packages: kernel/kernel-apparmor.patch, kernel/kernel.spec - apparmor updat...
arekm
arekm at pld-linux.org
Fri Sep 11 08:41:57 CEST 2009
Author: arekm Date: Fri Sep 11 06:41:57 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- apparmor updated to latest version seen in ubuntu kernel
---- Files affected:
packages/kernel:
kernel-apparmor.patch (1.4 -> 1.5) , kernel.spec (1.701 -> 1.702)
---- Diffs:
================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.4 packages/kernel/kernel-apparmor.patch:1.5
--- packages/kernel/kernel-apparmor.patch:1.4 Tue Jul 21 19:14:14 2009
+++ packages/kernel/kernel-apparmor.patch Fri Sep 11 08:41:52 2009
@@ -1,8 +1,7 @@
-diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index fd5cac0..88e2115 100644
---- a/Documentation/kernel-parameters.txt
-+++ b/Documentation/kernel-parameters.txt
-@@ -90,6 +90,7 @@ parameter is applicable:
+diff -urN linux-2.6.31.org/Documentation/kernel-parameters.txt linux-2.6.31/Documentation/kernel-parameters.txt
+--- linux-2.6.31.org/Documentation/kernel-parameters.txt 2009-09-10 00:13:59.000000000 +0200
++++ linux-2.6.31/Documentation/kernel-parameters.txt 2009-09-10 22:17:58.000000000 +0200
+@@ -90,6 +90,7 @@
A lot of drivers has their options described inside of
Documentation/scsi/.
SECURITY Different security models are enabled.
@@ -10,10 +9,9 @@
SELINUX SELinux support is enabled.
SERIAL Serial support is enabled.
SH SuperH architecture is enabled.
-diff --git a/include/linux/audit.h b/include/linux/audit.h
-index 4fa2810..9f87073 100644
---- a/include/linux/audit.h
-+++ b/include/linux/audit.h
+diff -urN linux-2.6.31.org/include/linux/audit.h linux-2.6.31/include/linux/audit.h
+--- linux-2.6.31.org/include/linux/audit.h 2009-09-10 00:13:59.000000000 +0200
++++ linux-2.6.31/include/linux/audit.h 2009-09-10 22:18:05.000000000 +0200
@@ -33,7 +33,7 @@
* 1200 - 1299 messages internal to the audit daemon
* 1300 - 1399 audit event messages
@@ -38,149 +36,10 @@
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
-diff --git a/security/Kconfig b/security/Kconfig
-index bb24477..739fbb0 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -60,6 +60,15 @@ config SECURITYFS
-
- If you are unsure how to answer this question, answer N.
-
-+config SECURITY_DEFAULT
-+ string "Default security module"
-+ depends on SECURITY
-+ default ""
-+ help
-+ This determines the security module used if the security=
-+ boot parmater is not provided. If a security module is not
-+ specified the first module to register will be used.
-+
- config SECURITY_NETWORK
- bool "Socket and Networking Security Hooks"
- depends on SECURITY
-@@ -136,6 +145,7 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
- source security/selinux/Kconfig
- source security/smack/Kconfig
- source security/tomoyo/Kconfig
-+source security/apparmor/Kconfig
-
- source security/integrity/ima/Kconfig
-
-diff --git a/security/Makefile b/security/Makefile
-index fa77021..60aa7c5 100644
---- a/security/Makefile
-+++ b/security/Makefile
-@@ -6,6 +6,7 @@ obj-$(CONFIG_KEYS) += keys/
- subdir-$(CONFIG_SECURITY_SELINUX) += selinux
- subdir-$(CONFIG_SECURITY_SMACK) += smack
- subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
-+subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
-
- # always enable default capabilities
- obj-y += commoncap.o
-@@ -17,6 +18,7 @@ obj-$(CONFIG_SECURITYFS) += inode.o
- obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
- obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
- obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
-+obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
- obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
- obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
-
-diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
-new file mode 100644
-index 0000000..0f7ba5e
---- /dev/null
-+++ b/security/apparmor/Kconfig
-@@ -0,0 +1,53 @@
-+config SECURITY_APPARMOR
-+ bool "AppArmor support"
-+ depends on SECURITY && SECURITY_NETWORK && NET && INET
-+ select AUDIT
-+ select SECURITY_PATH
-+ select SECURITYFS
-+ default n
-+ help
-+ This enables the AppArmor security module.
-+ Required userspace tools (if they are not included in your
-+ distribution) and further information may be found at
-+ <http://forge.novell.com/modules/xfmod/project/?apparmor>
-+
-+ If you are unsure how to answer this question, answer N.
-+
-+config SECURITY_APPARMOR_NETWORK
-+ bool "AppArmor network support"
-+ depends on SECURITY_APPARMOR
-+ default n
-+ help
-+ This enables AppArmor to mediate applications network use.
-+ This will enable the SECURITY_NETWORK hooks.
-+
-+config SECURITY_APPARMOR_BOOTPARAM_VALUE
-+ int "AppArmor boot parameter default value"
-+ depends on SECURITY_APPARMOR
-+ range 0 1
-+ default 1
-+ help
-+ This option sets the default value for the kernel parameter
-+ 'apparmor', which allows AppArmor to be enabled or disabled
-+ at boot. If this option is set to 0 (zero), the AppArmor
-+ kernel parameter will default to 0, disabling AppArmor at
-+ bootup. If this option is set to 1 (one), the AppArmor
-+ kernel parameter will default to 1, enabling AppArmor at
-+ bootup.
-+
-+ If you are unsure how to answer this question, answer 1.
-+
-+config SECURITY_APPARMOR_DISABLE
-+ bool "AppArmor runtime disable"
-+ depends on SECURITY_APPARMOR
-+ default n
-+ help
-+ This option enables writing to a apparmorfs node 'disable', which
-+ allows AppArmor to be disabled at runtime prior to the policy load.
-+ AppArmor will then remain disabled until the next boot.
-+ This option is similar to the apparmor.enabled=0 boot parameter,
-+ but is to support runtime disabling of AppArmor, e.g. from
-+ /sbin/init, for portability across platforms where boot
-+ parameters are difficult to employ.
-+
-+ If you are unsure how to answer this question, answer N.
-diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
-new file mode 100644
-index 0000000..6e186ce
---- /dev/null
-+++ b/security/apparmor/Makefile
-@@ -0,0 +1,24 @@
-+# Makefile for AppArmor Linux Security Module
-+#
-+obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
-+
-+apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
-+ path.o domain.o policy.o policy_interface.o procattr.o lsm.o \
-+ resource.o sid.o file.o
-+
-+apparmor-$(CONFIG_SECURITY_APPARMOR_NETWORK) += net.o
-+
-+clean-files: capability_names.h af_names.h
-+
-+quiet_cmd_make-caps = GEN $@
-+cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
-+
-+quiet_cmd_make-af = GEN $@
-+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ; sed -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "s/^\#define[ \\t]\\+AF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
-+
-+$(obj)/capability.o : $(obj)/capability_names.h
-+$(obj)/net.o : $(obj)/af_names.h
-+$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
-+ $(call cmd,make-caps)
-+$(obj)/af_names.h : $(srctree)/include/linux/socket.h
-+ $(call cmd,make-af)
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-new file mode 100644
-index 0000000..02ba36f
---- /dev/null
-+++ b/security/apparmor/apparmorfs.c
-@@ -0,0 +1,395 @@
+diff -urN linux-2.6.31.org/security/apparmor/apparmorfs.c linux-2.6.31/security/apparmor/apparmorfs.c
+--- linux-2.6.31.org/security/apparmor/apparmorfs.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/apparmorfs.c 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,391 @@
+/*
+ * AppArmor security module
+ *
@@ -257,34 +116,30 @@
+
+static struct aa_profile *next_profile(struct aa_profile *profile)
+{
-+ struct aa_profile *next = profile;
-+ struct aa_namespace *ns;
-+
-+ if (!list_empty(&profile->base.profiles)) {
-+ list_for_each_entry(next, &profile->base.profiles, base.list)
-+ return next;
-+ }
++ struct aa_profile *parent;
++ struct aa_namespace *ns = profile->ns;
+
-+ while (profile->parent) {
-+ next = profile->parent;
-+ list_for_each_entry_continue(next,
-+ &profile->parent->base.profiles,
++ if (!list_empty(&profile->base.profiles))
++ return list_first_entry(&profile->base.profiles,
++ struct aa_profile, base.list);
++
++ parent = profile->parent;
++ while (parent) {
++ list_for_each_entry_continue(profile, &parent->base.profiles,
+ base.list)
-+ return next;
-+ profile = profile->parent;
++ return profile;
++ profile = parent;
++ parent = parent->parent;
+ }
+
-+ next = profile;
-+ list_for_each_entry_continue(next, &profile->ns->base.profiles,
-+ base.list)
-+ return next;
++ list_for_each_entry_continue(profile, &ns->base.profiles, base.list)
++ return profile;
+
-+ ns = profile->ns;
+ read_unlock(&ns->base.lock);
+ list_for_each_entry_continue(ns, &ns_list, base.list) {
+ read_lock(&ns->base.lock);
-+ list_for_each_entry(profile, &ns->base.profiles, base.list)
-+ return profile;
++ return list_first_entry(&ns->base.profiles, struct aa_profile,
++ base.list);
+ read_unlock(&ns->base.lock);
+ }
+ return NULL;
@@ -576,12 +431,10 @@
+
+fs_initcall(create_apparmorfs);
+
-diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
-new file mode 100644
-index 0000000..834a4f5
---- /dev/null
-+++ b/security/apparmor/audit.c
-@@ -0,0 +1,151 @@
+diff -urN linux-2.6.31.org/security/apparmor/audit.c linux-2.6.31/security/apparmor/audit.c
+--- linux-2.6.31.org/security/apparmor/audit.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/audit.c 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,153 @@
+/*
+ * AppArmor security module
+ *
@@ -698,9 +551,11 @@
+ audit_cxt = g_apparmor_logsyscall ? current->audit_context : NULL;
+
+ if (type == AUDIT_APPARMOR_AUTO) {
-+ if (likely(!sa->error))
++ if (likely(!sa->error)) {
++ if (PROFILE_AUDIT_MODE(profile) != AUDIT_ALL)
++ return 0;
+ type = AUDIT_APPARMOR_AUDIT;
-+ else if (PROFILE_COMPLAIN(profile))
++ } else if (PROFILE_COMPLAIN(profile))
+ type = AUDIT_APPARMOR_ALLOWED;
+ else
+ type = AUDIT_APPARMOR_DENIED;
@@ -733,12 +588,10 @@
+ return aa_audit_base(AUDIT_APPARMOR_DENIED, profile, &sa,
+ current->audit_context, NULL);
+}
-diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
-new file mode 100644
-index 0000000..79097e8
---- /dev/null
-+++ b/security/apparmor/capability.c
-@@ -0,0 +1,121 @@
+diff -urN linux-2.6.31.org/security/apparmor/capability.c linux-2.6.31/security/apparmor/capability.c
+--- linux-2.6.31.org/security/apparmor/capability.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/capability.c 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,122 @@
+/*
+ * AppArmor security module
+ *
@@ -799,6 +652,7 @@
+ if (likely((PROFILE_AUDIT_MODE(profile) != AUDIT_ALL) &&
+ !cap_raised(profile->caps.audit, sa->cap)))
+ return 0;
++ type = AUDIT_APPARMOR_AUDIT;
+ } else if (PROFILE_KILL(profile) ||
+ cap_raised(profile->caps.kill, sa->cap)) {
+ type = AUDIT_APPARMOR_KILL;
@@ -860,11 +714,9 @@
+
+ return aa_audit_caps(profile, &sa);
+}
-diff --git a/security/apparmor/context.c b/security/apparmor/context.c
-new file mode 100644
-index 0000000..02e0b70
---- /dev/null
-+++ b/security/apparmor/context.c
+diff -urN linux-2.6.31.org/security/apparmor/context.c linux-2.6.31/security/apparmor/context.c
+--- linux-2.6.31.org/security/apparmor/context.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/context.c 2009-09-10 22:18:06.000000000 +0200
@@ -0,0 +1,209 @@
+/*
+ * AppArmor security module
@@ -1075,12 +927,10 @@
+ commit_creds(new);
+ return 0;
+}
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-new file mode 100644
-index 0000000..34f337c
---- /dev/null
-+++ b/security/apparmor/domain.c
-@@ -0,0 +1,699 @@
+diff -urN linux-2.6.31.org/security/apparmor/domain.c linux-2.6.31/security/apparmor/domain.c
+--- linux-2.6.31.org/security/apparmor/domain.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/domain.c 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,704 @@
+/*
+ * AppArmor security module
+ *
@@ -1099,9 +949,9 @@
+#include <linux/fdtable.h>
+#include <linux/file.h>
+#include <linux/mount.h>
-+#include <linux/personality.h>
+#include <linux/syscalls.h>
+#include <linux/tracehook.h>
++#include <linux/personality.h>
+
+#include "include/audit.h"
+#include "include/apparmorfs.h"
@@ -1173,8 +1023,11 @@
+ perms.allowed = AA_MAY_CHANGE_PROFILE;
+ perms.xindex = perms.dindex = 0;
+ perms.audit = perms.quiet = perms.kill = 0;
-+ *rstate = 0;
++ if (rstate)
++ *rstate = 0;
+ return perms;
++ } else if (!profile->file.dfa) {
++ return nullperms;
+ } else if ((ns == profile->ns)) {
+ /* try matching against rules with out namespace prependend */
+ perms = aa_str_perms(profile->file.dfa, DFA_START, name, &cond,
@@ -1184,9 +1037,6 @@
+ }
+
+ /* try matching with namespace name and then profile */
-+ if (!profile->file.dfa)
-+ return nullperms;
-+
+ state = aa_dfa_match(profile->file.dfa, DFA_START, ns->base.name);
+ state = aa_dfa_null_transition(profile->file.dfa, state);
+ return aa_str_perms(profile->file.dfa, state, name, &cond, rstate);
@@ -1240,7 +1090,12 @@
+ /* fail exec unless ix || ux fallback - handled by caller */
+ return ERR_PTR(-EACCES);
+ case AA_X_NAME:
-+ break;
++ if (xindex & AA_X_CHILD)
++ new_profile = aa_sys_find_attach(&profile->base, name);
++ else
++ new_profile = aa_sys_find_attach(&ns->base, name);
++
++ goto out;
+ case AA_X_TABLE:
+ if (index > profile->file.trans.size) {
+ AA_ERROR("Invalid named transition\n");
@@ -1286,6 +1141,7 @@
+ aa_put_namespace(new_ns);
+ }
+
++out:
+ if (!new_profile)
+ return ERR_PTR(-ENOENT);
+
@@ -1334,7 +1190,7 @@
+
+ if (!profile) {
+ /* unconfined task - attach profile if one matches */
-+ new_profile = aa_sys_find_attach(ns, sa.name);
++ new_profile = aa_sys_find_attach(&ns->base, sa.name);
+ if (!new_profile)
+ goto cleanup;
+ goto apply;
@@ -1420,7 +1276,7 @@
+apply:
+ sa.name2 = new_profile->fqname;
+ /* When switching namespace ensure its part of audit message */
-+ if (new_profile->ns != profile->ns)
++ if (new_profile->ns != ns)
+ sa.name3 = new_profile->ns->base.name;
+
+ /* when transitioning profiles clear unsafe personality bits */
@@ -1702,12 +1558,12 @@
+ struct aa_profile *profile, *target = NULL;
+ struct aa_namespace *ns = NULL;
+ struct aa_audit_file sa;
-+ char *name = NULL;
+
-+ if (!name && !ns_name)
++ if (!fqname && !ns_name)
+ return -EINVAL;
+
+ memset(&sa, 0, sizeof(sa));
++ sa.request = AA_MAY_CHANGE_PROFILE;
+ sa.base.gfp_mask = GFP_KERNEL;
+ if (onexec)
+ sa.base.operation = "change_onexec";
@@ -1716,11 +1572,9 @@
+
+ cred = aa_current_policy(&profile);
+ cxt = cred->security;
-+ ns = aa_get_namespace(cxt->sys.profile->ns);
+
+ if (ns_name) {
+ sa.name2 = ns_name;
-+ aa_put_namespace(ns);
+ ns = aa_find_namespace(ns_name);
+ if (!ns) {
+ /* we don't create new namespace in complain mode */
@@ -1728,8 +1582,10 @@
+ sa.base.error = -ENOENT;
+ goto audit;
+ }
-+ } else
++ } else {
++ ns = aa_get_namespace(cxt->sys.profile->ns);
+ sa.name2 = ns->base.name;
++ }
+
+ /* if the name was not specified, use the name of the current profile */
+ if (!fqname) {
@@ -1741,7 +1597,6 @@
+ sa.name = fqname;
+
+ sa.perms = change_profile_perms(profile, ns, fqname, NULL);
-+
+ if (!(sa.perms.allowed & AA_MAY_CHANGE_PROFILE)) {
+ sa.base.error = -EACCES;
+ goto audit;
@@ -1780,12 +1635,10 @@
+
+ return sa.base.error;
+}
-diff --git a/security/apparmor/file.c b/security/apparmor/file.c
-new file mode 100644
-index 0000000..fdade01
---- /dev/null
-+++ b/security/apparmor/file.c
-@@ -0,0 +1,425 @@
+diff -urN linux-2.6.31.org/security/apparmor/file.c linux-2.6.31/security/apparmor/file.c
+--- linux-2.6.31.org/security/apparmor/file.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/file.c 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,426 @@
+/*
+ * AppArmor security module
+ *
@@ -1925,6 +1778,7 @@
+
+ if (likely(!sa->request))
+ return 0;
++ type = AUDIT_APPARMOR_AUDIT;
+ } else {
+ /* quiet auditing of specific known rejects */
+ u16 mask = sa->perms.quiet;
@@ -1979,7 +1833,7 @@
+ perms.allowed |= AA_LINK_SUBSET;
+
+ /* change_profile wasn't determined by ownership in old mapping */
-+ if (ACCEPT_TABLE2(dfa)[state] & 0x80000000)
++ if (ACCEPT_TABLE(dfa)[state] & 0x80000000)
+ perms.allowed |= AA_MAY_CHANGE_PROFILE;
+
+ return perms;
@@ -2211,11 +2065,37 @@
+ kfree(buffer);
+ return error;
+}
-diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
-new file mode 100644
-index 0000000..fbbc961
---- /dev/null
-+++ b/security/apparmor/include/apparmor.h
+diff -urN linux-2.6.31.org/security/apparmor/include/apparmorfs.h linux-2.6.31/security/apparmor/include/apparmorfs.h
+--- linux-2.6.31.org/security/apparmor/include/apparmorfs.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/include/apparmorfs.h 2009-09-10 22:18:06.000000000 +0200
+@@ -0,0 +1,24 @@
++/*
++ * AppArmor security module
++ *
++ * This file contains AppArmor filesystem definitions.
++ *
++ * Copyright (C) 1998-2008 Novell/SUSE
++ * Copyright 2009 Canonical Ltd.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation, version 2 of the
++ * License.
++ */
++
++#ifndef __AA_APPARMORFS_H
++#define __AA_APPARMORFS_H
++
++extern struct dentry *apparmorfs_null;
++extern struct vfsmount *apparmorfs_mnt;
++
++extern int create_apparmorfs(void);
++extern void destroy_apparmorfs(void);
++
++#endif /* __AA_APPARMORFS_H */
+diff -urN linux-2.6.31.org/security/apparmor/include/apparmor.h linux-2.6.31/security/apparmor/include/apparmor.h
+--- linux-2.6.31.org/security/apparmor/include/apparmor.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/include/apparmor.h 2009-09-10 22:18:06.000000000 +0200
@@ -0,0 +1,65 @@
+/*
+ * AppArmor security module
@@ -2282,41 +2162,9 @@
+
+#endif /* __APPARMOR_H */
+
-diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
-new file mode 100644
-index 0000000..1af7723
---- /dev/null
-+++ b/security/apparmor/include/apparmorfs.h
-@@ -0,0 +1,24 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor filesystem definitions.
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#ifndef __AA_APPARMORFS_H
-+#define __AA_APPARMORFS_H
-+
-+extern struct dentry *apparmorfs_null;
-+extern struct vfsmount *apparmorfs_mnt;
-+
-+extern int create_apparmorfs(void);
-+extern void destroy_apparmorfs(void);
-+
-+#endif /* __AA_APPARMORFS_H */
-diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
-new file mode 100644
-index 0000000..2180dd7
---- /dev/null
-+++ b/security/apparmor/include/audit.h
+diff -urN linux-2.6.31.org/security/apparmor/include/audit.h linux-2.6.31/security/apparmor/include/audit.h
+--- linux-2.6.31.org/security/apparmor/include/audit.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/include/audit.h 2009-09-10 22:18:06.000000000 +0200
@@ -0,0 +1,59 @@
+/*
+ * AppArmor security module
@@ -2377,11 +2225,9 @@
+
+
+#endif /* __AA_AUDIT_H */
-diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
-new file mode 100644
-index 0000000..43bb7eb
---- /dev/null
-+++ b/security/apparmor/include/capability.h
+diff -urN linux-2.6.31.org/security/apparmor/include/capability.h linux-2.6.31/security/apparmor/include/capability.h
+--- linux-2.6.31.org/security/apparmor/include/capability.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/include/capability.h 2009-09-10 22:18:06.000000000 +0200
@@ -0,0 +1,45 @@
+/*
+ * AppArmor security module
@@ -2428,11 +2274,9 @@
+}
+
+#endif /* __AA_CAPBILITY_H */
-diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h
-new file mode 100644
-index 0000000..202a66a
---- /dev/null
-+++ b/security/apparmor/include/context.h
+diff -urN linux-2.6.31.org/security/apparmor/include/context.h linux-2.6.31/security/apparmor/include/context.h
+--- linux-2.6.31.org/security/apparmor/include/context.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.31/security/apparmor/include/context.h 2009-09-10 22:18:06.000000000 +0200
@@ -0,0 +1,153 @@
+/*
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.4&r2=1.5&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.701&r2=1.702&f=u
More information about the pld-cvs-commit
mailing list