14 |
arch/x86_64/ia32/ptrace32.c | 7 ++++ |
arch/x86_64/ia32/ptrace32.c | 7 ++++ |
15 |
fs/Kconfig | 2 + |
fs/Kconfig | 2 + |
16 |
fs/Makefile | 2 + |
fs/Makefile | 2 + |
17 |
fs/attr.c | 19 ++++++++++++ |
fs/attr.c | 11 +++++++ |
18 |
fs/compat.c | 15 +++++++++- |
fs/compat.c | 15 +++++++++- |
19 |
fs/exec.c | 18 +++++++++++- |
fs/exec.c | 18 +++++++++++- |
20 |
fs/fcntl.c | 9 ++++++ |
fs/fcntl.c | 9 ++++++ |
45 |
net/ipv6/udp.c | 19 ++++++++++++ |
net/ipv6/udp.c | 19 ++++++++++++ |
46 |
net/socket.c | 43 +++++++++++++++++++++++++++- |
net/socket.c | 43 +++++++++++++++++++++++++++- |
47 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
48 |
43 files changed, 549 insertions(+), 9 deletions(-) |
43 files changed, 541 insertions(+), 9 deletions(-) |
49 |
|
|
50 |
--- linux-2.6.18-24etch2.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.18-24etch2.orig/arch/alpha/kernel/ptrace.c |
51 |
+++ linux-2.6.18-24etch2/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.18-24etch2/arch/alpha/kernel/ptrace.c |
311 |
|
|
312 |
/* Taken over from the old code... */ |
/* Taken over from the old code... */ |
313 |
|
|
314 |
@@ -145,12 +148,28 @@ int notify_change(struct dentry * dentry |
@@ -145,12 +148,20 @@ int notify_change(struct dentry * dentry |
315 |
|
|
316 |
if (inode->i_op && inode->i_op->setattr) { |
if (inode->i_op && inode->i_op->setattr) { |
317 |
error = security_inode_setattr(dentry, attr); |
error = security_inode_setattr(dentry, attr); |
318 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
319 |
+ if (!error && (ia_valid & ATTR_MODE) && |
+ if (!error) |
320 |
+ !ccs_capable(CCS_SYS_CHMOD)) |
+ error = ccs_check_setattr_permission(dentry, attr); |
|
+ error = -EPERM; |
|
|
+ if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) && |
|
|
+ !ccs_capable(CCS_SYS_CHOWN)) |
|
|
+ error = -EPERM; |
|
321 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
322 |
if (!error) |
if (!error) |
323 |
error = inode->i_op->setattr(dentry, attr); |
error = inode->i_op->setattr(dentry, attr); |
326 |
if (!error) |
if (!error) |
327 |
error = security_inode_setattr(dentry, attr); |
error = security_inode_setattr(dentry, attr); |
328 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
329 |
+ if (!error && (ia_valid & ATTR_MODE) && |
+ if (!error) |
330 |
+ !ccs_capable(CCS_SYS_CHMOD)) |
+ error = ccs_check_setattr_permission(dentry, attr); |
|
+ error = -EPERM; |
|
|
+ if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) && |
|
|
+ !ccs_capable(CCS_SYS_CHOWN)) |
|
|
+ error = -EPERM; |
|
331 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
332 |
if (!error) { |
if (!error) { |
333 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |