SOURCES (LINUX_2_6): kernel-apparmor-after-grsec_full.patch - pldized
zbyniu
zbyniu at pld-linux.org
Wed Oct 29 23:30:26 CET 2008
Author: zbyniu Date: Wed Oct 29 22:30:26 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- pldized
---- Files affected:
SOURCES:
kernel-apparmor-after-grsec_full.patch (1.1 -> 1.1.2.1)
---- Diffs:
================================================================
Index: SOURCES/kernel-apparmor-after-grsec_full.patch
diff -u SOURCES/kernel-apparmor-after-grsec_full.patch:1.1 SOURCES/kernel-apparmor-after-grsec_full.patch:1.1.2.1
--- SOURCES/kernel-apparmor-after-grsec_full.patch:1.1 Wed Oct 29 23:27:53 2008
+++ SOURCES/kernel-apparmor-after-grsec_full.patch Wed Oct 29 23:30:20 2008
@@ -1,6 +1,6 @@
diff -uprN linux-2.6.27./fs/afs/dir.c linux-2.6.27/fs/afs/dir.c
--- linux-2.6.27./fs/afs/dir.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/afs/dir.c 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/afs/dir.c 2008-10-29 02:02:01.686215981 +0100
@@ -45,6 +45,7 @@ const struct file_operations afs_dir_fil
.release = afs_release,
.readdir = afs_readdir,
@@ -11,7 +11,7 @@
const struct inode_operations afs_dir_inode_operations = {
diff -uprN linux-2.6.27./fs/afs/file.c linux-2.6.27/fs/afs/file.c
--- linux-2.6.27./fs/afs/file.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/afs/file.c 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/afs/file.c 2008-10-29 02:02:01.718012026 +0100
@@ -36,6 +36,7 @@ const struct file_operations afs_file_op
.fsync = afs_fsync,
.lock = afs_lock,
@@ -22,7 +22,7 @@
const struct inode_operations afs_file_inode_operations = {
diff -uprN linux-2.6.27./fs/afs/inode.c linux-2.6.27/fs/afs/inode.c
--- linux-2.6.27./fs/afs/inode.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/afs/inode.c 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/afs/inode.c 2008-10-29 02:02:01.732673766 +0100
@@ -358,7 +358,8 @@ void afs_clear_inode(struct inode *inode
/*
* set the attributes of an inode
@@ -68,7 +68,7 @@
+}
diff -uprN linux-2.6.27./fs/afs/internal.h linux-2.6.27/fs/afs/internal.h
--- linux-2.6.27./fs/afs/internal.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/afs/internal.h 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/afs/internal.h 2008-10-29 02:02:01.752698408 +0100
@@ -548,6 +548,7 @@ extern void afs_zap_data(struct afs_vnod
extern int afs_validate(struct afs_vnode *, struct key *);
extern int afs_getattr(struct vfsmount *, struct dentry *, struct kstat *);
@@ -79,7 +79,7 @@
/*
diff -uprN linux-2.6.27./fs/attr.c linux-2.6.27/fs/attr.c
--- linux-2.6.27./fs/attr.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/attr.c 2008-10-29 14:28:53.289441230 +0100
++++ linux-2.6.27/fs/attr.c 2008-10-29 02:02:01.899339282 +0100
@@ -100,7 +100,8 @@ int inode_setattr(struct inode * inode,
}
EXPORT_SYMBOL(inode_setattr);
@@ -138,7 +138,7 @@
EXPORT_SYMBOL(notify_change);
diff -uprN linux-2.6.27./fs/dcache.c linux-2.6.27/fs/dcache.c
--- linux-2.6.27./fs/dcache.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/dcache.c 2008-10-29 14:28:53.279441727 +0100
++++ linux-2.6.27/fs/dcache.c 2008-10-29 02:02:01.602672110 +0100
@@ -1897,44 +1897,46 @@ static int prepend_name(char **buffer, i
* @root: root vfsmnt/dentry (may be modified by this function)
* @buffer: buffer to return value in
@@ -336,7 +336,7 @@
path_put(&pwd);
diff -uprN linux-2.6.27./fs/ecryptfs/inode.c linux-2.6.27/fs/ecryptfs/inode.c
--- linux-2.6.27./fs/ecryptfs/inode.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/ecryptfs/inode.c 2008-10-29 14:28:53.242566343 +0100
++++ linux-2.6.27/fs/ecryptfs/inode.c 2008-10-29 02:02:00.779549727 +0100
@@ -403,19 +403,24 @@ static int ecryptfs_link(struct dentry *
struct dentry *new_dentry)
{
@@ -506,7 +506,7 @@
fsstack_copy_attr_all(inode, lower_inode, NULL);
diff -uprN linux-2.6.27./fs/exec.c linux-2.6.27/fs/exec.c
--- linux-2.6.27./fs/exec.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/exec.c 2008-10-29 14:28:53.172364339 +0100
++++ linux-2.6.27/fs/exec.c 2008-10-29 02:01:59.319416030 +0100
@@ -1827,7 +1827,8 @@ int do_coredump(long signr, int exit_cod
goto close_fail;
if (!file->f_op->write)
@@ -519,7 +519,7 @@
retval = binfmt->core_dump(signr, regs, file, core_limit);
diff -uprN linux-2.6.27./fs/fat/file.c linux-2.6.27/fs/fat/file.c
--- linux-2.6.27./fs/fat/file.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/fat/file.c 2008-10-29 14:28:53.175696536 +0100
++++ linux-2.6.27/fs/fat/file.c 2008-10-29 02:01:59.500590545 +0100
@@ -98,7 +98,7 @@ int fat_generic_ioctl(struct inode *inod
* out the RO attribute for checking by the security
* module, just because it maps to a file mode.
@@ -531,7 +531,7 @@
diff -uprN linux-2.6.27./fs/fuse/dir.c linux-2.6.27/fs/fuse/dir.c
--- linux-2.6.27./fs/fuse/dir.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/fuse/dir.c 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/fuse/dir.c 2008-10-29 02:02:01.786146390 +0100
@@ -1105,21 +1105,22 @@ static int fuse_dir_fsync(struct file *f
return file ? fuse_fsync_common(file, de, datasync, 1) : 0;
}
@@ -601,7 +601,7 @@
static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry,
diff -uprN linux-2.6.27./fs/fuse/file.c linux-2.6.27/fs/fuse/file.c
--- linux-2.6.27./fs/fuse/file.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/fuse/file.c 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/fuse/file.c 2008-10-29 02:02:01.819442233 +0100
@@ -1465,6 +1465,11 @@ static loff_t fuse_file_llseek(struct fi
return retval;
}
@@ -632,7 +632,7 @@
diff -uprN linux-2.6.27./fs/fuse/fuse_i.h linux-2.6.27/fs/fuse/fuse_i.h
--- linux-2.6.27./fs/fuse/fuse_i.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/fuse/fuse_i.h 2008-10-29 14:28:53.282780285 +0100
++++ linux-2.6.27/fs/fuse/fuse_i.h 2008-10-29 02:02:01.849340465 +0100
@@ -551,6 +551,10 @@ void fuse_truncate(struct address_space
*/
int fuse_dev_init(void);
@@ -646,7 +646,7 @@
*/
diff -uprN linux-2.6.27./fs/hpfs/namei.c linux-2.6.27/fs/hpfs/namei.c
--- linux-2.6.27./fs/hpfs/namei.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/hpfs/namei.c 2008-10-29 14:28:53.172364339 +0100
++++ linux-2.6.27/fs/hpfs/namei.c 2008-10-29 02:01:59.336012786 +0100
@@ -426,7 +426,7 @@ again:
/*printk("HPFS: truncating file before delete.\n");*/
newattrs.ia_size = 0;
@@ -658,7 +658,7 @@
goto again;
diff -uprN linux-2.6.27./fs/inotify_user.c linux-2.6.27/fs/inotify_user.c
--- linux-2.6.27./fs/inotify_user.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/inotify_user.c 2008-10-29 14:28:53.306108405 +0100
++++ linux-2.6.27/fs/inotify_user.c 2008-10-29 02:02:02.186081701 +0100
@@ -372,7 +372,7 @@ static int find_inode(const char __user
if (error)
return error;
@@ -670,7 +670,7 @@
return error;
diff -uprN linux-2.6.27./fs/namei.c linux-2.6.27/fs/namei.c
--- linux-2.6.27./fs/namei.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/namei.c 2008-10-29 14:28:53.309441302 +0100
++++ linux-2.6.27/fs/namei.c 2008-10-29 02:02:02.266214852 +0100
@@ -227,7 +227,7 @@ int generic_permission(struct inode *ino
return -EACCES;
}
@@ -943,9 +943,9 @@
goto exit2;
- error = vfs_unlink(nd.path.dentry->d_inode, dentry);
+ error = vfs_unlink(nd.path.dentry->d_inode, dentry, nd.path.mnt);
+ if (!error && (saved_ino || saved_dev))
+ gr_handle_delete(saved_ino, saved_dev);
mnt_drop_write(nd.path.mnt);
- exit2:
- dput(dentry);
@@ -2313,7 +2329,8 @@ asmlinkage long sys_unlink(const char __
return do_unlinkat(AT_FDCWD, pathname);
}
@@ -971,9 +971,9 @@
goto out_dput;
- error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
+ error = vfs_symlink(nd.path.dentry->d_inode, dentry, nd.path.mnt, from);
+ if (!error)
+ gr_handle_create(dentry, nd.path.mnt);
mnt_drop_write(nd.path.mnt);
- out_dput:
- dput(dentry);
@@ -2377,7 +2394,7 @@ asmlinkage long sys_symlink(const char _
return sys_symlinkat(oldname, AT_FDCWD, newname);
}
@@ -1001,9 +1001,9 @@
+ error = vfs_link(old_path.dentry, old_path.mnt,
+ nd.path.dentry->d_inode,
+ new_dentry, nd.path.mnt);
+ if (!error)
+ gr_handle_create(new_dentry, nd.path.mnt);
mnt_drop_write(nd.path.mnt);
- out_dput:
- dput(new_dentry);
@@ -2509,7 +2529,8 @@ asmlinkage long sys_link(const char __us
* locking].
*/
@@ -1062,9 +1062,9 @@
- error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
+ error = vfs_rename_other(old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
+
if (!error) {
const char *new_name = old_dentry->d_name.name;
- fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
@@ -2688,8 +2715,8 @@ asmlinkage long sys_renameat(int olddfd,
error = mnt_want_write(oldnd.path.mnt);
if (error)
@@ -1073,9 +1073,9 @@
- new_dir->d_inode, new_dentry);
+ error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.path.mnt,
+ new_dir->d_inode, new_dentry, newnd.path.mnt);
- mnt_drop_write(oldnd.path.mnt);
- exit5:
- dput(new_dentry);
+ if (!error)
+ gr_handle_rename(old_dir->d_inode, newnd.path.dentry->d_inode, old_dentry,
+ new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
@@ -2857,6 +2884,7 @@ EXPORT_SYMBOL(page_symlink_inode_operati
EXPORT_SYMBOL(path_lookup);
EXPORT_SYMBOL(vfs_path_lookup);
@@ -1086,7 +1086,7 @@
EXPORT_SYMBOL(unlock_rename);
diff -uprN linux-2.6.27./fs/namespace.c linux-2.6.27/fs/namespace.c
--- linux-2.6.27./fs/namespace.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/namespace.c 2008-10-29 14:28:53.279441727 +0100
++++ linux-2.6.27/fs/namespace.c 2008-10-29 02:02:01.636213710 +0100
@@ -2352,3 +2352,33 @@ void __put_mnt_ns(struct mnt_namespace *
release_mounts(&umount_list);
kfree(ns);
@@ -1123,7 +1123,7 @@
+EXPORT_SYMBOL(d_namespace_path);
diff -uprN linux-2.6.27./fs/nfsd/nfs4recover.c linux-2.6.27/fs/nfsd/nfs4recover.c
--- linux-2.6.27./fs/nfsd/nfs4recover.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/nfsd/nfs4recover.c 2008-10-29 14:28:53.232566922 +0100
++++ linux-2.6.27/fs/nfsd/nfs4recover.c 2008-10-29 02:02:00.593071537 +0100
@@ -158,7 +158,8 @@ nfsd4_create_clid_dir(struct nfs4_client
status = mnt_want_write(rec_dir.path.mnt);
if (status)
@@ -1154,7 +1154,7 @@
}
diff -uprN linux-2.6.27./fs/nfsd/nfs4xdr.c linux-2.6.27/fs/nfsd/nfs4xdr.c
--- linux-2.6.27./fs/nfsd/nfs4xdr.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/nfsd/nfs4xdr.c 2008-10-29 14:28:53.256107551 +0100
++++ linux-2.6.27/fs/nfsd/nfs4xdr.c 2008-10-29 02:02:01.146006994 +0100
@@ -1446,7 +1446,7 @@ nfsd4_encode_fattr(struct svc_fh *fhp, s
}
if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
@@ -1166,7 +1166,7 @@
if (err == -EOPNOTSUPP)
diff -uprN linux-2.6.27./fs/nfsd/vfs.c linux-2.6.27/fs/nfsd/vfs.c
--- linux-2.6.27./fs/nfsd/vfs.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/nfsd/vfs.c 2008-10-29 14:28:53.289441230 +0100
++++ linux-2.6.27/fs/nfsd/vfs.c 2008-10-29 02:02:01.949479311 +0100
@@ -388,7 +388,7 @@ nfsd_setattr(struct svc_rqst *rqstp, str
err = nfserr_notsync;
if (!check_guard || guardtime == inode->i_ctime.tv_sec) {
@@ -1525,7 +1525,7 @@
kfree(value);
diff -uprN linux-2.6.27./fs/open.c linux-2.6.27/fs/open.c
--- linux-2.6.27./fs/open.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/open.c 2008-10-29 14:28:53.306108405 +0100
++++ linux-2.6.27/fs/open.c 2008-10-29 02:02:02.243218277 +0100
@@ -197,8 +197,8 @@ out:
return error;
}
@@ -1609,9 +1609,9 @@
- error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
+ error = path_permission(&file->f_path, MAY_EXEC | MAY_ACCESS);
- if (!error)
- set_fs_pwd(current->fs, &file->f_path);
- out_putf:
+
+ if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
+ error = -EPERM;
@@ -564,7 +564,7 @@ asmlinkage long sys_chroot(const char __
if (error)
goto out;
@@ -1645,7 +1645,7 @@
return sys_fchmodat(AT_FDCWD, filename, mode);
}
--static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
+-static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
+static int chown_common(struct dentry * dentry, struct vfsmount *mnt,
+ uid_t user, gid_t group, struct file *file)
{
@@ -1665,29 +1665,29 @@
return error;
@@ -685,7 +689,7 @@ asmlinkage long sys_chown(const char __u
- error = mnt_want_write(path.mnt);
- if (error)
- goto out_release;
-- error = chown_common(path.dentry, user, group);
-+ error = chown_common(path.dentry, path.mnt, user, group, NULL);
+ error = cow_check_and_break(&path);
+ if (!error)
+ #endif
+- error = chown_common(path.dentry, user, group, path.mnt);
++ error = chown_common(path.dentry, path.mnt, user, group, NULL);
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
@@ -710,7 +714,7 @@ asmlinkage long sys_fchownat(int dfd, co
- error = mnt_want_write(path.mnt);
- if (error)
- goto out_release;
-- error = chown_common(path.dentry, user, group);
-+ error = chown_common(path.dentry, path.mnt, user, group, NULL);
+ error = cow_check_and_break(&path);
+ if (!error)
+ #endif
+- error = chown_common(path.dentry, user, group, path.mnt);
++ error = chown_common(path.dentry, path.mnt, user, group, NULL);
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
@@ -729,7 +733,7 @@ asmlinkage long sys_lchown(const char __
- error = mnt_want_write(path.mnt);
- if (error)
- goto out_release;
-- error = chown_common(path.dentry, user, group);
-+ error = chown_common(path.dentry, path.mnt, user, group, NULL);
+ error = cow_check_and_break(&path);
+ if (!error)
+ #endif
+- error = chown_common(path.dentry, user, group, path.mnt);
++ error = chown_common(path.dentry, path.mnt, user, group, NULL);
mnt_drop_write(path.mnt);
out_release:
path_put(&path);
@@ -1695,14 +1695,14 @@
goto out_fput;
dentry = file->f_path.dentry;
audit_inode(NULL, dentry);
-- error = chown_common(dentry, user, group);
+- error = chown_common(dentry, user, group, file->f_path.mnt);
+ error = chown_common(dentry, file->f_path.mnt, user, group, file);
mnt_drop_write(file->f_path.mnt);
out_fput:
fput(file);
diff -uprN linux-2.6.27./fs/reiserfs/xattr.c linux-2.6.27/fs/reiserfs/xattr.c
--- linux-2.6.27./fs/reiserfs/xattr.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/reiserfs/xattr.c 2008-10-29 14:28:53.222566406 +0100
++++ linux-2.6.27/fs/reiserfs/xattr.c 2008-10-29 02:02:00.436006183 +0100
@@ -459,7 +459,7 @@ reiserfs_xattr_set(struct inode *inode,
newattrs.ia_size = buffer_size;
newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
@@ -1741,7 +1741,7 @@
out_dir:
diff -uprN linux-2.6.27./fs/seq_file.c linux-2.6.27/fs/seq_file.c
--- linux-2.6.27./fs/seq_file.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/seq_file.c 2008-10-29 14:28:53.279441727 +0100
++++ linux-2.6.27/fs/seq_file.c 2008-10-29 02:02:01.616216002 +0100
@@ -412,9 +412,7 @@ int seq_path_root(struct seq_file *m, st
char *s = m->buf + m->count;
char *p;
@@ -1755,7 +1755,7 @@
s = mangle_path(s, p, esc);
diff -uprN linux-2.6.27./fs/stat.c linux-2.6.27/fs/stat.c
--- linux-2.6.27./fs/stat.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/stat.c 2008-10-29 14:28:53.205900152 +0100
++++ linux-2.6.27/fs/stat.c 2008-10-29 02:02:00.123187352 +0100
@@ -306,7 +306,7 @@ asmlinkage long sys_readlinkat(int dfd,
error = -EINVAL;
@@ -1767,7 +1767,7 @@
error = inode->i_op->readlink(path.dentry,
diff -uprN linux-2.6.27./fs/utimes.c linux-2.6.27/fs/utimes.c
--- linux-2.6.27./fs/utimes.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/utimes.c 2008-10-29 14:28:53.286112985 +0100
++++ linux-2.6.27/fs/utimes.c 2008-10-29 02:02:01.893015871 +0100
@@ -48,7 +48,8 @@ static bool nsec_valid(long nsec)
return nsec >= 0 && nsec <= 999999999;
}
@@ -1807,7 +1807,7 @@
diff -uprN linux-2.6.27./fs/xattr.c linux-2.6.27/fs/xattr.c
--- linux-2.6.27./fs/xattr.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/fs/xattr.c 2008-10-29 14:28:53.292774801 +0100
++++ linux-2.6.27/fs/xattr.c 2008-10-29 02:02:01.962882939 +0100
@@ -67,8 +67,8 @@ xattr_permission(struct inode *inode, co
}
@@ -2091,7 +2091,7 @@
fput(f);
diff -uprN linux-2.6.27./include/linux/audit.h linux-2.6.27/include/linux/audit.h
--- linux-2.6.27./include/linux/audit.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/audit.h 2008-10-29 14:28:53.309441302 +0100
++++ linux-2.6.27/include/linux/audit.h 2008-10-29 02:02:02.266214852 +0100
@@ -33,7 +33,7 @@
* 1200 - 1299 messages internal to the audit daemon
* 1300 - 1399 audit event messages
@@ -2127,7 +2127,7 @@
__attribute__((format(printf,2,3)));
diff -uprN linux-2.6.27./include/linux/dcache.h linux-2.6.27/include/linux/dcache.h
--- linux-2.6.27./include/linux/dcache.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/dcache.h 2008-10-29 14:28:53.279441727 +0100
++++ linux-2.6.27/include/linux/dcache.h 2008-10-29 02:02:01.634722088 +0100
@@ -299,9 +299,12 @@ extern int d_validate(struct dentry *, s
/*
* helper function for dentry_operations.d_dname() members
@@ -2144,7 +2144,7 @@
diff -uprN linux-2.6.27./include/linux/fs.h linux-2.6.27/include/linux/fs.h
--- linux-2.6.27./include/linux/fs.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/fs.h 2008-10-29 14:28:53.306108405 +0100
++++ linux-2.6.27/include/linux/fs.h 2008-10-29 02:02:02.264908196 +0100
@@ -361,6 +361,10 @@ struct iattr {
* Not an attribute, but an auxilary info for filesystems wanting to
* implement an ftruncate() like method. NOTE: filesystem should
@@ -2220,7 +2220,7 @@
int (*check_acl)(struct inode *, int));
diff -uprN linux-2.6.27./include/linux/mount.h linux-2.6.27/include/linux/mount.h
--- linux-2.6.27./include/linux/mount.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/mount.h 2008-10-29 14:28:53.279441727 +0100
++++ linux-2.6.27/include/linux/mount.h 2008-10-29 02:02:01.674077632 +0100
@@ -114,4 +114,6 @@ extern void mark_mounts_for_expiry(struc
extern spinlock_t vfsmount_lock;
extern dev_t name_to_dev_t(char *name);
@@ -2230,7 +2230,7 @@
#endif /* _LINUX_MOUNT_H */
diff -uprN linux-2.6.27./include/linux/nfsd/nfsd.h linux-2.6.27/include/linux/nfsd/nfsd.h
--- linux-2.6.27./include/linux/nfsd/nfsd.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/nfsd/nfsd.h 2008-10-29 14:28:53.259441865 +0100
++++ linux-2.6.27/include/linux/nfsd/nfsd.h 2008-10-29 02:02:01.216214540 +0100
@@ -85,7 +85,8 @@ __be32 nfsd_setattr(struct svc_rqst *,
#ifdef CONFIG_NFSD_V4
__be32 nfsd4_set_nfs4_acl(struct svc_rqst *, struct svc_fh *,
@@ -2243,7 +2243,7 @@
char *name, int len, struct iattr *attrs,
diff -uprN linux-2.6.27./include/linux/security.h linux-2.6.27/include/linux/security.h
--- linux-2.6.27./include/linux/security.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/security.h 2008-10-29 14:28:53.302774553 +0100
++++ linux-2.6.27/include/linux/security.h 2008-10-29 02:02:02.149345476 +0100
@@ -54,9 +54,11 @@ extern void cap_capset_set(struct task_s
extern int cap_bprm_set_security(struct linux_binprm *bprm);
extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
@@ -2675,7 +2675,7 @@
return 0;
diff -uprN linux-2.6.27./include/linux/sysctl.h linux-2.6.27/include/linux/sysctl.h
--- linux-2.6.27./include/linux/sysctl.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/sysctl.h 2008-10-29 14:28:53.299441785 +0100
++++ linux-2.6.27/include/linux/sysctl.h 2008-10-29 02:02:02.110260164 +0100
@@ -996,6 +996,8 @@ extern int proc_doulongvec_minmax(struct
extern int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int,
struct file *, void __user *, size_t *, loff_t *);
@@ -2687,7 +2687,7 @@
void __user *newval, size_t newlen);
diff -uprN linux-2.6.27./include/linux/xattr.h linux-2.6.27/include/linux/xattr.h
--- linux-2.6.27./include/linux/xattr.h 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/include/linux/xattr.h 2008-10-29 14:28:53.292774801 +0100
++++ linux-2.6.27/include/linux/xattr.h 2008-10-29 02:02:01.996215347 +0100
@@ -16,6 +16,8 @@
#ifdef __KERNEL__
@@ -2714,7 +2714,7 @@
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
diff -uprN linux-2.6.27./ipc/mqueue.c linux-2.6.27/ipc/mqueue.c
--- linux-2.6.27./ipc/mqueue.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/ipc/mqueue.c 2008-10-29 14:28:53.232566922 +0100
++++ linux-2.6.27/ipc/mqueue.c 2008-10-29 02:02:00.652678045 +0100
@@ -745,7 +745,7 @@ asmlinkage long sys_mq_unlink(const char
err = mnt_want_write(mqueue_mnt);
if (err)
@@ -2726,7 +2726,7 @@
dput(dentry);
diff -uprN linux-2.6.27./kernel/audit.c linux-2.6.27/kernel/audit.c
--- linux-2.6.27./kernel/audit.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/kernel/audit.c 2008-10-29 14:28:53.309441302 +0100
++++ linux-2.6.27/kernel/audit.c 2008-10-29 02:02:02.282882034 +0100
@@ -1231,8 +1231,7 @@ static inline int audit_expand(struct au
* will be called a second time. Currently, we assume that a printk
* can't format message larger than 1024 bytes, so we don't either.
@@ -2746,7 +2746,7 @@
+EXPORT_SYMBOL_GPL(audit_log_d_path);
diff -uprN linux-2.6.27./kernel/cgroup.c linux-2.6.27/kernel/cgroup.c
--- linux-2.6.27./kernel/cgroup.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/kernel/cgroup.c 2008-10-29 14:28:53.185696851 +0100
++++ linux-2.6.27/kernel/cgroup.c 2008-10-29 02:01:59.706048714 +0100
@@ -2905,7 +2905,7 @@ int cgroup_clone(struct task_struct *tsk
}
@@ -2758,7 +2758,7 @@
if (ret) {
diff -uprN linux-2.6.27./kernel/sysctl.c linux-2.6.27/kernel/sysctl.c
--- linux-2.6.27./kernel/sysctl.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/kernel/sysctl.c 2008-10-29 14:28:53.299441785 +0100
++++ linux-2.6.27/kernel/sysctl.c 2008-10-29 02:02:02.130590271 +0100
@@ -1506,6 +1506,33 @@ void register_sysctl_root(struct ctl_tab
spin_unlock(&sysctl_lock);
}
@@ -2795,7 +2795,7 @@
static int do_sysctl_strategy(struct ctl_table_root *root,
diff -uprN linux-2.6.27./mm/filemap.c linux-2.6.27/mm/filemap.c
--- linux-2.6.27./mm/filemap.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/mm/filemap.c 2008-10-29 14:28:53.175696536 +0100
++++ linux-2.6.27/mm/filemap.c 2008-10-29 02:01:59.480174096 +0100
@@ -1760,12 +1760,12 @@ int should_remove_suid(struct dentry *de
}
EXPORT_SYMBOL(should_remove_suid);
@@ -2822,11 +2822,11 @@
}
diff -uprN linux-2.6.27./net/unix/af_unix.c linux-2.6.27/net/unix/af_unix.c
--- linux-2.6.27./net/unix/af_unix.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/net/unix/af_unix.c 2008-10-29 14:28:53.192566383 +0100
++++ linux-2.6.27/net/unix/af_unix.c 2008-10-29 02:01:59.886248280 +0100
@@ -827,7 +827,8 @@ static int unix_bind(struct socket *sock
- err = mnt_want_write(nd.path.mnt);
- if (err)
goto out_mknod_dput;
+ }
+
- err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
+ err = vfs_mknod(nd.path.dentry->d_inode, dentry, nd.path.mnt,
+ mode, 0);
@@ -2835,7 +2835,7 @@
goto out_mknod_dput;
diff -uprN linux-2.6.27./security/Kconfig linux-2.6.27/security/Kconfig
--- linux-2.6.27./security/Kconfig 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/Kconfig 2008-10-29 14:28:53.322775050 +0100
++++ linux-2.6.27/security/Kconfig 2008-10-29 02:02:02.502672932 +0100
@@ -117,6 +117,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
source security/selinux/Kconfig
@@ -2846,7 +2846,7 @@
diff -uprN linux-2.6.27./security/Makefile linux-2.6.27/security/Makefile
--- linux-2.6.27./security/Makefile 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/Makefile 2008-10-29 14:28:53.322775050 +0100
++++ linux-2.6.27/security/Makefile 2008-10-29 02:02:02.512881631 +0100
@@ -14,5 +14,6 @@ obj-$(CONFIG_SECURITY) += security.o c
# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
@@ -8508,7 +8508,7 @@
+}
diff -uprN linux-2.6.27./security/capability.c linux-2.6.27/security/capability.c
--- linux-2.6.27./security/capability.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/capability.c 2008-10-29 14:28:53.302774553 +0100
++++ linux-2.6.27/security/capability.c 2008-10-29 02:02:02.169338920 +0100
@@ -155,52 +155,56 @@ static int cap_inode_init_security(struc
}
@@ -8632,7 +8632,7 @@
set_to_cap_if_null(ops, task_free_security);
diff -uprN linux-2.6.27./security/commoncap.c linux-2.6.27/security/commoncap.c
--- linux-2.6.27./security/commoncap.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/commoncap.c 2008-10-29 14:28:53.296107952 +0100
++++ linux-2.6.27/security/commoncap.c 2008-10-29 02:02:02.043175933 +0100
@@ -411,8 +411,9 @@ int cap_bprm_secureexec (struct linux_bi
current->egid != current->gid);
}
@@ -8657,7 +8657,7 @@
if (!capable(CAP_SETFCAP))
diff -uprN linux-2.6.27./security/security.c linux-2.6.27/security/security.c
--- linux-2.6.27./security/security.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/security.c 2008-10-29 14:28:53.332780504 +0100
++++ linux-2.6.27/security/security.c 2008-10-29 02:02:02.706853503 +0100
@@ -358,72 +358,81 @@ int security_inode_init_security(struct
}
EXPORT_SYMBOL(security_inode_init_security);
@@ -8854,7 +8854,7 @@
return security_ops->task_create(clone_flags);
diff -uprN linux-2.6.27./security/selinux/hooks.c linux-2.6.27/security/selinux/hooks.c
--- linux-2.6.27./security/selinux/hooks.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/selinux/hooks.c 2008-10-29 14:28:53.299441785 +0100
++++ linux-2.6.27/security/selinux/hooks.c 2008-10-29 02:02:02.147048695 +0100
@@ -1811,40 +1811,16 @@ static int selinux_capable(struct task_s
static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
@@ -9058,7 +9058,7 @@
return selinux_inode_setotherxattr(dentry, name);
diff -uprN linux-2.6.27./security/smack/smack_lsm.c linux-2.6.27/security/smack/smack_lsm.c
--- linux-2.6.27./security/smack/smack_lsm.c 2008-10-10 00:13:53.000000000 +0200
-+++ linux-2.6.27/security/smack/smack_lsm.c 2008-10-29 14:28:53.296107952 +0100
++++ linux-2.6.27/security/smack/smack_lsm.c 2008-10-29 02:02:02.110260164 +0100
@@ -432,8 +432,9 @@ static int smack_inode_init_security(str
*
* Returns 0 if access is permitted, an error code otherwise
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-apparmor-after-grsec_full.patch?r1=1.1&r2=1.1.2.1&f=u
More information about the pld-cvs-commit
mailing list