2 |
|
|
3 |
Source code for this patch is http://updates.vinelinux.org/Vine-4.2/updates/SRPMS/kernel-2.6.16-76.40vl4.src.rpm |
Source code for this patch is http://updates.vinelinux.org/Vine-4.2/updates/SRPMS/kernel-2.6.16-76.40vl4.src.rpm |
4 |
--- |
--- |
5 |
arch/alpha/kernel/ptrace.c | 7 ++ |
arch/alpha/kernel/ptrace.c | 7 ++++ |
6 |
arch/ia64/ia32/sys_ia32.c | 7 ++ |
arch/ia64/ia32/sys_ia32.c | 7 ++++ |
7 |
arch/ia64/kernel/ptrace.c | 7 ++ |
arch/ia64/kernel/ptrace.c | 7 ++++ |
8 |
arch/m32r/kernel/ptrace.c | 7 ++ |
arch/m32r/kernel/ptrace.c | 7 ++++ |
9 |
arch/mips/kernel/ptrace32.c | 7 ++ |
arch/mips/kernel/ptrace32.c | 7 ++++ |
10 |
arch/powerpc/kernel/ptrace32.c | 7 ++ |
arch/powerpc/kernel/ptrace32.c | 7 ++++ |
11 |
arch/s390/kernel/ptrace.c | 7 ++ |
arch/s390/kernel/ptrace.c | 7 ++++ |
12 |
arch/sparc/kernel/ptrace.c | 9 +++ |
arch/sparc/kernel/ptrace.c | 9 ++++++ |
13 |
arch/sparc64/kernel/ptrace.c | 9 +++ |
arch/sparc64/kernel/ptrace.c | 9 ++++++ |
14 |
arch/x86_64/ia32/ptrace32.c | 7 ++ |
arch/x86_64/ia32/ptrace32.c | 7 ++++ |
15 |
fs/Kconfig | 2 |
fs/Kconfig | 2 + |
16 |
fs/Makefile | 2 |
fs/Makefile | 2 + |
17 |
fs/attr.c | 19 ++++++ |
fs/attr.c | 19 ++++++++++++ |
18 |
fs/compat.c | 15 +++++ |
fs/compat.c | 15 +++++++++- |
19 |
fs/exec.c | 21 +++++++ |
fs/exec.c | 21 +++++++++++++- |
20 |
fs/fcntl.c | 9 +++ |
fs/fcntl.c | 9 ++++++ |
21 |
fs/ioctl.c | 11 +++ |
fs/ioctl.c | 11 +++++++ |
22 |
fs/namei.c | 60 +++++++++++++++++++++ |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
23 |
fs/namespace.c | 50 +++++++++++++++++- |
fs/namespace.c | 50 ++++++++++++++++++++++++++++++++- |
24 |
fs/open.c | 30 ++++++++++ |
fs/open.c | 30 +++++++++++++++++++- |
25 |
fs/proc/Makefile | 3 + |
fs/proc/Makefile | 3 ++ |
26 |
fs/proc/proc_misc.c | 5 + |
fs/proc/proc_misc.c | 5 +++ |
27 |
include/linux/init_task.h | 4 + |
include/linux/init_task.h | 4 ++ |
28 |
include/linux/sched.h | 8 ++ |
include/linux/sched.h | 8 +++++ |
29 |
kernel/compat.c | 7 ++ |
kernel/compat.c | 7 ++++ |
30 |
kernel/kexec.c | 7 ++ |
kernel/kexec.c | 7 ++++ |
31 |
kernel/kmod.c | 5 + |
kernel/kmod.c | 5 +++ |
32 |
kernel/module.c | 13 +++- |
kernel/module.c | 13 +++++++- |
33 |
kernel/ptrace.c | 7 ++ |
kernel/ptrace.c | 7 ++++ |
34 |
kernel/sched.c | 7 ++ |
kernel/sched.c | 7 ++++ |
35 |
kernel/signal.c | 21 +++++++ |
kernel/signal.c | 21 ++++++++++++++ |
36 |
kernel/sys.c | 21 +++++++ |
kernel/sys.c | 21 ++++++++++++++ |
37 |
kernel/sysctl.c | 111 ++++++++++++++++++++++++++++++++++++++++ |
kernel/sysctl.c | 17 +++++++++++ |
38 |
kernel/time.c | 15 +++++ |
kernel/time.c | 15 ++++++++++ |
39 |
net/core/datagram.c | 11 +++ |
net/core/datagram.c | 11 +++++++ |
40 |
net/ipv4/inet_connection_sock.c | 7 ++ |
net/ipv4/inet_connection_sock.c | 7 ++++ |
41 |
net/ipv4/inet_hashtables.c | 7 ++ |
net/ipv4/inet_hashtables.c | 7 ++++ |
42 |
net/ipv4/udp.c | 11 +++ |
net/ipv4/udp.c | 11 +++++++ |
43 |
net/ipv6/inet6_hashtables.c | 9 ++- |
net/ipv6/inet6_hashtables.c | 9 +++++- |
44 |
net/ipv6/udp.c | 11 +++ |
net/ipv6/udp.c | 11 +++++++ |
45 |
net/socket.c | 43 ++++++++++++++- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
46 |
net/unix/af_unix.c | 8 ++ |
net/unix/af_unix.c | 8 +++++ |
47 |
42 files changed, 624 insertions(+), 10 deletions(-) |
42 files changed, 530 insertions(+), 10 deletions(-) |
48 |
|
|
49 |
--- linux-2.6.16-76.40vl4.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.16-76.40vl4.orig/arch/alpha/kernel/ptrace.c |
50 |
+++ linux-2.6.16-76.40vl4/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.16-76.40vl4/arch/alpha/kernel/ptrace.c |
1136 |
|
|
1137 |
extern int proc_nr_files(ctl_table *table, int write, struct file *filp, |
extern int proc_nr_files(ctl_table *table, int write, struct file *filp, |
1138 |
void __user *buffer, size_t *lenp, loff_t *ppos); |
void __user *buffer, size_t *lenp, loff_t *ppos); |
1139 |
@@ -1108,6 +1111,100 @@ void __init sysctl_init(void) |
@@ -1133,6 +1136,11 @@ int do_sysctl(int __user *name, int nlen |
|
#endif |
|
|
} |
|
|
|
|
|
+/***** TOMOYO Linux start. *****/ |
|
|
+static int try_parse_table(int __user *name, int nlen, void __user *oldval, |
|
|
+ void __user *newval, ctl_table *table) |
|
|
+{ |
|
|
+ int n; |
|
|
+ int error = -ENOMEM; |
|
|
+ int op = 0; |
|
|
+ char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL); |
|
|
+ if (oldval) |
|
|
+ op |= 004; |
|
|
+ if (newval) |
|
|
+ op |= 002; |
|
|
+ if (!op) { /* Neither read nor write */ |
|
|
+ error = 0; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (!buffer) |
|
|
+ goto out; |
|
|
+ memset(buffer, 0, PAGE_SIZE); |
|
|
+ snprintf(buffer, PAGE_SIZE - 1, "/proc/sys"); |
|
|
+ repeat: |
|
|
+ if (!nlen) { |
|
|
+ error = -ENOTDIR; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (get_user(n, name)) { |
|
|
+ error = -EFAULT; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ for ( ; table->ctl_name; table++) { |
|
|
+ if (n == table->ctl_name || table->ctl_name == CTL_ANY) { |
|
|
+ int pos = strlen(buffer); |
|
|
+ const char *cp = table->procname; |
|
|
+ error = -ENOMEM; |
|
|
+ if (cp) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '/'; |
|
|
+ while (*cp) { |
|
|
+ const unsigned char c |
|
|
+ = *(const unsigned char *) cp; |
|
|
+ if (c == '\\') { |
|
|
+ if (pos + 2 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ } else if (c > ' ' && c < 127) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = c; |
|
|
+ } else { |
|
|
+ if (pos + 4 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = (c >> 6) + '0'; |
|
|
+ buffer[pos++] = ((c >> 3) & 7) |
|
|
+ + '0'; |
|
|
+ buffer[pos++] = (c & 7) + '0'; |
|
|
+ } |
|
|
+ cp++; |
|
|
+ } |
|
|
+ } else { |
|
|
+ /* Assume nobody assigns "=\$=" for procname. */ |
|
|
+ snprintf(buffer + pos, PAGE_SIZE - pos - 1, |
|
|
+ "/=%d=", table->ctl_name); |
|
|
+ if (!memchr(buffer, '\0', PAGE_SIZE - 2)) |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (table->child) { |
|
|
+ if (table->strategy) { |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ if (ccs_check_file_perm(buffer, op, |
|
|
+ "sysctl")) { |
|
|
+ error = -EPERM; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ name++; |
|
|
+ nlen--; |
|
|
+ table = table->child; |
|
|
+ goto repeat; |
|
|
+ } |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ error = ccs_check_file_perm(buffer, op, "sysctl"); |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ error = -ENOTDIR; |
|
|
+ out: |
|
|
+ kfree(buffer); |
|
|
+ return error; |
|
|
+} |
|
|
+/***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp, |
|
|
void __user *newval, size_t newlen) |
|
|
{ |
|
|
@@ -1133,6 +1230,11 @@ int do_sysctl(int __user *name, int nlen |
|
1140 |
|
|
1141 |
spin_unlock(&sysctl_lock); |
spin_unlock(&sysctl_lock); |
1142 |
|
|
1143 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
1144 |
+ error = try_parse_table(name, nlen, oldval, newval, |
+ error = ccs_parse_table(name, nlen, oldval, newval, |
1145 |
+ head->ctl_table); |
+ head->ctl_table); |
1146 |
+ if (!error) |
+ if (!error) |
1147 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1148 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
1149 |
newval, newlen, head->ctl_table, |
newval, newlen, head->ctl_table, |
1150 |
&context); |
&context); |
1151 |
@@ -1205,6 +1307,15 @@ repeat: |
@@ -1205,6 +1213,15 @@ repeat: |
1152 |
if (ctl_perm(table, 001)) |
if (ctl_perm(table, 001)) |
1153 |
return -EPERM; |
return -EPERM; |
1154 |
if (table->strategy) { |
if (table->strategy) { |