OSDN > Find Software > System > Operating System Kernels > Linux > TOMOYO > SCM > SVN > Commit

TOMOYO
Fork

R/O
SSH
HTTPS

tomoyo: Commit

Commit MetaInfo

Revision	6837 (tree)
Time	2020-11-01 19:47:27
Author	kumaneko

Log Message

(empty log message)

Change Summary

modified: trunk/1.8.x/ccs-patch/patches/ccs-patch-4.18-centos-8.diff (diff)
modified: trunk/1.8.x/ccs-patch/specs/build-c8-4.18.sh (diff)

Incremental Difference

--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.18-centos-8.diff (revision 6836)

+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.18-centos-8.diff (revision 6837)

		@@ -1,6 +1,6 @@
1	1	This is TOMOYO Linux patch for CentOS 8.
2	2
3		-Source code for this patch is http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.19.1.el8_2.src.rpm
	3	+Source code for this patch is http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.28.1.el8_2.src.rpm
4	4	---
5	5	fs/exec.c \| 2 -
6	6	fs/open.c \| 2 +

		@@ -28,8 +28,8 @@
28	28	security/security.c \| 9 +++++-
29	29	24 files changed, 148 insertions(+), 29 deletions(-)
30	30
31		---- linux-4.18.0-193.19.1.el8.orig/fs/exec.c
32		-+++ linux-4.18.0-193.19.1.el8/fs/exec.c
	31	+--- linux-4.18.0-193.28.1.el8.orig/fs/exec.c
	32	++++ linux-4.18.0-193.28.1.el8/fs/exec.c
33	33	@@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp
34	34	old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35	35	rcu_read_unlock();

		@@ -39,8 +39,8 @@
39	39	if (ret >= 0) {
40	40	audit_bprm(bprm);
41	41	trace_sched_process_exec(current, old_pid, bprm);
42		---- linux-4.18.0-193.19.1.el8.orig/fs/open.c
43		-+++ linux-4.18.0-193.19.1.el8/fs/open.c
	42	+--- linux-4.18.0-193.28.1.el8.orig/fs/open.c
	43	++++ linux-4.18.0-193.28.1.el8/fs/open.c
44	44	@@ -1180,6 +1180,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
45	45	*/
46	46	SYSCALL_DEFINE0(vhangup)

		@@ -50,8 +50,8 @@
50	50	if (capable(CAP_SYS_TTY_CONFIG)) {
51	51	tty_vhangup_self();
52	52	return 0;
53		---- linux-4.18.0-193.19.1.el8.orig/fs/proc/version.c
54		-+++ linux-4.18.0-193.19.1.el8/fs/proc/version.c
	53	+--- linux-4.18.0-193.28.1.el8.orig/fs/proc/version.c
	54	++++ linux-4.18.0-193.28.1.el8/fs/proc/version.c
55	55	@@ -21,3 +21,10 @@ static int __init proc_version_init(void
56	56	return 0;
57	57	}

		@@ -59,12 +59,12 @@
59	59	+
60	60	+static int __init ccs_show_version(void)
61	61	+{
62		-+ printk(KERN_INFO "Hook version: 4.18.0-193.19.1.el8_2 2020/09/18\n");
	62	++ printk(KERN_INFO "Hook version: 4.18.0-193.28.1.el8_2 2020/11/01\n");
63	63	+ return 0;
64	64	+}
65	65	+fs_initcall(ccs_show_version);
66		---- linux-4.18.0-193.19.1.el8.orig/include/linux/sched.h
67		-+++ linux-4.18.0-193.19.1.el8/include/linux/sched.h
	66	+--- linux-4.18.0-193.28.1.el8.orig/include/linux/sched.h
	67	++++ linux-4.18.0-193.28.1.el8/include/linux/sched.h
68	68	@@ -35,6 +35,7 @@ struct audit_context;
69	69	struct backing_dev_info;
70	70	struct bio_list;

		@@ -84,8 +84,8 @@
84	84
85	85	/*
86	86	* New fields for task_struct should be added above here, so that
87		---- linux-4.18.0-193.19.1.el8.orig/include/linux/security.h
88		-+++ linux-4.18.0-193.19.1.el8/include/linux/security.h
	87	+--- linux-4.18.0-193.28.1.el8.orig/include/linux/security.h
	88	++++ linux-4.18.0-193.28.1.el8/include/linux/security.h
89	89	@@ -54,6 +54,7 @@ struct xattr;
90	90	struct kernfs_node;
91	91	struct xfrm_sec_ctx;

		@@ -306,8 +306,8 @@
306	306	}
307	307	#endif /* CONFIG_SECURITY_PATH */
308	308
309		---- linux-4.18.0-193.19.1.el8.orig/include/net/ip.h
310		-+++ linux-4.18.0-193.19.1.el8/include/net/ip.h
	309	+--- linux-4.18.0-193.28.1.el8.orig/include/net/ip.h
	310	++++ linux-4.18.0-193.28.1.el8/include/net/ip.h
311	311	@@ -285,6 +285,8 @@ void inet_get_local_port_range(struct ne
312	312	#ifdef CONFIG_SYSCTL
313	313	static inline int inet_is_local_reserved_port(struct net *net, int port)

		@@ -326,8 +326,8 @@
326	326	return 0;
327	327	}
328	328
329		---- linux-4.18.0-193.19.1.el8.orig/init/init_task.c
330		-+++ linux-4.18.0-193.19.1.el8/init/init_task.c
	329	+--- linux-4.18.0-193.28.1.el8.orig/init/init_task.c
	330	++++ linux-4.18.0-193.28.1.el8/init/init_task.c
331	331	@@ -183,6 +183,10 @@ struct task_struct init_task
332	332	#ifdef CONFIG_SECURITY
333	333	.security = NULL,

		@@ -339,8 +339,8 @@
339	339	};
340	340	EXPORT_SYMBOL(init_task);
341	341
342		---- linux-4.18.0-193.19.1.el8.orig/kernel/kexec.c
343		-+++ linux-4.18.0-193.19.1.el8/kernel/kexec.c
	342	+--- linux-4.18.0-193.28.1.el8.orig/kernel/kexec.c
	343	++++ linux-4.18.0-193.28.1.el8/kernel/kexec.c
344	344	@@ -17,7 +17,7 @@
345	345	#include <linux/syscalls.h>
346	346	#include <linux/vmalloc.h>

		@@ -359,8 +359,8 @@
359	359
360	360	/*
361	361	* kexec can be used to circumvent module loading restrictions, so
362		---- linux-4.18.0-193.19.1.el8.orig/kernel/module.c
363		-+++ linux-4.18.0-193.19.1.el8/kernel/module.c
	362	+--- linux-4.18.0-193.28.1.el8.orig/kernel/module.c
	363	++++ linux-4.18.0-193.28.1.el8/kernel/module.c
364	364	@@ -66,6 +66,7 @@
365	365	#include <linux/audit.h>
366	366	#include <uapi/linux/module.h>

		@@ -387,8 +387,8 @@
387	387
388	388	return 0;
389	389	}
390		---- linux-4.18.0-193.19.1.el8.orig/kernel/ptrace.c
391		-+++ linux-4.18.0-193.19.1.el8/kernel/ptrace.c
	390	+--- linux-4.18.0-193.28.1.el8.orig/kernel/ptrace.c
	391	++++ linux-4.18.0-193.28.1.el8/kernel/ptrace.c
392	392	@@ -1109,6 +1109,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393	393	{
394	394	struct task_struct *child;

		@@ -413,8 +413,8 @@
413	413
414	414	if (request == PTRACE_TRACEME) {
415	415	ret = ptrace_traceme();
416		---- linux-4.18.0-193.19.1.el8.orig/kernel/reboot.c
417		-+++ linux-4.18.0-193.19.1.el8/kernel/reboot.c
	416	+--- linux-4.18.0-193.28.1.el8.orig/kernel/reboot.c
	417	++++ linux-4.18.0-193.28.1.el8/kernel/reboot.c
418	418	@@ -16,6 +16,7 @@
419	419	#include <linux/syscalls.h>
420	420	#include <linux/syscore_ops.h>

		@@ -432,9 +432,9 @@
432	432
433	433	/*
434	434	* If pid namespaces are enabled and the current task is in a child
435		---- linux-4.18.0-193.19.1.el8.orig/kernel/sched/core.c
436		-+++ linux-4.18.0-193.19.1.el8/kernel/sched/core.c
437		-@@ -3929,6 +3929,8 @@ int can_nice(const struct task_struct *p
	435	+--- linux-4.18.0-193.28.1.el8.orig/kernel/sched/core.c
	436	++++ linux-4.18.0-193.28.1.el8/kernel/sched/core.c
	437	+@@ -3974,6 +3974,8 @@ int can_nice(const struct task_struct *p
438	438	SYSCALL_DEFINE1(nice, int, increment)
439	439	{
440	440	long nice, retval;

		@@ -443,8 +443,8 @@
443	443
444	444	/*
445	445	* Setpriority might change our priority at the same moment.
446		---- linux-4.18.0-193.19.1.el8.orig/kernel/signal.c
447		-+++ linux-4.18.0-193.19.1.el8/kernel/signal.c
	446	+--- linux-4.18.0-193.28.1.el8.orig/kernel/signal.c
	447	++++ linux-4.18.0-193.28.1.el8/kernel/signal.c
448	448	@@ -3497,6 +3497,8 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, s
449	449	{
450	450	struct kernel_siginfo info;

		@@ -490,8 +490,8 @@
490	490	return do_send_specific(tgid, pid, sig, info);
491	491	}
492	492
493		---- linux-4.18.0-193.19.1.el8.orig/kernel/sys.c
494		-+++ linux-4.18.0-193.19.1.el8/kernel/sys.c
	493	+--- linux-4.18.0-193.28.1.el8.orig/kernel/sys.c
	494	++++ linux-4.18.0-193.28.1.el8/kernel/sys.c
495	495	@@ -207,6 +207,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496	496
497	497	if (which > PRIO_USER \|\| which < PRIO_PROCESS)

		@@ -521,8 +521,8 @@
521	521
522	522	down_write(&uts_sem);
523	523	errno = -EFAULT;
524		---- linux-4.18.0-193.19.1.el8.orig/kernel/time/timekeeping.c
525		-+++ linux-4.18.0-193.19.1.el8/kernel/time/timekeeping.c
	524	+--- linux-4.18.0-193.28.1.el8.orig/kernel/time/timekeeping.c
	525	++++ linux-4.18.0-193.28.1.el8/kernel/time/timekeeping.c
526	526	@@ -26,6 +26,7 @@
527	527	#include <linux/pvclock_gtod.h>
528	528	#include <linux/compiler.h>

		@@ -556,8 +556,8 @@
556	556
557	557	/*
558	558	* Validate if a timespec/timeval used to inject a time
559		---- linux-4.18.0-193.19.1.el8.orig/net/ipv4/raw.c
560		-+++ linux-4.18.0-193.19.1.el8/net/ipv4/raw.c
	559	+--- linux-4.18.0-193.28.1.el8.orig/net/ipv4/raw.c
	560	++++ linux-4.18.0-193.28.1.el8/net/ipv4/raw.c
561	561	@@ -781,6 +781,10 @@ static int raw_recvmsg(struct sock *sk,
562	562	skb = skb_recv_datagram(sk, flags, noblock, &err);
563	563	if (!skb)

		@@ -569,8 +569,8 @@
569	569
570	570	copied = skb->len;
571	571	if (len < copied) {
572		---- linux-4.18.0-193.19.1.el8.orig/net/ipv4/udp.c
573		-+++ linux-4.18.0-193.19.1.el8/net/ipv4/udp.c
	572	+--- linux-4.18.0-193.28.1.el8.orig/net/ipv4/udp.c
	573	++++ linux-4.18.0-193.28.1.el8/net/ipv4/udp.c
574	574	@@ -1711,6 +1711,8 @@ try_again:
575	575	skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576	576	if (!skb)

		@@ -580,8 +580,8 @@
580	580
581	581	ulen = udp_skb_len(skb);
582	582	copied = len;
583		---- linux-4.18.0-193.19.1.el8.orig/net/ipv6/raw.c
584		-+++ linux-4.18.0-193.19.1.el8/net/ipv6/raw.c
	583	+--- linux-4.18.0-193.28.1.el8.orig/net/ipv6/raw.c
	584	++++ linux-4.18.0-193.28.1.el8/net/ipv6/raw.c
585	585	@@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
586	586	skb = skb_recv_datagram(sk, flags, noblock, &err);
587	587	if (!skb)

		@@ -593,8 +593,8 @@
593	593
594	594	copied = skb->len;
595	595	if (copied > len) {
596		---- linux-4.18.0-193.19.1.el8.orig/net/ipv6/udp.c
597		-+++ linux-4.18.0-193.19.1.el8/net/ipv6/udp.c
	596	+--- linux-4.18.0-193.28.1.el8.orig/net/ipv6/udp.c
	597	++++ linux-4.18.0-193.28.1.el8/net/ipv6/udp.c
598	598	@@ -308,6 +308,8 @@ try_again:
599	599	skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600	600	if (!skb)

		@@ -604,8 +604,8 @@
604	604
605	605	ulen = udp6_skb_len(skb);
606	606	copied = len;
607		---- linux-4.18.0-193.19.1.el8.orig/net/socket.c
608		-+++ linux-4.18.0-193.19.1.el8/net/socket.c
	607	+--- linux-4.18.0-193.28.1.el8.orig/net/socket.c
	608	++++ linux-4.18.0-193.28.1.el8/net/socket.c
609	609	@@ -1720,6 +1720,10 @@ int __sys_accept4(int fd, struct sockadd
610	610	if (err < 0)
611	611	goto out_fd;

		@@ -617,8 +617,8 @@
617	617	if (upeer_sockaddr) {
618	618	len = newsock->ops->getname(newsock,
619	619	(struct sockaddr *)&address, 2);
620		---- linux-4.18.0-193.19.1.el8.orig/net/unix/af_unix.c
621		-+++ linux-4.18.0-193.19.1.el8/net/unix/af_unix.c
	620	+--- linux-4.18.0-193.28.1.el8.orig/net/unix/af_unix.c
	621	++++ linux-4.18.0-193.28.1.el8/net/unix/af_unix.c
622	622	@@ -2063,6 +2063,10 @@ static int unix_dgram_recvmsg(struct soc
623	623	EPOLLOUT \| EPOLLWRNORM \|
624	624	EPOLLWRBAND);

		@@ -638,8 +638,8 @@
638	638	mutex_unlock(&u->iolock);
639	639	out:
640	640	return err;
641		---- linux-4.18.0-193.19.1.el8.orig/security/Kconfig
642		-+++ linux-4.18.0-193.19.1.el8/security/Kconfig
	641	+--- linux-4.18.0-193.28.1.el8.orig/security/Kconfig
	642	++++ linux-4.18.0-193.28.1.el8/security/Kconfig
643	643	@@ -313,4 +313,6 @@ config DEFAULT_SECURITY
644	644	default "apparmor" if DEFAULT_SECURITY_APPARMOR
645	645	default "" if DEFAULT_SECURITY_DAC

		@@ -647,8 +647,8 @@
647	647	+source security/ccsecurity/Kconfig
648	648	+
649	649	endmenu
650		---- linux-4.18.0-193.19.1.el8.orig/security/Makefile
651		-+++ linux-4.18.0-193.19.1.el8/security/Makefile
	650	+--- linux-4.18.0-193.28.1.el8.orig/security/Makefile
	651	++++ linux-4.18.0-193.28.1.el8/security/Makefile
652	652	@@ -33,3 +33,6 @@ obj-$(CONFIG_INTEGRITY) += integrity/
653	653
654	654	# Allow the kernel to be locked down

		@@ -656,8 +656,8 @@
656	656	+
657	657	+subdir-$(CONFIG_CCSECURITY) += ccsecurity
658	658	+obj-$(CONFIG_CCSECURITY) += ccsecurity/
659		---- linux-4.18.0-193.19.1.el8.orig/security/security.c
660		-+++ linux-4.18.0-193.19.1.el8/security/security.c
	659	+--- linux-4.18.0-193.28.1.el8.orig/security/security.c
	660	++++ linux-4.18.0-193.28.1.el8/security/security.c
661	661	@@ -988,12 +988,19 @@ int security_file_open(struct file *file
662	662
663	663	int security_task_alloc(struct task_struct *task, unsigned long clone_flags)

--- trunk/1.8.x/ccs-patch/specs/build-c8-4.18.sh (revision 6836)

+++ trunk/1.8.x/ccs-patch/specs/build-c8-4.18.sh (revision 6837)

		@@ -10,12 +10,12 @@
10	10
11	11	cd /tmp/ \|\| die "Can't chdir to /tmp/ ."
12	12
13		-if [ ! -r kernel-4.18.0-193.19.1.el8_2.src.rpm ]
	13	+if [ ! -r kernel-4.18.0-193.28.1.el8_2.src.rpm ]
14	14	then
15		- wget http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.19.1.el8_2.src.rpm \|\| die "Can't download source package."
	15	+ wget http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.28.1.el8_2.src.rpm \|\| die "Can't download source package."
16	16	fi
17		-LANG=C rpm --checksig kernel-4.18.0-193.19.1.el8_2.src.rpm \| grep -F ': digests signatures OK' \|\| die "Can't verify signature."
18		-rpm -ivh kernel-4.18.0-193.19.1.el8_2.src.rpm \|\| die "Can't install source package."
	17	+LANG=C rpm --checksig kernel-4.18.0-193.28.1.el8_2.src.rpm \| grep -F ': digests signatures OK' \|\| die "Can't verify signature."
	18	+rpm -ivh kernel-4.18.0-193.28.1.el8_2.src.rpm \|\| die "Can't install source package."
19	19
20	20	cd ~/rpmbuild/SOURCES/ \|\| die "Can't chdir to ~/rpmbuild/SOURCES/ ."
21	21	if [ ! -r ccs-patch-1.8.7-20200922.tar.gz ]

		@@ -36,8 +36,8 @@
36	36	+%define buildid _tomoyo_1.8.7p2
37	37
38	38	%define rpmversion 4.18.0
39		- %define pkgrelease 193.19.1.el8_2
40		-@@ -1071,6 +1071,10 @@
	39	+ %define pkgrelease 193.28.1.el8_2
	40	+@@ -1050,6 +1050,10 @@
41	41
42	42	# END OF PATCH APPLICATIONS
43	43

		@@ -48,7 +48,7 @@
48	48	# Any further pre-build tree manipulations happen here.
49	49
50	50	%if %{with_realtime}
51		-@@ -1205,6 +1209,18 @@
	51	+@@ -1184,6 +1188,18 @@
52	52	cp %{SOURCE9} certs/.
53	53	%endif
54	54

Show on old repository browser