 @@
128132 {
129133 return 0;
130134 }
135+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)
136+static inline int ccs_file_open(struct file *file)
137+{
138+ return 0;
139+}
140+#else
131141 static inline int ccs_file_open(struct file *file, const struct cred *cred)
132142 {
133143 return 0;
134144 }
145+#endif
135146 static inline int ccs_socket_create(int family, int type, int protocol,
136147 int kern)
137148 {
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.19.diff (revision 0)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.19.diff (revision 6663)
@@ -0,0 +1,682 @@
1+This is TOMOYO Linux patch for kernel 4.19-rc1.
2+
3+Source code for this patch is https://git.kernel.org/torvalds/t/linux-4.19-rc1.tar.gz
4+---
5+ fs/exec.c | 2 -
6+ fs/open.c | 2 +
7+ fs/proc/version.c | 7 ++++
8+ include/linux/sched.h | 5 +++
9+ include/linux/security.h | 68 ++++++++++++++++++++++++++++------------------
10+ include/net/ip.h | 4 ++
11+ init/init_task.c | 4 ++
12+ kernel/kexec.c | 4 ++
13+ kernel/module.c | 5 +++
14+ kernel/ptrace.c | 10 ++++++
15+ kernel/reboot.c | 3 ++
16+ kernel/sched/core.c | 2 +
17+ kernel/signal.c | 10 ++++++
18+ kernel/sys.c | 8 +++++
19+ kernel/time/timekeeping.c | 8 +++++
20+ net/ipv4/raw.c | 4 ++
21+ net/ipv4/udp.c | 2 +
22+ net/ipv6/raw.c | 4 ++
23+ net/ipv6/udp.c | 2 +
24+ net/socket.c | 4 ++
25+ net/unix/af_unix.c | 5 +++
26+ security/Kconfig | 2 +
27+ security/Makefile | 3 ++
28+ security/security.c | 9 +++++-
29+ 24 files changed, 148 insertions(+), 29 deletions(-)
30+
31+--- linux.orig/fs/exec.c
32++++ linux/fs/exec.c
33+@@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp
34+ old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35+ rcu_read_unlock();
36+
37+- ret = search_binary_handler(bprm);
38++ ret = ccs_search_binary_handler(bprm);
39+ if (ret >= 0) {
40+ audit_bprm(bprm);
41+ trace_sched_process_exec(current, old_pid, bprm);
42+--- linux.orig/fs/open.c
43++++ linux/fs/open.c
44+@@ -1174,6 +1174,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
45+ */
46+ SYSCALL_DEFINE0(vhangup)
47+ {
48++ if (!ccs_capable(CCS_SYS_VHANGUP))
49++ return -EPERM;
50+ if (capable(CAP_SYS_TTY_CONFIG)) {
51+ tty_vhangup_self();
52+ return 0;
53+--- linux.orig/fs/proc/version.c
54++++ linux/fs/proc/version.c
55+@@ -21,3 +21,10 @@ static int __init proc_version_init(void
56+ return 0;
57+ }
58+ fs_initcall(proc_version_init);
59++
60++static int __init ccs_show_version(void)
61++{
62++ printk(KERN_INFO "Hook version: 4.19-rc1 2018/08/27\n");
63++ return 0;
64++}
65++fs_initcall(ccs_show_version);
66+--- linux.orig/include/linux/sched.h
67++++ linux/include/linux/sched.h
68+@@ -34,6 +34,7 @@ struct audit_context;
69+ struct backing_dev_info;
70+ struct bio_list;
71+ struct blk_plug;
72++struct ccs_domain_info;
73+ struct cfs_rq;
74+ struct fs_struct;
75+ struct futex_pi_state;
76+@@ -1191,6 +1192,10 @@ struct task_struct {
77+ /* Used by LSM modules for access restriction: */
78+ void *security;
79+ #endif
80++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
81++ struct ccs_domain_info *ccs_domain_info;
82++ u32 ccs_flags;
83++#endif
84+
85+ /*
86+ * New fields for task_struct should be added above here, so that
87+--- linux.orig/include/linux/security.h
88++++ linux/include/linux/security.h
89+@@ -53,6 +53,7 @@ struct msg_msg;
90+ struct xattr;
91+ struct xfrm_sec_ctx;
92+ struct mm_struct;
93++#include <linux/ccsecurity.h>
94+
95+ /* If capable should audit the security request */
96+ #define SECURITY_CAP_NOAUDIT 0
97+@@ -521,7 +522,10 @@ static inline int security_syslog(int ty
98+ static inline int security_settime64(const struct timespec64 *ts,
99+ const struct timezone *tz)
100+ {
101+- return cap_settime(ts, tz);
102++ int error = cap_settime(ts, tz);
103++ if (!error)
104++ error = ccs_settime(ts, tz);
105++ return error;
106+ }
107+
108+ static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
109+@@ -585,18 +589,18 @@ static inline int security_sb_mount(cons
110+ const char *type, unsigned long flags,
111+ void *data)
112+ {
113+- return 0;
114++ return ccs_sb_mount(dev_name, path, type, flags, data);
115+ }
116+
117+ static inline int security_sb_umount(struct vfsmount *mnt, int flags)
118+ {
119+- return 0;
120++ return ccs_sb_umount(mnt, flags);
121+ }
122+
123+ static inline int security_sb_pivotroot(const struct path *old_path,
124+ const struct path *new_path)
125+ {
126+- return 0;
127++ return ccs_sb_pivotroot(old_path, new_path);
128+ }
129+
130+ static inline int security_sb_set_mnt_opts(struct super_block *sb,
131+@@ -745,7 +749,7 @@ static inline int security_inode_setattr
132+
133+ static inline int security_inode_getattr(const struct path *path)
134+ {
135+- return 0;
136++ return ccs_inode_getattr(path);
137+ }
138+
139+ static inline int security_inode_setxattr(struct dentry *dentry,
140+@@ -831,7 +835,7 @@ static inline void security_file_free(st
141+ static inline int security_file_ioctl(struct file *file, unsigned int cmd,
142+ unsigned long arg)
143+ {
144+- return 0;
145++ return ccs_file_ioctl(file, cmd, arg);
146+ }
147+
148+ static inline int security_mmap_file(struct file *file, unsigned long prot,
149+@@ -860,7 +864,7 @@ static inline int security_file_lock(str
150+ static inline int security_file_fcntl(struct file *file, unsigned int cmd,
151+ unsigned long arg)
152+ {
153+- return 0;
154++ return ccs_file_fcntl(file, cmd, arg);
155+ }
156+
157+ static inline void security_file_set_fowner(struct file *file)
158+@@ -882,17 +886,19 @@ static inline int security_file_receive(
159+
160+ static inline int security_file_open(struct file *file)
161+ {
162+- return 0;
163++ return ccs_file_open(file);
164+ }
165+
166+ static inline int security_task_alloc(struct task_struct *task,
167+ unsigned long clone_flags)
168+ {
169+- return 0;
170++ return ccs_alloc_task_security(task);
171+ }
172+
173+ static inline void security_task_free(struct task_struct *task)
174+-{ }
175++{
176++ ccs_free_task_security(task);
177++}
178+
179+ static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
180+ {
181+@@ -1264,7 +1270,7 @@ static inline int security_unix_may_send
182+ static inline int security_socket_create(int family, int type,
183+ int protocol, int kern)
184+ {
185+- return 0;
186++ return ccs_socket_create(family, type, protocol, kern);
187+ }
188+
189+ static inline int security_socket_post_create(struct socket *sock,
190+@@ -1285,19 +1291,19 @@ static inline int security_socket_bind(s
191+ struct sockaddr *address,
192+ int addrlen)
193+ {
194+- return 0;
195++ return ccs_socket_bind(sock, address, addrlen);
196+ }
197+
198+ static inline int security_socket_connect(struct socket *sock,
199+ struct sockaddr *address,
200+ int addrlen)
201+ {
202+- return 0;
203++ return ccs_socket_connect(sock, address, addrlen);
204+ }
205+
206+ static inline int security_socket_listen(struct socket *sock, int backlog)
207+ {
208+- return 0;
209++ return ccs_socket_listen(sock, backlog);
210+ }
211+
212+ static inline int security_socket_accept(struct socket *sock,
213+@@ -1309,7 +1315,7 @@ static inline int security_socket_accept
214+ static inline int security_socket_sendmsg(struct socket *sock,
215+ struct msghdr *msg, int size)
216+ {
217+- return 0;
218++ return ccs_socket_sendmsg(sock, msg, size);
219+ }
220+
221+ static inline int security_socket_recvmsg(struct socket *sock,
222+@@ -1596,42 +1602,42 @@ int security_path_chroot(const struct pa
223+ #else /* CONFIG_SECURITY_PATH */
224+ static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
225+ {
226+- return 0;
227++ return ccs_path_unlink(dir, dentry);
228+ }
229+
230+ static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
231+ umode_t mode)
232+ {
233+- return 0;
234++ return ccs_path_mkdir(dir, dentry, mode);
235+ }
236+
237+ static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
238+ {
239+- return 0;
240++ return ccs_path_rmdir(dir, dentry);
241+ }
242+
243+ static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
244+ umode_t mode, unsigned int dev)
245+ {
246+- return 0;
247++ return ccs_path_mknod(dir, dentry, mode, dev);
248+ }
249+
250+ static inline int security_path_truncate(const struct path *path)
251+ {
252+- return 0;
253++ return ccs_path_truncate(path);
254+ }
255+
256+ static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
257+ const char *old_name)
258+ {
259+- return 0;
260++ return ccs_path_symlink(dir, dentry, old_name);
261+ }
262+
263+ static inline int security_path_link(struct dentry *old_dentry,
264+ const struct path *new_dir,
265+ struct dentry *new_dentry)
266+ {
267+- return 0;
268++ return ccs_path_link(old_dentry, new_dir, new_dentry);
269+ }
270+
271+ static inline int security_path_rename(const struct path *old_dir,
272+@@ -1640,22 +1646,32 @@ static inline int security_path_rename(c
273+ struct dentry *new_dentry,
274+ unsigned int flags)
275+ {
276+- return 0;
277++ /*
278++ * Not using RENAME_EXCHANGE here in order to avoid KABI breakage
279++ * by doing "#include <uapi/linux/fs.h>" .
280++ */
281++ if (flags & (1 << 1)) {
282++ int err = ccs_path_rename(new_dir, new_dentry, old_dir,
283++ old_dentry);
284++ if (err)
285++ return err;
286++ }
287++ return ccs_path_rename(old_dir, old_dentry, new_dir, new_dentry);
288+ }
289+
290+ static inline int security_path_chmod(const struct path *path, umode_t mode)
291+ {
292+- return 0;
293++ return ccs_path_chmod(path, mode);
294+ }
295+
296+ static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
297+ {
298+- return 0;
299++ return ccs_path_chown(path, uid, gid);
300+ }
301+
302+ static inline int security_path_chroot(const struct path *path)
303+ {
304+- return 0;
305++ return ccs_path_chroot(path);
306+ }
307+ #endif /* CONFIG_SECURITY_PATH */
308+
309+--- linux.orig/include/net/ip.h
310++++ linux/include/net/ip.h
311+@@ -301,6 +301,8 @@ void inet_get_local_port_range(struct ne
312+ #ifdef CONFIG_SYSCTL
313+ static inline int inet_is_local_reserved_port(struct net *net, int port)
314+ {
315++ if (ccs_lport_reserved(port))
316++ return 1;
317+ if (!net->ipv4.sysctl_local_reserved_ports)
318+ return 0;
319+ return test_bit(port, net->ipv4.sysctl_local_reserved_ports);
320+@@ -319,6 +321,8 @@ static inline int inet_prot_sock(struct
321+ #else
322+ static inline int inet_is_local_reserved_port(struct net *net, int port)
323+ {
324++ if (ccs_lport_reserved(port))
325++ return 1;
326+ return 0;
327+ }
328+
329+--- linux.orig/init/init_task.c
330++++ linux/init/init_task.c
331+@@ -179,6 +179,10 @@ struct task_struct init_task
332+ #ifdef CONFIG_SECURITY
333+ .security = NULL,
334+ #endif
335++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
336++ .ccs_domain_info = NULL,
337++ .ccs_flags = 0,
338++#endif
339+ };
340+ EXPORT_SYMBOL(init_task);
341+
342+--- linux.orig/kernel/kexec.c
343++++ linux/kernel/kexec.c
344+@@ -18,7 +18,7 @@
345+ #include <linux/syscalls.h>
346+ #include <linux/vmalloc.h>
347+ #include <linux/slab.h>
348+-
349++#include <linux/ccsecurity.h>
350+ #include "kexec_internal.h"
351+
352+ static int copy_user_segment_list(struct kimage *image,
353+@@ -201,6 +201,8 @@ static inline int kexec_load_check(unsig
354+ /* We only trust the superuser with rebooting the system. */
355+ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
356+ return -EPERM;
357++ if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
358++ return -EPERM;
359+
360+ /* Permit LSMs and IMA to fail the kexec */
361+ result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
362+--- linux.orig/kernel/module.c
363++++ linux/kernel/module.c
364+@@ -66,6 +66,7 @@
365+ #include <linux/audit.h>
366+ #include <uapi/linux/module.h>
367+ #include "module-internal.h"
368++#include <linux/ccsecurity.h>
369+
370+ #define CREATE_TRACE_POINTS
371+ #include <trace/events/module.h>
372+@@ -966,6 +967,8 @@ SYSCALL_DEFINE2(delete_module, const cha
373+
374+ if (!capable(CAP_SYS_MODULE) || modules_disabled)
375+ return -EPERM;
376++ if (!ccs_capable(CCS_USE_KERNEL_MODULE))
377++ return -EPERM;
378+
379+ if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
380+ return -EFAULT;
381+@@ -3532,6 +3535,8 @@ static int may_init_module(void)
382+ {
383+ if (!capable(CAP_SYS_MODULE) || modules_disabled)
384+ return -EPERM;
385++ if (!ccs_capable(CCS_USE_KERNEL_MODULE))
386++ return -EPERM;
387+
388+ return 0;
389+ }
390+--- linux.orig/kernel/ptrace.c
391++++ linux/kernel/ptrace.c
392+@@ -1112,6 +1112,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393+ {
394+ struct task_struct *child;
395+ long ret;
396++ {
397++ const int rc = ccs_ptrace_permission(request, pid);
398++ if (rc)
399++ return rc;
400++ }
401+
402+ if (request == PTRACE_TRACEME) {
403+ ret = ptrace_traceme();
404+@@ -1260,6 +1265,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo
405+ {
406+ struct task_struct *child;
407+ long ret;
408++ {
409++ const int rc = ccs_ptrace_permission(request, pid);
410++ if (rc)
411++ return rc;
412++ }
413+
414+ if (request == PTRACE_TRACEME) {
415+ ret = ptrace_traceme();
416+--- linux.orig/kernel/reboot.c
417++++ linux/kernel/reboot.c
418+@@ -16,6 +16,7 @@
419+ #include <linux/syscalls.h>
420+ #include <linux/syscore_ops.h>
421+ #include <linux/uaccess.h>
422++#include <linux/ccsecurity.h>
423+
424+ /*
425+ * this indicates whether you can reboot with ctrl-alt-del: the default is yes
426+@@ -322,6 +323,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
427+ magic2 != LINUX_REBOOT_MAGIC2B &&
428+ magic2 != LINUX_REBOOT_MAGIC2C))
429+ return -EINVAL;
430++ if (!ccs_capable(CCS_SYS_REBOOT))
431++ return -EPERM;
432+
433+ /*
434+ * If pid namespaces are enabled and the current task is in a child
435+--- linux.orig/kernel/sched/core.c
436++++ linux/kernel/sched/core.c
437+@@ -3944,6 +3944,8 @@ int can_nice(const struct task_struct *p
438+ SYSCALL_DEFINE1(nice, int, increment)
439+ {
440+ long nice, retval;
441++ if (!ccs_capable(CCS_SYS_NICE))
442++ return -EPERM;
443+
444+ /*
445+ * Setpriority might change our priority at the same moment.
446+--- linux.orig/kernel/signal.c
447++++ linux/kernel/signal.c
448+@@ -3210,6 +3210,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
449+ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
450+ {
451+ struct siginfo info;
452++ if (ccs_kill_permission(pid, sig))
453++ return -EPERM;
454+
455+ clear_siginfo(&info);
456+ info.si_signo = sig;
457+@@ -3280,6 +3282,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
458+ /* This is only valid for single tasks */
459+ if (pid <= 0 || tgid <= 0)
460+ return -EINVAL;
461++ if (ccs_tgkill_permission(tgid, pid, sig))
462++ return -EPERM;
463+
464+ return do_tkill(tgid, pid, sig);
465+ }
466+@@ -3296,6 +3300,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
467+ /* This is only valid for single tasks */
468+ if (pid <= 0)
469+ return -EINVAL;
470++ if (ccs_tkill_permission(pid, sig))
471++ return -EPERM;
472+
473+ return do_tkill(0, pid, sig);
474+ }
475+@@ -3310,6 +3316,8 @@ static int do_rt_sigqueueinfo(pid_t pid,
476+ return -EPERM;
477+
478+ info->si_signo = sig;
479++ if (ccs_sigqueue_permission(pid, sig))
480++ return -EPERM;
481+
482+ /* POSIX.1b doesn't mention process groups. */
483+ return kill_proc_info(sig, info, pid);
484+@@ -3358,6 +3366,8 @@ static int do_rt_tgsigqueueinfo(pid_t tg
485+ return -EPERM;
486+
487+ info->si_signo = sig;
488++ if (ccs_tgsigqueue_permission(tgid, pid, sig))
489++ return -EPERM;
490+
491+ return do_send_specific(tgid, pid, sig, info);
492+ }
493+--- linux.orig/kernel/sys.c
494++++ linux/kernel/sys.c
495+@@ -204,6 +204,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496+
497+ if (which > PRIO_USER || which < PRIO_PROCESS)
498+ goto out;
499++ if (!ccs_capable(CCS_SYS_NICE)) {
500++ error = -EPERM;
501++ goto out;
502++ }
503+
504+ /* normalize: avoid signed division (rounding problems) */
505+ error = -ESRCH;
506+@@ -1311,6 +1315,8 @@ SYSCALL_DEFINE2(sethostname, char __user
507+
508+ if (len < 0 || len > __NEW_UTS_LEN)
509+ return -EINVAL;
510++ if (!ccs_capable(CCS_SYS_SETHOSTNAME))
511++ return -EPERM;
512+ errno = -EFAULT;
513+ if (!copy_from_user(tmp, name, len)) {
514+ struct new_utsname *u;
515+@@ -1363,6 +1369,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
516+ return -EPERM;
517+ if (len < 0 || len > __NEW_UTS_LEN)
518+ return -EINVAL;
519++ if (!ccs_capable(CCS_SYS_SETHOSTNAME))
520++ return -EPERM;
521+
522+ errno = -EFAULT;
523+ if (!copy_from_user(tmp, name, len)) {
524+--- linux.orig/kernel/time/timekeeping.c
525++++ linux/kernel/time/timekeeping.c
526+@@ -26,6 +26,7 @@
527+ #include <linux/stop_machine.h>
528+ #include <linux/pvclock_gtod.h>
529+ #include <linux/compiler.h>
530++#include <linux/ccsecurity.h>
531+
532+ #include "tick-internal.h"
533+ #include "ntp_internal.h"
534+@@ -2278,10 +2279,15 @@ static int timekeeping_validate_timex(co
535+ if (!(txc->modes & ADJ_OFFSET_READONLY) &&
536+ !capable(CAP_SYS_TIME))
537+ return -EPERM;
538++ if (!(txc->modes & ADJ_OFFSET_READONLY) &&
539++ !ccs_capable(CCS_SYS_SETTIME))
540++ return -EPERM;
541+ } else {
542+ /* In order to modify anything, you gotta be super-user! */
543+ if (txc->modes && !capable(CAP_SYS_TIME))
544+ return -EPERM;
545++ if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
546++ return -EPERM;
547+ /*
548+ * if the quartz is off by more than 10% then
549+ * something is VERY wrong!
550+@@ -2296,6 +2302,8 @@ static int timekeeping_validate_timex(co
551+ /* In order to inject time, you gotta be super-user! */
552+ if (!capable(CAP_SYS_TIME))
553+ return -EPERM;
554++ if (!ccs_capable(CCS_SYS_SETTIME))
555++ return -EPERM;
556+
557+ /*
558+ * Validate if a timespec/timeval used to inject a time
559+--- linux.orig/net/ipv4/raw.c
560++++ linux/net/ipv4/raw.c
561+@@ -772,6 +772,10 @@ static int raw_recvmsg(struct sock *sk,
562+ skb = skb_recv_datagram(sk, flags, noblock, &err);
563+ if (!skb)
564+ goto out;
565++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
566++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
567++ goto out;
568++ }
569+
570+ copied = skb->len;
571+ if (len < copied) {
572+--- linux.orig/net/ipv4/udp.c
573++++ linux/net/ipv4/udp.c
574+@@ -1655,6 +1655,8 @@ try_again:
575+ skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576+ if (!skb)
577+ return err;
578++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags))
579++ return -EAGAIN; /* Hope less harmful than -EPERM. */
580+
581+ ulen = udp_skb_len(skb);
582+ copied = len;
583+--- linux.orig/net/ipv6/raw.c
584++++ linux/net/ipv6/raw.c
585+@@ -483,6 +483,10 @@ static int rawv6_recvmsg(struct sock *sk
586+ skb = skb_recv_datagram(sk, flags, noblock, &err);
587+ if (!skb)
588+ goto out;
589++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
590++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
591++ goto out;
592++ }
593+
594+ copied = skb->len;
595+ if (copied > len) {
596+--- linux.orig/net/ipv6/udp.c
597++++ linux/net/ipv6/udp.c
598+@@ -343,6 +343,8 @@ try_again:
599+ skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600+ if (!skb)
601+ return err;
602++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags))
603++ return -EAGAIN; /* Hope less harmful than -EPERM. */
604+
605+ ulen = udp6_skb_len(skb);
606+ copied = len;
607+--- linux.orig/net/socket.c
608++++ linux/net/socket.c
609+@@ -1589,6 +1589,10 @@ int __sys_accept4(int fd, struct sockadd
610+ if (err < 0)
611+ goto out_fd;
612+
613++ if (ccs_socket_post_accept_permission(sock, newsock)) {
614++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
615++ goto out_fd;
616++ }
617+ if (upeer_sockaddr) {
618+ len = newsock->ops->getname(newsock,
619+ (struct sockaddr *)&address, 2);
620+--- linux.orig/net/unix/af_unix.c
621++++ linux/net/unix/af_unix.c
622+@@ -2127,6 +2127,10 @@ static int unix_dgram_recvmsg(struct soc
623+ EPOLLOUT | EPOLLWRNORM |
624+ EPOLLWRBAND);
625+
626++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
627++ err = -EAGAIN; /* Hope less harmful than -EPERM. */
628++ goto out_unlock;
629++ }
630+ if (msg->msg_name)
631+ unix_copy_addr(msg, skb->sk);
632+
633+@@ -2177,6 +2181,7 @@ static int unix_dgram_recvmsg(struct soc
634+
635+ out_free:
636+ skb_free_datagram(sk, skb);
637++out_unlock:
638+ mutex_unlock(&u->iolock);
639+ out:
640+ return err;
641+--- linux.orig/security/Kconfig
642++++ linux/security/Kconfig
643+@@ -276,5 +276,7 @@ config DEFAULT_SECURITY
644+ default "apparmor" if DEFAULT_SECURITY_APPARMOR
645+ default "" if DEFAULT_SECURITY_DAC
646+
647++source security/ccsecurity/Kconfig
648++
649+ endmenu
650+
651+--- linux.orig/security/Makefile
652++++ linux/security/Makefile
653+@@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
654+ # Object integrity file lists
655+ subdir-$(CONFIG_INTEGRITY) += integrity
656+ obj-$(CONFIG_INTEGRITY) += integrity/
657++
658++subdir-$(CONFIG_CCSECURITY) += ccsecurity
659++obj-$(CONFIG_CCSECURITY) += ccsecurity/
660+--- linux.orig/security/security.c
661++++ linux/security/security.c
662+@@ -988,12 +988,19 @@ int security_file_open(struct file *file
663+
664+ int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
665+ {
666+- return call_int_hook(task_alloc, 0, task, clone_flags);
667++ int ret = ccs_alloc_task_security(task);
668++ if (ret)
669++ return ret;
670++ ret = call_int_hook(task_alloc, 0, task, clone_flags);
671++ if (ret)
672++ ccs_free_task_security(task);
673++ return ret;
674+ }
675+
676+ void security_task_free(struct task_struct *task)
677+ {
678+ call_void_hook(task_free, task);
679++ ccs_free_task_security(task);
680+ }
681+
682+ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
--- trunk/1.8.x/ccs-patch/security/ccsecurity/lsm2ccsecurity.c (revision 6662)
+++ trunk/1.8.x/ccs-patch/security/ccsecurity/lsm2ccsecurity.c (revision 6663)
@@ -37,10 +37,17 @@
3737 return ccs_fcntl_permission(file, cmd, arg);
3838 }
3939
40+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)
41+int ccs_file_open(struct file *file)
42+{
43+ return ccs_open_permission(file);
44+}
45+#else
4046 int ccs_file_open(struct file *file, const struct cred *cred)
4147 {
4248 return ccs_open_permission(file);
4349 }
50+#endif
4451
4552 int ccs_socket_create(int family, int type, int protocol, int kern)
4653 {
--- trunk/1.8.x/ccs-patch/specs/build-debian_wheezy.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-debian_wheezy.sh (revision 6663)
@@ -23,10 +23,10 @@
2323 # Download TOMOYO Linux patches.
2424 mkdir -p ~/rpmbuild/SOURCES/
2525 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
26-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
26+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2727 then
2828 apt-get -y install wget
29- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
29+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3030 fi
3131
3232 # Install kernel source packages.
@@ -38,7 +38,7 @@
3838
3939 # Apply patches and create kernel config.
4040 cd linux-source-3.2 || die "Can't chdir to linux-source-3.2/ ."
41-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
41+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4242 patch -p1 < patches/ccs-patch-3.2-debian-wheezy.diff || die "Can't apply patch."
4343 cat /boot/config-3.2.0-$ABI_VERSION-$ORIGINAL_FLAVOUR config.ccs > .config || die "Can't create config."
4444 sed -i -e 's/SUBLEVEL = .*/SUBLEVEL = 0/' Makefile || die "Can't edit Makefile"
--- trunk/1.8.x/ccs-patch/specs/build-f20-3.19.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-f20-3.19.sh (revision 6663)
@@ -20,9 +20,9 @@
2020 rpm -ivh kernel-3.19.8-100.fc20.src.rpm || die "Can't install source package."
2121
2222 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
23-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
23+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2424 then
25- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
25+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2626 fi
2727
2828 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -71,7 +71,7 @@
7171 # END OF PATCH APPLICATIONS
7272
7373 +# TOMOYO Linux
74-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
74++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
7575 +patch -sp1 < patches/ccs-patch-3.19-fedora-20.diff
7676 +
7777 %endif
--- trunk/1.8.x/ccs-patch/specs/build-c4-2.6.9.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-c4-2.6.9.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.9-103.EL.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -61,7 +61,7 @@
6161 # END OF PATCH APPLICATIONS
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.9-centos-4.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-f19-3.14.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-f19-3.14.sh (revision 6663)
@@ -20,9 +20,9 @@
2020 rpm -ivh kernel-3.14.27-100.fc19.src.rpm || die "Can't install source package."
2121
2222 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
23-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
23+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2424 then
25- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
25+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2626 fi
2727
2828 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -71,7 +71,7 @@
7171 # END OF PATCH APPLICATIONS
7272
7373 +# TOMOYO Linux
74-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
74++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
7575 +patch -sp1 < patches/ccs-patch-3.14-fedora-19.diff
7676 +
7777 %endif
--- trunk/1.8.x/ccs-patch/specs/build-debian_squeeze.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-debian_squeeze.sh (revision 6663)
@@ -38,9 +38,9 @@
3838 # Download TOMOYO Linux patches.
3939 mkdir -p ~/rpmbuild/SOURCES/
4040 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
41-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
41+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
4242 then
43- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
43+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
4444 fi
4545
4646 # Install kernel source packages.
@@ -52,7 +52,7 @@
5252
5353 # Apply patches and create kernel config.
5454 cd linux-source-2.6.32 || die "Can't chdir to linux-source-2.6.32/ ."
55-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
55+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
5656 patch -p1 < patches/ccs-patch-2.6.32-debian-squeeze.diff || die "Can't apply patch."
5757 cat /boot/config-2.6.32-5-686 config.ccs > .config || die "Can't create config."
5858
--- trunk/1.8.x/ccs-patch/specs/build-ax3-2.6.18.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ax3-2.6.18.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-398.1.AXS3.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/asianux/SOURCES/ || die "Can't chdir to /usr/src/asianux/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -61,7 +61,7 @@
6161 # end of Asianux patches
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.18-asianux-3.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-c3-2.4.21.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-c3-2.4.21.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.4.21-63.EL.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -51,7 +51,7 @@
5151 # END OF PATCH APPLICATIONS
5252
5353 +# TOMOYO Linux
54-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
54++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
5555 +patch -sp1 < patches/ccs-patch-2.4.21-centos-3.diff
5656 +
5757 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-c7-3.10.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-c7-3.10.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-3.10.0-862.11.6.el7.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch debrand-rh-i686-cpu.patch
7070
7171 +# TOMOYO Linux
72-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
72++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
7373 +patch -sp1 < patches/ccs-patch-3.10-centos-7.diff
7474 +
7575 # Any further pre-build tree manipulations happen here.
--- trunk/1.8.x/ccs-patch/specs/build-suse12.3-3.7.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-suse12.3-3.7.sh (revision 6663)
@@ -75,9 +75,9 @@
7575 rpm -ivh kernel-default-3.7.10-1.45.1.nosrc.rpm || die "Can't install source package."
7676
7777 cd /usr/src/packages/SOURCES/ || die "Can't chdir to /usr/src/packages/SOURCES/ ."
78-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
78+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
7979 then
80- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
80+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
8181 fi
8282
8383 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -105,7 +105,7 @@
105105 %_sourcedir/series.conf .. $SYMBOLS
106106
107107 +# TOMOYO Linux
108-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
108++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
109109 +patch -sp1 < patches/ccs-patch-3.7-suse-12.3.diff
110110 +cat config.ccs >> ../config/%cpu_arch_flavor
111111 +
--- trunk/1.8.x/ccs-patch/specs/build-c6-2.6.32.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-c6-2.6.32.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.32-754.3.5.el6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ."
@@ -69,7 +69,7 @@
6969 ApplyOptionalPatch linux-kernel-test.patch
7070
7171 +# TOMOYO Linux
72-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
72++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
7373 +patch -sp1 < patches/ccs-patch-2.6.32-centos-6.diff
7474 +
7575 # Any further pre-build tree manipulations happen here.
--- trunk/1.8.x/ccs-patch/specs/build-c5-2.6.18.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-c5-2.6.18.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-2.6.18-419.el5.src.rpm || die "Can't install source package."
1919
2020 cd /usr/src/redhat/SOURCES/ || die "Can't chdir to /usr/src/redhat/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -61,7 +61,7 @@
6161 %endif
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
6565 +patch -sp1 < patches/ccs-patch-2.6.18-centos-5.diff
6666 +
6767 cp %{SOURCE10} Documentation/
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.10.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.10.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.5.0/ || die "Can't chdir to linux-3.5.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.5-ubuntu-12.10.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_10.04.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_10.04.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-2.6.32/ || die "Can't chdir to linux-2.6.32/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-2.6.32-ubuntu-10.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.10.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.10.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.11.0/ || die "Can't chdir to linux-3.11.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.11-ubuntu-13.10.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.04.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_12.04.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.2.0/ || die "Can't chdir to linux-3.2.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.2-ubuntu-12.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.04.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_13.04.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.8.0/ || die "Can't chdir to linux-3.8.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.8-ubuntu-13.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-ubuntu_14.04.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-ubuntu_14.04.sh (revision 6663)
@@ -29,9 +29,9 @@
2929 # Download TOMOYO Linux patches.
3030 mkdir -p ~/rpmbuild/SOURCES/
3131 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
32-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
32+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
3333 then
34- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
34+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
3535 fi
3636
3737 # Install kernel source packages.
@@ -44,7 +44,7 @@
4444 # Apply patches and create kernel config.
4545 cd linux-3.13.0/ || die "Can't chdir to linux-3.13.0/ ."
4646 update_maintainer
47-tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180714.tar.gz || die "Can't extract patch."
47+tar -zxf ~/rpmbuild/SOURCES/ccs-patch-1.8.5-20180827.tar.gz || die "Can't extract patch."
4848 patch -p1 < patches/ccs-patch-3.13-ubuntu-14.04.diff || die "Can't apply patch."
4949 rm -fR patches/ specs/ || die "Can't delete patch."
5050 for i in `find debian.master/ -type f -name '*'${ORIGINAL_FLAVOUR}'*'`; do cp -p $i `echo $i | sed -e 's/'${ORIGINAL_FLAVOUR}'/'${NEW_FLAVOUR}'/g'`; done
--- trunk/1.8.x/ccs-patch/specs/build-vl6-4.4.sh (revision 6662)
+++ trunk/1.8.x/ccs-patch/specs/build-vl6-4.4.sh (revision 6663)
@@ -18,9 +18,9 @@
1818 rpm -ivh kernel-4.4.110-2vl6.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpm/SOURCES/ || die "Can't chdir to ~/rpm/SOURCES/ ."
21-if [ ! -r ccs-patch-1.8.5-20180714.tar.gz ]
21+if [ ! -r ccs-patch-1.8.5-20180827.tar.gz ]
2222 then
23- wget -O ccs-patch-1.8.5-20180714.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180714.tar.gz' || die "Can't download patch."
23+ wget -O ccs-patch-1.8.5-20180827.tar.gz 'http://osdn.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.5-20180827.tar.gz' || die "Can't download patch."
2424 fi
2525
2626 cd /tmp/ || die "Can't chdir to /tmp/ ."
@@ -61,7 +61,7 @@
6161 # END OF PATCH APPLICATIONS
6262
6363 +# TOMOYO Linux
64-+tar -zxf %_sourcedir/ccs-patch-1.8.5-20180714.tar.gz
64++tar -zxf %_sourcedir/ccs-patch-1.8.5-20180827.tar.gz
6565 +patch -sp1 < patches/ccs-patch-4.4-vine-linux-6.diff
6666 +
6767 cp %{SOURCE10} Documentation/
Show on old repository browser