• R/O
  • SSH
  • HTTPS

tomoyo: Commit


Commit MetaInfo

Revision6837 (tree)
Time2020-11-01 19:47:27
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.18-centos-8.diff (revision 6836)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.18-centos-8.diff (revision 6837)
@@ -1,6 +1,6 @@
11 This is TOMOYO Linux patch for CentOS 8.
22
3-Source code for this patch is http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.19.1.el8_2.src.rpm
3+Source code for this patch is http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.28.1.el8_2.src.rpm
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 9 +++++-
2929 24 files changed, 148 insertions(+), 29 deletions(-)
3030
31---- linux-4.18.0-193.19.1.el8.orig/fs/exec.c
32-+++ linux-4.18.0-193.19.1.el8/fs/exec.c
31+--- linux-4.18.0-193.28.1.el8.orig/fs/exec.c
32++++ linux-4.18.0-193.28.1.el8/fs/exec.c
3333 @@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.18.0-193.19.1.el8.orig/fs/open.c
43-+++ linux-4.18.0-193.19.1.el8/fs/open.c
42+--- linux-4.18.0-193.28.1.el8.orig/fs/open.c
43++++ linux-4.18.0-193.28.1.el8/fs/open.c
4444 @@ -1180,6 +1180,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.18.0-193.19.1.el8.orig/fs/proc/version.c
54-+++ linux-4.18.0-193.19.1.el8/fs/proc/version.c
53+--- linux-4.18.0-193.28.1.el8.orig/fs/proc/version.c
54++++ linux-4.18.0-193.28.1.el8/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.18.0-193.19.1.el8_2 2020/09/18\n");
62++ printk(KERN_INFO "Hook version: 4.18.0-193.28.1.el8_2 2020/11/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.18.0-193.19.1.el8.orig/include/linux/sched.h
67-+++ linux-4.18.0-193.19.1.el8/include/linux/sched.h
66+--- linux-4.18.0-193.28.1.el8.orig/include/linux/sched.h
67++++ linux-4.18.0-193.28.1.el8/include/linux/sched.h
6868 @@ -35,6 +35,7 @@ struct audit_context;
6969 struct backing_dev_info;
7070 struct bio_list;
@@ -84,8 +84,8 @@
8484
8585 /*
8686 * New fields for task_struct should be added above here, so that
87---- linux-4.18.0-193.19.1.el8.orig/include/linux/security.h
88-+++ linux-4.18.0-193.19.1.el8/include/linux/security.h
87+--- linux-4.18.0-193.28.1.el8.orig/include/linux/security.h
88++++ linux-4.18.0-193.28.1.el8/include/linux/security.h
8989 @@ -54,6 +54,7 @@ struct xattr;
9090 struct kernfs_node;
9191 struct xfrm_sec_ctx;
@@ -306,8 +306,8 @@
306306 }
307307 #endif /* CONFIG_SECURITY_PATH */
308308
309---- linux-4.18.0-193.19.1.el8.orig/include/net/ip.h
310-+++ linux-4.18.0-193.19.1.el8/include/net/ip.h
309+--- linux-4.18.0-193.28.1.el8.orig/include/net/ip.h
310++++ linux-4.18.0-193.28.1.el8/include/net/ip.h
311311 @@ -285,6 +285,8 @@ void inet_get_local_port_range(struct ne
312312 #ifdef CONFIG_SYSCTL
313313 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -326,8 +326,8 @@
326326 return 0;
327327 }
328328
329---- linux-4.18.0-193.19.1.el8.orig/init/init_task.c
330-+++ linux-4.18.0-193.19.1.el8/init/init_task.c
329+--- linux-4.18.0-193.28.1.el8.orig/init/init_task.c
330++++ linux-4.18.0-193.28.1.el8/init/init_task.c
331331 @@ -183,6 +183,10 @@ struct task_struct init_task
332332 #ifdef CONFIG_SECURITY
333333 .security = NULL,
@@ -339,8 +339,8 @@
339339 };
340340 EXPORT_SYMBOL(init_task);
341341
342---- linux-4.18.0-193.19.1.el8.orig/kernel/kexec.c
343-+++ linux-4.18.0-193.19.1.el8/kernel/kexec.c
342+--- linux-4.18.0-193.28.1.el8.orig/kernel/kexec.c
343++++ linux-4.18.0-193.28.1.el8/kernel/kexec.c
344344 @@ -17,7 +17,7 @@
345345 #include <linux/syscalls.h>
346346 #include <linux/vmalloc.h>
@@ -359,8 +359,8 @@
359359
360360 /*
361361 * kexec can be used to circumvent module loading restrictions, so
362---- linux-4.18.0-193.19.1.el8.orig/kernel/module.c
363-+++ linux-4.18.0-193.19.1.el8/kernel/module.c
362+--- linux-4.18.0-193.28.1.el8.orig/kernel/module.c
363++++ linux-4.18.0-193.28.1.el8/kernel/module.c
364364 @@ -66,6 +66,7 @@
365365 #include <linux/audit.h>
366366 #include <uapi/linux/module.h>
@@ -387,8 +387,8 @@
387387
388388 return 0;
389389 }
390---- linux-4.18.0-193.19.1.el8.orig/kernel/ptrace.c
391-+++ linux-4.18.0-193.19.1.el8/kernel/ptrace.c
390+--- linux-4.18.0-193.28.1.el8.orig/kernel/ptrace.c
391++++ linux-4.18.0-193.28.1.el8/kernel/ptrace.c
392392 @@ -1109,6 +1109,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393393 {
394394 struct task_struct *child;
@@ -413,8 +413,8 @@
413413
414414 if (request == PTRACE_TRACEME) {
415415 ret = ptrace_traceme();
416---- linux-4.18.0-193.19.1.el8.orig/kernel/reboot.c
417-+++ linux-4.18.0-193.19.1.el8/kernel/reboot.c
416+--- linux-4.18.0-193.28.1.el8.orig/kernel/reboot.c
417++++ linux-4.18.0-193.28.1.el8/kernel/reboot.c
418418 @@ -16,6 +16,7 @@
419419 #include <linux/syscalls.h>
420420 #include <linux/syscore_ops.h>
@@ -432,9 +432,9 @@
432432
433433 /*
434434 * If pid namespaces are enabled and the current task is in a child
435---- linux-4.18.0-193.19.1.el8.orig/kernel/sched/core.c
436-+++ linux-4.18.0-193.19.1.el8/kernel/sched/core.c
437-@@ -3929,6 +3929,8 @@ int can_nice(const struct task_struct *p
435+--- linux-4.18.0-193.28.1.el8.orig/kernel/sched/core.c
436++++ linux-4.18.0-193.28.1.el8/kernel/sched/core.c
437+@@ -3974,6 +3974,8 @@ int can_nice(const struct task_struct *p
438438 SYSCALL_DEFINE1(nice, int, increment)
439439 {
440440 long nice, retval;
@@ -443,8 +443,8 @@
443443
444444 /*
445445 * Setpriority might change our priority at the same moment.
446---- linux-4.18.0-193.19.1.el8.orig/kernel/signal.c
447-+++ linux-4.18.0-193.19.1.el8/kernel/signal.c
446+--- linux-4.18.0-193.28.1.el8.orig/kernel/signal.c
447++++ linux-4.18.0-193.28.1.el8/kernel/signal.c
448448 @@ -3497,6 +3497,8 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, s
449449 {
450450 struct kernel_siginfo info;
@@ -490,8 +490,8 @@
490490 return do_send_specific(tgid, pid, sig, info);
491491 }
492492
493---- linux-4.18.0-193.19.1.el8.orig/kernel/sys.c
494-+++ linux-4.18.0-193.19.1.el8/kernel/sys.c
493+--- linux-4.18.0-193.28.1.el8.orig/kernel/sys.c
494++++ linux-4.18.0-193.28.1.el8/kernel/sys.c
495495 @@ -207,6 +207,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496496
497497 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -521,8 +521,8 @@
521521
522522 down_write(&uts_sem);
523523 errno = -EFAULT;
524---- linux-4.18.0-193.19.1.el8.orig/kernel/time/timekeeping.c
525-+++ linux-4.18.0-193.19.1.el8/kernel/time/timekeeping.c
524+--- linux-4.18.0-193.28.1.el8.orig/kernel/time/timekeeping.c
525++++ linux-4.18.0-193.28.1.el8/kernel/time/timekeeping.c
526526 @@ -26,6 +26,7 @@
527527 #include <linux/pvclock_gtod.h>
528528 #include <linux/compiler.h>
@@ -556,8 +556,8 @@
556556
557557 /*
558558 * Validate if a timespec/timeval used to inject a time
559---- linux-4.18.0-193.19.1.el8.orig/net/ipv4/raw.c
560-+++ linux-4.18.0-193.19.1.el8/net/ipv4/raw.c
559+--- linux-4.18.0-193.28.1.el8.orig/net/ipv4/raw.c
560++++ linux-4.18.0-193.28.1.el8/net/ipv4/raw.c
561561 @@ -781,6 +781,10 @@ static int raw_recvmsg(struct sock *sk,
562562 skb = skb_recv_datagram(sk, flags, noblock, &err);
563563 if (!skb)
@@ -569,8 +569,8 @@
569569
570570 copied = skb->len;
571571 if (len < copied) {
572---- linux-4.18.0-193.19.1.el8.orig/net/ipv4/udp.c
573-+++ linux-4.18.0-193.19.1.el8/net/ipv4/udp.c
572+--- linux-4.18.0-193.28.1.el8.orig/net/ipv4/udp.c
573++++ linux-4.18.0-193.28.1.el8/net/ipv4/udp.c
574574 @@ -1711,6 +1711,8 @@ try_again:
575575 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576576 if (!skb)
@@ -580,8 +580,8 @@
580580
581581 ulen = udp_skb_len(skb);
582582 copied = len;
583---- linux-4.18.0-193.19.1.el8.orig/net/ipv6/raw.c
584-+++ linux-4.18.0-193.19.1.el8/net/ipv6/raw.c
583+--- linux-4.18.0-193.28.1.el8.orig/net/ipv6/raw.c
584++++ linux-4.18.0-193.28.1.el8/net/ipv6/raw.c
585585 @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
586586 skb = skb_recv_datagram(sk, flags, noblock, &err);
587587 if (!skb)
@@ -593,8 +593,8 @@
593593
594594 copied = skb->len;
595595 if (copied > len) {
596---- linux-4.18.0-193.19.1.el8.orig/net/ipv6/udp.c
597-+++ linux-4.18.0-193.19.1.el8/net/ipv6/udp.c
596+--- linux-4.18.0-193.28.1.el8.orig/net/ipv6/udp.c
597++++ linux-4.18.0-193.28.1.el8/net/ipv6/udp.c
598598 @@ -308,6 +308,8 @@ try_again:
599599 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600600 if (!skb)
@@ -604,8 +604,8 @@
604604
605605 ulen = udp6_skb_len(skb);
606606 copied = len;
607---- linux-4.18.0-193.19.1.el8.orig/net/socket.c
608-+++ linux-4.18.0-193.19.1.el8/net/socket.c
607+--- linux-4.18.0-193.28.1.el8.orig/net/socket.c
608++++ linux-4.18.0-193.28.1.el8/net/socket.c
609609 @@ -1720,6 +1720,10 @@ int __sys_accept4(int fd, struct sockadd
610610 if (err < 0)
611611 goto out_fd;
@@ -617,8 +617,8 @@
617617 if (upeer_sockaddr) {
618618 len = newsock->ops->getname(newsock,
619619 (struct sockaddr *)&address, 2);
620---- linux-4.18.0-193.19.1.el8.orig/net/unix/af_unix.c
621-+++ linux-4.18.0-193.19.1.el8/net/unix/af_unix.c
620+--- linux-4.18.0-193.28.1.el8.orig/net/unix/af_unix.c
621++++ linux-4.18.0-193.28.1.el8/net/unix/af_unix.c
622622 @@ -2063,6 +2063,10 @@ static int unix_dgram_recvmsg(struct soc
623623 EPOLLOUT | EPOLLWRNORM |
624624 EPOLLWRBAND);
@@ -638,8 +638,8 @@
638638 mutex_unlock(&u->iolock);
639639 out:
640640 return err;
641---- linux-4.18.0-193.19.1.el8.orig/security/Kconfig
642-+++ linux-4.18.0-193.19.1.el8/security/Kconfig
641+--- linux-4.18.0-193.28.1.el8.orig/security/Kconfig
642++++ linux-4.18.0-193.28.1.el8/security/Kconfig
643643 @@ -313,4 +313,6 @@ config DEFAULT_SECURITY
644644 default "apparmor" if DEFAULT_SECURITY_APPARMOR
645645 default "" if DEFAULT_SECURITY_DAC
@@ -647,8 +647,8 @@
647647 +source security/ccsecurity/Kconfig
648648 +
649649 endmenu
650---- linux-4.18.0-193.19.1.el8.orig/security/Makefile
651-+++ linux-4.18.0-193.19.1.el8/security/Makefile
650+--- linux-4.18.0-193.28.1.el8.orig/security/Makefile
651++++ linux-4.18.0-193.28.1.el8/security/Makefile
652652 @@ -33,3 +33,6 @@ obj-$(CONFIG_INTEGRITY) += integrity/
653653
654654 # Allow the kernel to be locked down
@@ -656,8 +656,8 @@
656656 +
657657 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
658658 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
659---- linux-4.18.0-193.19.1.el8.orig/security/security.c
660-+++ linux-4.18.0-193.19.1.el8/security/security.c
659+--- linux-4.18.0-193.28.1.el8.orig/security/security.c
660++++ linux-4.18.0-193.28.1.el8/security/security.c
661661 @@ -988,12 +988,19 @@ int security_file_open(struct file *file
662662
663663 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
--- trunk/1.8.x/ccs-patch/specs/build-c8-4.18.sh (revision 6836)
+++ trunk/1.8.x/ccs-patch/specs/build-c8-4.18.sh (revision 6837)
@@ -10,12 +10,12 @@
1010
1111 cd /tmp/ || die "Can't chdir to /tmp/ ."
1212
13-if [ ! -r kernel-4.18.0-193.19.1.el8_2.src.rpm ]
13+if [ ! -r kernel-4.18.0-193.28.1.el8_2.src.rpm ]
1414 then
15- wget http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.19.1.el8_2.src.rpm || die "Can't download source package."
15+ wget http://vault.centos.org/8.2.2004/BaseOS/Source/SPackages/kernel-4.18.0-193.28.1.el8_2.src.rpm || die "Can't download source package."
1616 fi
17-LANG=C rpm --checksig kernel-4.18.0-193.19.1.el8_2.src.rpm | grep -F ': digests signatures OK' || die "Can't verify signature."
18-rpm -ivh kernel-4.18.0-193.19.1.el8_2.src.rpm || die "Can't install source package."
17+LANG=C rpm --checksig kernel-4.18.0-193.28.1.el8_2.src.rpm | grep -F ': digests signatures OK' || die "Can't verify signature."
18+rpm -ivh kernel-4.18.0-193.28.1.el8_2.src.rpm || die "Can't install source package."
1919
2020 cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ."
2121 if [ ! -r ccs-patch-1.8.7-20200922.tar.gz ]
@@ -36,8 +36,8 @@
3636 +%define buildid _tomoyo_1.8.7p2
3737
3838 %define rpmversion 4.18.0
39- %define pkgrelease 193.19.1.el8_2
40-@@ -1071,6 +1071,10 @@
39+ %define pkgrelease 193.28.1.el8_2
40+@@ -1050,6 +1050,10 @@
4141
4242 # END OF PATCH APPLICATIONS
4343
@@ -48,7 +48,7 @@
4848 # Any further pre-build tree manipulations happen here.
4949
5050 %if %{with_realtime}
51-@@ -1205,6 +1209,18 @@
51+@@ -1184,6 +1188,18 @@
5252 cp %{SOURCE9} certs/.
5353 %endif
5454
Show on old repository browser