--- trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.32-ubuntu-10.04.diff	2010/10/07 07:10:07	4048
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.32-ubuntu-10.04.diff	2010/10/07 07:14:01	4049
@@ -5,7 +5,7 @@
  fs/compat.c                     |    3 ++-
  fs/compat_ioctl.c               |    3 +++
  fs/exec.c                       |    3 ++-
- fs/fcntl.c                      |    4 ++++
+ fs/fcntl.c                      |    5 +++++
  fs/ioctl.c                      |    3 +++
  fs/namei.c                      |   37 +++++++++++++++++++++++++++++++++++++
  fs/namespace.c                  |    9 +++++++++
@@ -34,7 +34,7 @@
  net/unix/af_unix.c              |   10 ++++++++++
  security/Kconfig                |    2 ++
  security/Makefile               |    3 +++
- 32 files changed, 238 insertions(+), 11 deletions(-)
+ 32 files changed, 239 insertions(+), 11 deletions(-)
 
 --- linux-2.6.32-25.44.orig/fs/compat.c
 +++ linux-2.6.32-25.44/fs/compat.c
@@ -103,16 +103,24 @@
  
  void set_close_on_exec(unsigned int fd, int flag)
  {
-@@ -156,6 +157,9 @@ static int setfl(int fd, struct file * f
- 	if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
- 		return -EPERM;
- 
-+	if (((arg ^ filp->f_flags) & O_APPEND) && ccs_rewrite_permission(filp))
-+		return -EPERM;
-+
- 	/* O_NOATIME can only be set by the owner or superuser */
- 	if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
- 		if (!is_owner_or_cap(inode))
+@@ -428,6 +429,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
+ 		goto out;
+ 
+ 	err = security_file_fcntl(filp, cmd, arg);
++	if (!err)
++		err = ccs_fcntl_permission(filp, cmd, arg);
+ 	if (err) {
+ 		fput(filp);
+ 		return err;
+@@ -453,6 +456,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f
+ 		goto out;
+ 
+ 	err = security_file_fcntl(filp, cmd, arg);
++	if (!err)
++		err = ccs_fcntl_permission(filp, cmd, arg);
+ 	if (err) {
+ 		fput(filp);
+ 		return err;
 --- linux-2.6.32-25.44.orig/fs/ioctl.c
 +++ linux-2.6.32-25.44/fs/ioctl.c
 @@ -18,6 +18,7 @@