オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.21.diff

Diff of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.21.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3556 by kumaneko, Wed Mar 31 04:35:43 2010 UTC revision 3584 by kumaneko, Mon Apr 12 04:23:04 2010 UTC
# Line 17  Source code for this patch is http://www Line 17  Source code for this patch is http://www
17   fs/fcntl.c                      |    4 ++++   fs/fcntl.c                      |    4 ++++
18   fs/ioctl.c                      |    5 +++++   fs/ioctl.c                      |    5 +++++
19   fs/namei.c                      |   31 ++++++++++++++++++++++++++++++-   fs/namei.c                      |   31 ++++++++++++++++++++++++++++++-
20   fs/namespace.c                  |   22 ++++++++++++++++++++++   fs/namespace.c                  |   20 ++++++++++++++++++++
21   fs/open.c                       |   26 ++++++++++++++++++++++++++   fs/open.c                       |   26 ++++++++++++++++++++++++++
22   fs/proc/proc_misc.c             |    1 +   fs/proc/proc_misc.c             |    1 +
23   include/linux/init_task.h       |    9 +++++++++   include/linux/init_task.h       |    9 +++++++++
# Line 44  Source code for this patch is http://www Line 44  Source code for this patch is http://www
44   net/unix/af_unix.c              |    4 ++++   net/unix/af_unix.c              |    4 ++++
45   security/Kconfig                |    2 ++   security/Kconfig                |    2 ++
46   security/Makefile               |    3 +++   security/Makefile               |    3 +++
47   42 files changed, 269 insertions(+), 3 deletions(-)   42 files changed, 267 insertions(+), 3 deletions(-)
48    
49  --- linux-2.6.21.7.orig/arch/alpha/kernel/ptrace.c  --- linux-2.6.21.7.orig/arch/alpha/kernel/ptrace.c
50  +++ linux-2.6.21.7/arch/alpha/kernel/ptrace.c  +++ linux-2.6.21.7/arch/alpha/kernel/ptrace.c
# Line 511  Source code for this patch is http://www Line 511  Source code for this patch is http://www
511          if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))          if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
512                  goto out;                  goto out;
513  +       err = -EPERM;  +       err = -EPERM;
514  +       if (ccs_may_mount(ccs_mkpath(nd)))  +       if (ccs_may_mount(nd))
515  +               goto out;  +               goto out;
516    
517          err = -ENOMEM;          err = -ENOMEM;
# Line 521  Source code for this patch is http://www Line 521  Source code for this patch is http://www
521                  goto out;                  goto out;
522    
523  +       err = -EPERM;  +       err = -EPERM;
524  +       if (ccs_may_mount(ccs_mkpath(nd)))  +       if (ccs_may_mount(nd))
525  +               goto out;  +               goto out;
526          err = -ENOENT;          err = -ENOENT;
527          mutex_lock(&nd->dentry->d_inode->i_mutex);          mutex_lock(&nd->dentry->d_inode->i_mutex);
# Line 531  Source code for this patch is http://www Line 531  Source code for this patch is http://www
531          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
532                  goto unlock;                  goto unlock;
533  +       err = -EPERM;  +       err = -EPERM;
534  +       if (ccs_may_mount(ccs_mkpath(nd)))  +       if (ccs_may_mount(nd))
535  +               goto unlock;  +               goto unlock;
536    
537          newmnt->mnt_flags = mnt_flags;          newmnt->mnt_flags = mnt_flags;
# Line 544  Source code for this patch is http://www Line 544  Source code for this patch is http://www
544          struct nameidata nd;          struct nameidata nd;
545          int retval = 0;          int retval = 0;
546          int mnt_flags = 0;          int mnt_flags = 0;
547  @@ -1417,6 +1432,10 @@ long do_mount(char *dev_name, char *dir_  @@ -1417,6 +1432,9 @@ long do_mount(char *dev_name, char *dir_
548                  return retval;                  return retval;
549    
550          retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);          retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
551  +       if (!retval)  +       if (!retval)
552  +               retval = ccs_mount_permission(dev_name, ccs_mkpath(&nd),  +               retval = ccs_mount_permission(dev_name, &nd, type_page,
553  +                                             type_page, original_flags,  +                                             original_flags, data_page);
 +                                             data_page);  
554          if (retval)          if (retval)
555                  goto dput_out;                  goto dput_out;
556    
557  @@ -1702,6 +1721,9 @@ asmlinkage long sys_pivot_root(const cha  @@ -1702,6 +1720,8 @@ asmlinkage long sys_pivot_root(const cha
558                  goto out1;                  goto out1;
559    
560          error = security_sb_pivotroot(&old_nd, &new_nd);          error = security_sb_pivotroot(&old_nd, &new_nd);
561  +       if (!error)  +       if (!error)
562  +               error = ccs_pivot_root_permission(ccs_mkpath(&old_nd),  +               error = ccs_pivot_root_permission(&old_nd, &new_nd);
 +                                                 ccs_mkpath(&new_nd));  
563          if (error) {          if (error) {
564                  path_release(&old_nd);                  path_release(&old_nd);
565                  goto out1;                  goto out1;
# Line 598  Source code for this patch is http://www Line 596  Source code for this patch is http://www
596          error = -EPERM;          error = -EPERM;
597          if (!capable(CAP_SYS_CHROOT))          if (!capable(CAP_SYS_CHROOT))
598                  goto dput_and_out;                  goto dput_and_out;
599  +       if (ccs_chroot_permission(ccs_mkpath(&nd)))  +       if (ccs_chroot_permission(&nd))
600  +               goto dput_and_out;  +               goto dput_and_out;
601    
602          set_fs_root(current->fs, nd.mnt, nd.dentry);          set_fs_root(current->fs, nd.mnt, nd.dentry);
# Line 684  Source code for this patch is http://www Line 682  Source code for this patch is http://www
682                          entry->proc_fops = &proc_sysrq_trigger_operations;                          entry->proc_fops = &proc_sysrq_trigger_operations;
683          }          }
684   #endif   #endif
685  +       printk(KERN_INFO "Hook version: 2.6.21.7 2010/03/31\n");  +       printk(KERN_INFO "Hook version: 2.6.21.7 2010/04/12\n");
686   }   }
687  --- linux-2.6.21.7.orig/include/linux/init_task.h  --- linux-2.6.21.7.orig/include/linux/init_task.h
688  +++ linux-2.6.21.7/include/linux/init_task.h  +++ linux-2.6.21.7/include/linux/init_task.h
Legend:
Removed from v.3556  
changed lines
  Added in v.3584
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ