オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.15-cat-760.diff

Diff of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.15-cat-760.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3372 by kumaneko, Tue Jan 19 04:32:34 2010 UTC revision 3464 by kumaneko, Fri Feb 19 08:23:20 2010 UTC
# Line 18  Source code for this patch is linux-2.6. Line 18  Source code for this patch is linux-2.6.
18   fs/ioctl.c                      |    5 +++++   fs/ioctl.c                      |    5 +++++
19   fs/namei.c                      |   32 ++++++++++++++++++++++++++++++++   fs/namei.c                      |   32 ++++++++++++++++++++++++++++++++
20   fs/namespace.c                  |   23 ++++++++++++++++++++++-   fs/namespace.c                  |   23 ++++++++++++++++++++++-
21   fs/open.c                       |   29 ++++++++++++++++++++++++++++-   fs/open.c                       |   27 ++++++++++++++++++++++++++-
22   fs/proc/proc_misc.c             |    1 +   fs/proc/proc_misc.c             |    1 +
23   include/linux/init_task.h       |    9 +++++++++   include/linux/init_task.h       |    9 +++++++++
24   include/linux/sched.h           |    6 ++++++   include/linux/sched.h           |    6 ++++++
# Line 43  Source code for this patch is linux-2.6. Line 43  Source code for this patch is linux-2.6.
43   net/unix/af_unix.c              |    4 ++++   net/unix/af_unix.c              |    4 ++++
44   security/Kconfig                |    2 ++   security/Kconfig                |    2 ++
45   security/Makefile               |    3 +++   security/Makefile               |    3 +++
46   41 files changed, 284 insertions(+), 9 deletions(-)   41 files changed, 282 insertions(+), 9 deletions(-)
47    
48  --- linux-2.6.15-cat.orig/arch/alpha/kernel/ptrace.c  --- linux-2.6.15-cat.orig/arch/alpha/kernel/ptrace.c
49  +++ linux-2.6.15-cat/arch/alpha/kernel/ptrace.c  +++ linux-2.6.15-cat/arch/alpha/kernel/ptrace.c
# Line 512  Source code for this patch is linux-2.6. Line 512  Source code for this patch is linux-2.6.
512          if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))          if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
513                  goto out;                  goto out;
514  +       err = -EPERM;  +       err = -EPERM;
515  +       if (ccs_may_mount(nd))  +       if (ccs_may_mount(ccs_mkpath(nd)))
516  +               goto out;  +               goto out;
517    
518          err = -ENOMEM;          err = -ENOMEM;
# Line 523  Source code for this patch is linux-2.6. Line 523  Source code for this patch is linux-2.6.
523                  goto out;                  goto out;
524  -  -
525  +       err = -EPERM;  +       err = -EPERM;
526  +       if (ccs_may_mount(nd))  +       if (ccs_may_mount(ccs_mkpath(nd)))
527  +               goto out;  +               goto out;
528          err = -ENOENT;          err = -ENOENT;
529          down(&nd->dentry->d_inode->i_sem);          down(&nd->dentry->d_inode->i_sem);
# Line 533  Source code for this patch is linux-2.6. Line 533  Source code for this patch is linux-2.6.
533          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
534                  goto unlock;                  goto unlock;
535  +       err = -EPERM;  +       err = -EPERM;
536  +       if (ccs_may_mount(nd))  +       if (ccs_may_mount(ccs_mkpath(nd)))
537  +               goto unlock;  +               goto unlock;
538    
539          newmnt->mnt_flags = mnt_flags;          newmnt->mnt_flags = mnt_flags;
# Line 546  Source code for this patch is linux-2.6. Line 546  Source code for this patch is linux-2.6.
546          struct nameidata nd;          struct nameidata nd;
547          int retval = 0;          int retval = 0;
548          int mnt_flags = 0;          int mnt_flags = 0;
549  @@ -1294,6 +1308,9 @@ long do_mount(char *dev_name, char *dir_  @@ -1294,6 +1308,10 @@ long do_mount(char *dev_name, char *dir_
550                  return retval;                  return retval;
551    
552          retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);          retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
553  +       if (!retval)  +       if (!retval)
554  +               retval = ccs_mount_permission(dev_name, &nd, type_page,  +               retval = ccs_mount_permission(dev_name, ccs_mkpath(&nd),
555  +                                             original_flags, data_page);  +                                             type_page, original_flags,
556    +                                             data_page);
557          if (retval)          if (retval)
558                  goto dput_out;                  goto dput_out;
559    
560  @@ -1543,6 +1560,8 @@ asmlinkage long sys_pivot_root(const cha  @@ -1559,6 +1577,9 @@ asmlinkage long sys_pivot_root(const cha
   
         if (!capable(CAP_SYS_ADMIN))  
                 return -EPERM;  
 +       if (!ccs_capable(CCS_SYS_PIVOT_ROOT))  
 +               return -EPERM;  
   
         lock_kernel();  
   
 @@ -1559,6 +1578,8 @@ asmlinkage long sys_pivot_root(const cha  
561                  goto out1;                  goto out1;
562    
563          error = security_sb_pivotroot(&old_nd, &new_nd);          error = security_sb_pivotroot(&old_nd, &new_nd);
564  +       if (!error)  +       if (!error)
565  +               error = ccs_pivot_root_permission(&old_nd, &new_nd);  +               error = ccs_pivot_root_permission(ccs_mkpath(&old_nd),
566    +                                                 ccs_mkpath(&new_nd));
567          if (error) {          if (error) {
568                  path_release(&old_nd);                  path_release(&old_nd);
569                  goto out1;                  goto out1;
# Line 605  Source code for this patch is linux-2.6. Line 598  Source code for this patch is linux-2.6.
598          error = locks_verify_truncate(inode, file, length);          error = locks_verify_truncate(inode, file, length);
599          if (!error)          if (!error)
600                  error = do_truncate(dentry, length, file);                  error = do_truncate(dentry, length, file);
601  @@ -588,6 +594,10 @@ asmlinkage long sys_chroot(const char __  @@ -588,6 +594,8 @@ asmlinkage long sys_chroot(const char __
602          error = -EPERM;          error = -EPERM;
603          if (!capable(CAP_SYS_CHROOT))          if (!capable(CAP_SYS_CHROOT))
604                  goto dput_and_out;                  goto dput_and_out;
605  +       if (!ccs_capable(CCS_SYS_CHROOT))  +       if (ccs_chroot_permission(ccs_mkpath(&nd)))
 +               goto dput_and_out;  
 +       if (ccs_chroot_permission(&nd))  
606  +               goto dput_and_out;  +               goto dput_and_out;
607    
608          set_fs_root(current->fs, nd.mnt, nd.dentry);          set_fs_root(current->fs, nd.mnt, nd.dentry);
609          set_fs_altroot();          set_fs_altroot();
610  @@ -619,6 +629,9 @@ asmlinkage long sys_fchmod(unsigned int  @@ -619,6 +627,9 @@ asmlinkage long sys_fchmod(unsigned int
611          err = -EPERM;          err = -EPERM;
612          if (IS_IMMUTABLE(inode) || IS_APPEND(inode))          if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
613                  goto out_putf;                  goto out_putf;
# Line 626  Source code for this patch is linux-2.6. Line 617  Source code for this patch is linux-2.6.
617          down(&inode->i_sem);          down(&inode->i_sem);
618          if (mode == (mode_t) -1)          if (mode == (mode_t) -1)
619                  mode = inode->i_mode;                  mode = inode->i_mode;
620  @@ -652,6 +665,9 @@ asmlinkage long sys_chmod(const char __u  @@ -652,6 +663,9 @@ asmlinkage long sys_chmod(const char __u
621          error = -EPERM;          error = -EPERM;
622          if (IS_IMMUTABLE(inode) || IS_APPEND(inode))          if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
623                  goto dput_and_out;                  goto dput_and_out;
# Line 636  Source code for this patch is linux-2.6. Line 627  Source code for this patch is linux-2.6.
627    
628          down(&inode->i_sem);          down(&inode->i_sem);
629          if (mode == (mode_t) -1)          if (mode == (mode_t) -1)
630  @@ -709,6 +725,8 @@ asmlinkage long sys_chown(const char __u  @@ -709,6 +723,8 @@ asmlinkage long sys_chown(const char __u
631    
632          error = user_path_walk(filename, &nd);          error = user_path_walk(filename, &nd);
633          if (!error) {          if (!error) {
# Line 645  Source code for this patch is linux-2.6. Line 636  Source code for this patch is linux-2.6.
636                  error = chown_common(nd.dentry, user, group);                  error = chown_common(nd.dentry, user, group);
637                  path_release(&nd);                  path_release(&nd);
638          }          }
639  @@ -722,6 +740,8 @@ asmlinkage long sys_lchown(const char __  @@ -722,6 +738,8 @@ asmlinkage long sys_lchown(const char __
640    
641          error = user_path_walk_link(filename, &nd);          error = user_path_walk_link(filename, &nd);
642          if (!error) {          if (!error) {
# Line 654  Source code for this patch is linux-2.6. Line 645  Source code for this patch is linux-2.6.
645                  error = chown_common(nd.dentry, user, group);                  error = chown_common(nd.dentry, user, group);
646                  path_release(&nd);                  path_release(&nd);
647          }          }
648  @@ -736,6 +756,9 @@ asmlinkage long sys_fchown(unsigned int  @@ -736,6 +754,9 @@ asmlinkage long sys_fchown(unsigned int
649    
650          file = fget(fd);          file = fget(fd);
651          if (file) {          if (file) {
# Line 664  Source code for this patch is linux-2.6. Line 655  Source code for this patch is linux-2.6.
655                  error = chown_common(file->f_dentry, user, group);                  error = chown_common(file->f_dentry, user, group);
656                  fput(file);                  fput(file);
657          }          }
658  @@ -827,7 +850,9 @@ struct file *filp_open(const char * file  @@ -827,7 +848,9 @@ struct file *filp_open(const char * file
659          if ((namei_flags+1) & O_ACCMODE)          if ((namei_flags+1) & O_ACCMODE)
660                  namei_flags++;                  namei_flags++;
661    
# Line 674  Source code for this patch is linux-2.6. Line 665  Source code for this patch is linux-2.6.
665          if (!error)          if (!error)
666                  return nameidata_to_filp(&nd, flags);                  return nameidata_to_filp(&nd, flags);
667    
668  @@ -1119,6 +1144,8 @@ EXPORT_SYMBOL(sys_close);  @@ -1119,6 +1142,8 @@ EXPORT_SYMBOL(sys_close);
669    */    */
670   asmlinkage long sys_vhangup(void)   asmlinkage long sys_vhangup(void)
671   {   {
# Line 689  Source code for this patch is linux-2.6. Line 680  Source code for this patch is linux-2.6.
680          if (entry)          if (entry)
681                  entry->proc_fops = &proc_sysrq_trigger_operations;                  entry->proc_fops = &proc_sysrq_trigger_operations;
682   #endif   #endif
683  +       printk(KERN_INFO "Hook version: 2.6.15-cat_20080502 2010/01/19\n");  +       printk(KERN_INFO "Hook version: 2.6.15-cat_20080502 2010/02/19\n");
684   }   }
685  --- linux-2.6.15-cat.orig/include/linux/init_task.h  --- linux-2.6.15-cat.orig/include/linux/init_task.h
686  +++ linux-2.6.15-cat/include/linux/init_task.h  +++ linux-2.6.15-cat/include/linux/init_task.h
Legend:
Removed from v.3372  
changed lines
  Added in v.3464
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ