--- trunk/1.8.x/ccs-patch/README.ccs	2011/01/11 07:45:54	4334
+++ trunk/1.8.x/ccs-patch/README.ccs	2011/03/31 03:06:59	4784
@@ -2659,6 +2659,11 @@
 
       This change allows you to jump to arbitrary domain.
 
+      Note that this change also reverts "Change /proc/ccs/info/self_domain ."
+      made on 2006/10/24. Now, 'cat < /proc/ccs/info/self_domain' will act like
+      'cat /proc/ccs/info/self_domain'. Programs depending on old assumption
+      need to be updated.
+
     @ Add "task auto_domain_transition".
 
       This is similar to "task manual_domain_transition", but is automatically
@@ -2714,14 +2719,98 @@
       experience temporary inconsistency, but such threads are about to be
       killed by SIGKILL signal.
 
-Fix 2010/01/11
+Fix 2011/01/11
+
+    @ Use filesystem name for unnamed devices when vfsmount is missing.
+
+      "Change pathname for non-rename()able filesystems." changed to use
+      "$fsname:" if the filesystem does not support rename() operation and
+      "dev($major,$minor):" otherwise when vfsmount is missing. But it turned
+      out that it is useless to use "dev($major,$minor):" for unnamed devices
+      (filesystems with $major == 0). Thus, I changed to use "$fsname:" rather
+      than "dev($major,$minor):" for filesystems with $major == 0 when vfsmount
+      is missing.
+
+Fix 2011/02/07
+
+    @ Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query .
+
+      In ccs_flush(), head->r.w[0] holds pointer to string data to be printed.
+      But head->r.w[0] was updated only when the string data was partially
+      printed (because head->r.w[0] will be updated by head->r.w[1] later if
+      completely printed). However, regarding /proc/ccs/audit and
+      /proc/ccs/query , an additional '\0' is printed after the string data was
+      completely printed. But if free space for read buffer became 0 before
+      printing the additional '\0', ccs_flush() was returning without updating
+      head->r.w[0]. As a result, ccs_flush() forever reprints already printed
+      string data.
+
+Fix 2011/03/01
+
+    @ Run garbage collector without waiting for /proc/ccs/ users.
+
+      Currently TOMOYO holds SRCU lock upon open() and releases it upon close()
+      because list elements stored in the "struct ccs_io_buffer" instances are
+      accessed until close() is called. However, such SRCU usage causes lockdep
+      to complain about leaving the kernel with SRCU lock held. Therefore,
+      I changed to hold/release SRCU upon each read()/write() by selectively
+      deferring kfree() by keeping track of the "struct ccs_io_buffer"
+      instances.
+
+Fix 2011/03/05
+
+    @ Support built-in policy configuration.
+
+      To be able to start using enforcing mode from the early stage of boot
+      sequence, I added support for built-in policy configuration and
+      activating access control without calling external policy loader program.
+
+      This will be useful for systems where operations which can lead to the
+      hijacking of the boot sequence are needed before loading the policy.
+      For example, you can activate immediately after loading the fixed part of
+      policy which will allow only operations needed for mounting a partition
+      which contains the variant part of policy and verifying (e.g. running GPG
+      check) and loading the variant part of policy. Since you can start using
+      enforcing mode from the beginning, you can reduce the possibility of
+      hijacking the boot sequence.
+
+Fix 2011/03/10
+
+    @ Remove /proc/ccs/meminfo interface.
+
+      Please use /proc/ccs/stat interface instead.
+
+Fix 2011/03/15
+
+    @ Pack policy when printing via /proc/ccs/ interface.
+
+      The kernel side is ready for accepting packed input like
+
+        file read/write/execute /path/to/file
+
+      but was using unpacked output like
+
+        file read /path/to/file
+        file write /path/to/file
+        file execute /path/to/file
+
+      because most of userland tools were not ready for accepting packed input.
+
+      The advantages of using packed policy are that it makes policy files
+      smaller and it speeds up loading/saving policy files.
+
+      Since most of userland tools are ready for accepting packed input by now,
+      I changed to use packed policy for both input and output.
+
+Fix 2011/03/31
+
+    @ Fix conditional policy parsing.
+
+      Since exec.realpath= and symlink.target= accept path_group,
+      symlink.target="@foo" was by error parsed as symlink.target=@foo .
+
+    @ Serialize updating profile's comment line.
 
-   @ Use filesystem name for unnamed devices when vfsmount is missing.
+      We need to serialize when updating COMMENT= line in /proc/ccs/profile .
 
-     "Change pathname for non-rename()able filesystems." changed to use
-     "$fsname:" if the filesystem does not support rename() operation and
-     "dev($major,$minor):" otherwise when vfsmount is missing. But it turned
-     out that it is useless to use "dev($major,$minor):" for unnamed devices
-     (filesystems with $major == 0). Thus, I changed to use "$fsname:" rather
-     than "dev($major,$minor):" for filesystems with $major == 0 when vfsmount
-     is missing.
+Version 1.8.1   2011/04/01   Usability enhancement release.