9 |
fs/compat.c | 3 ++- |
fs/compat.c | 3 ++- |
10 |
fs/compat_ioctl.c | 3 +++ |
fs/compat_ioctl.c | 3 +++ |
11 |
fs/exec.c | 12 +++++++++++- |
fs/exec.c | 12 +++++++++++- |
12 |
fs/fcntl.c | 4 ++++ |
fs/fcntl.c | 5 +++++ |
13 |
fs/ioctl.c | 3 +++ |
fs/ioctl.c | 3 +++ |
14 |
fs/namei.c | 34 +++++++++++++++++++++++++++++++++- |
fs/namei.c | 34 +++++++++++++++++++++++++++++++++- |
15 |
fs/namespace.c | 9 +++++++++ |
fs/namespace.c | 9 +++++++++ |
38 |
net/unix/af_unix.c | 9 +++++++++ |
net/unix/af_unix.c | 9 +++++++++ |
39 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
40 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
41 |
36 files changed, 256 insertions(+), 11 deletions(-) |
36 files changed, 257 insertions(+), 11 deletions(-) |
42 |
|
|
43 |
--- linux-2.6.25.20-0.7.orig/arch/ia64/ia32/sys_ia32.c |
--- linux-2.6.25.20-0.7.orig/arch/ia64/ia32/sys_ia32.c |
44 |
+++ linux-2.6.25.20-0.7/arch/ia64/ia32/sys_ia32.c |
+++ linux-2.6.25.20-0.7/arch/ia64/ia32/sys_ia32.c |
206 |
|
|
207 |
void set_close_on_exec(unsigned int fd, int flag) |
void set_close_on_exec(unsigned int fd, int flag) |
208 |
{ |
{ |
209 |
@@ -217,6 +218,9 @@ static int setfl(int fd, struct file * f |
@@ -397,6 +398,8 @@ asmlinkage long sys_fcntl(unsigned int f |
210 |
if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode)) |
goto out; |
|
return -EPERM; |
|
211 |
|
|
212 |
+ if (((arg ^ filp->f_flags) & O_APPEND) && ccs_rewrite_permission(filp)) |
err = security_file_fcntl(filp, cmd, arg); |
213 |
+ return -EPERM; |
+ if (!err) |
214 |
+ |
+ err = ccs_fcntl_permission(filp, cmd, arg); |
215 |
/* O_NOATIME can only be set by the owner or superuser */ |
if (err) { |
216 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
fput(filp); |
217 |
if (!is_owner_or_cap(inode)) |
return err; |
218 |
|
@@ -421,6 +424,8 @@ asmlinkage long sys_fcntl64(unsigned int |
219 |
|
goto out; |
220 |
|
|
221 |
|
err = security_file_fcntl(filp, cmd, arg); |
222 |
|
+ if (!err) |
223 |
|
+ err = ccs_fcntl_permission(filp, cmd, arg); |
224 |
|
if (err) { |
225 |
|
fput(filp); |
226 |
|
return err; |
227 |
--- linux-2.6.25.20-0.7.orig/fs/ioctl.c |
--- linux-2.6.25.20-0.7.orig/fs/ioctl.c |
228 |
+++ linux-2.6.25.20-0.7/fs/ioctl.c |
+++ linux-2.6.25.20-0.7/fs/ioctl.c |
229 |
@@ -15,6 +15,7 @@ |
@@ -15,6 +15,7 @@ |