5 |
fs/compat.c | 3 ++- |
fs/compat.c | 3 ++- |
6 |
fs/compat_ioctl.c | 3 +++ |
fs/compat_ioctl.c | 3 +++ |
7 |
fs/exec.c | 3 ++- |
fs/exec.c | 3 ++- |
8 |
fs/fcntl.c | 4 ++++ |
fs/fcntl.c | 5 +++++ |
9 |
fs/ioctl.c | 3 +++ |
fs/ioctl.c | 3 +++ |
10 |
fs/namei.c | 37 +++++++++++++++++++++++++++++++++++++ |
fs/namei.c | 37 +++++++++++++++++++++++++++++++++++++ |
11 |
fs/namespace.c | 9 +++++++++ |
fs/namespace.c | 9 +++++++++ |
34 |
net/unix/af_unix.c | 10 ++++++++++ |
net/unix/af_unix.c | 10 ++++++++++ |
35 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
36 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
37 |
32 files changed, 247 insertions(+), 11 deletions(-) |
32 files changed, 248 insertions(+), 11 deletions(-) |
38 |
|
|
39 |
--- linux-2.6.31.14-0.1.1.orig/fs/compat.c |
--- linux-2.6.31.14-0.1.1.orig/fs/compat.c |
40 |
+++ linux-2.6.31.14-0.1.1/fs/compat.c |
+++ linux-2.6.31.14-0.1.1/fs/compat.c |
103 |
|
|
104 |
void set_close_on_exec(unsigned int fd, int flag) |
void set_close_on_exec(unsigned int fd, int flag) |
105 |
{ |
{ |
106 |
@@ -156,6 +157,9 @@ static int setfl(int fd, struct file * f |
@@ -349,6 +350,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd, |
107 |
if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode)) |
goto out; |
108 |
return -EPERM; |
|
109 |
|
err = security_file_fcntl(filp, cmd, arg); |
110 |
+ if (((arg ^ filp->f_flags) & O_APPEND) && ccs_rewrite_permission(filp)) |
+ if (!err) |
111 |
+ return -EPERM; |
+ err = ccs_fcntl_permission(filp, cmd, arg); |
112 |
+ |
if (err) { |
113 |
/* O_NOATIME can only be set by the owner or superuser */ |
fput(filp); |
114 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
return err; |
115 |
if (!is_owner_or_cap(inode)) |
@@ -374,6 +377,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f |
116 |
|
goto out; |
117 |
|
|
118 |
|
err = security_file_fcntl(filp, cmd, arg); |
119 |
|
+ if (!err) |
120 |
|
+ err = ccs_fcntl_permission(filp, cmd, arg); |
121 |
|
if (err) { |
122 |
|
fput(filp); |
123 |
|
return err; |
124 |
--- linux-2.6.31.14-0.1.1.orig/fs/ioctl.c |
--- linux-2.6.31.14-0.1.1.orig/fs/ioctl.c |
125 |
+++ linux-2.6.31.14-0.1.1/fs/ioctl.c |
+++ linux-2.6.31.14-0.1.1/fs/ioctl.c |
126 |
@@ -18,6 +18,7 @@ |
@@ -18,6 +18,7 @@ |