Author: adamg Date: Sun Feb 15 11:35:33 2009 GMT Module: SOURCES Tag: HEAD ---- Log message: - new
---- Files affected: SOURCES: kernel-tomoyo-with-apparmor.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/kernel-tomoyo-with-apparmor.patch diff -u /dev/null SOURCES/kernel-tomoyo-with-apparmor.patch:1.1 --- /dev/null Sun Feb 15 12:35:34 2009 +++ SOURCES/kernel-tomoyo-with-apparmor.patch Sun Feb 15 12:35:28 2009 @@ -0,0 +1,1382 @@ +This is TOMOYO Linux patch for kernel 2.6.28.2. + +Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.2.tar.bz2 +--- + fs/Kconfig | 2 + fs/Makefile | 2 + fs/attr.c | 10 +++ + fs/compat.c | 5 + + fs/compat_ioctl.c | 9 +++ + fs/exec.c | 21 ++++++- + fs/fcntl.c | 9 +++ + fs/ioctl.c | 7 ++ + fs/namei.c | 120 ++++++++++++++++++++++++++++++++++++++++ + fs/namespace.c | 49 ++++++++++++++++ + fs/open.c | 28 +++++++++ + fs/proc/Makefile | 3 + + fs/proc/version.c | 11 +++ + include/linux/init_task.h | 4 + + include/linux/sched.h | 9 +++ + kernel/compat.c | 7 ++ + kernel/kexec.c | 7 ++ + kernel/kmod.c | 5 + + kernel/module.c | 11 +++ + kernel/ptrace.c | 15 +++++ + kernel/sched.c | 7 ++ + kernel/signal.c | 21 +++++++ + kernel/sys.c | 21 +++++++ + kernel/sysctl.c | 95 +++++++++++++++++++++++++++++++ + kernel/time.c | 11 +++ + kernel/time/ntp.c | 11 +++ + net/core/datagram.c | 11 +++ + net/ipv4/inet_connection_sock.c | 7 ++ + net/ipv4/inet_hashtables.c | 7 ++ + net/ipv4/udp.c | 9 ++- + net/socket.c | 41 +++++++++++++ + net/unix/af_unix.c | 15 +++++ + 32 files changed, 587 insertions(+), 3 deletions(-) + +--- linux-2.6.28.2.orig/fs/Kconfig ++++ linux-2.6.28.2/fs/Kconfig +@@ -1557,4 +1557,6 @@ endif + source "fs/nls/Kconfig" + source "fs/dlm/Kconfig" + ++source "fs/Kconfig.ccs" ++ + endmenu +--- linux-2.6.28.2.orig/fs/Makefile ++++ linux-2.6.28.2/fs/Makefile +@@ -122,3 +122,5 @@ obj-$(CONFIG_HPPFS) += hppfs/ + obj-$(CONFIG_DEBUG_FS) += debugfs/ + obj-$(CONFIG_OCFS2_FS) += ocfs2/ + obj-$(CONFIG_GFS2_FS) += gfs2/ ++ ++include $(srctree)/fs/Makefile-2.6.ccs +--- linux-2.6.28.2.orig/fs/attr.c ++++ linux-2.6.28.2/fs/attr.c +@@ -14,6 +14,9 @@ + #include <linux/proc_fs.h> + #include <linux/devpts_fs.h> + #include <linux/vs_tag.h> ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + /* Taken over from the old code... */ + +@@ -162,6 +165,13 @@ int notify_change(struct dentry * dentry + error = security_inode_setattr(dentry, attr); + if (error) + return error; ++ /***** TOMOYO Linux start. *****/ ++ if ((ia_valid & ATTR_MODE) && !ccs_capable(TOMOYO_SYS_CHMOD)) ++ return -EPERM; ++ if ((ia_valid & (ATTR_UID | ATTR_GID)) && ++ !ccs_capable(TOMOYO_SYS_CHOWN)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + if (ia_valid & ATTR_SIZE) + down_write(&dentry->d_inode->i_alloc_sem); +--- linux-2.6.28.2.orig/fs/compat.c ++++ linux-2.6.28.2/fs/compat.c +@@ -56,6 +56,9 @@ + #include <asm/mmu_context.h> + #include <asm/ioctls.h> + #include "internal.h" ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + int compat_log = 1; + +@@ -1437,7 +1440,7 @@ int compat_do_execve(char * filename, + if (retval < 0) + goto out; + +- retval = search_binary_handler(bprm, regs); ++ retval = search_binary_handler_with_transition(bprm, regs); + if (retval >= 0) { + /* execve success */ + security_bprm_free(bprm); +--- linux-2.6.28.2.orig/fs/compat_ioctl.c ++++ linux-2.6.28.2/fs/compat_ioctl.c +@@ -113,6 +113,9 @@ + #ifdef CONFIG_SPARC + #include <asm/fbio.h> + #endif ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd, + unsigned long arg, struct file *f) +@@ -2803,6 +2806,12 @@ asmlinkage long compat_sys_ioctl(unsigne + /*FALL THROUGH*/ + + default: ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_IOCTL)) { ++ error = -EPERM; ++ goto out_fput; ++ } ++ /***** TOMOYO Linux end. *****/ + if (filp->f_op && filp->f_op->compat_ioctl) { + error = filp->f_op->compat_ioctl(filp, cmd, arg); + if (error != -ENOIOCTLCMD) +--- linux-2.6.28.2.orig/fs/exec.c ++++ linux-2.6.28.2/fs/exec.c +@@ -61,6 +61,10 @@ + #include <linux/a.out.h> + #endif + ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ ++ + int core_uses_pid; + char core_pattern[CORENAME_MAX_SIZE] = "core"; + int suid_dumpable = 0; +@@ -129,6 +133,12 @@ SYSCALL_DEFINE1(uselib, const char __use + error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); + if (error) + goto exit; ++ /***** TOMOYO Linux start. *****/ ++ /* 01 means "read". */ ++ error = ccs_check_open_permission(nd.path.dentry, nd.path.mnt, 01); ++ if (error) ++ goto exit; ++ /***** TOMOYO Linux end. *****/ + + file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); + error = PTR_ERR(file); +@@ -682,6 +692,15 @@ struct file *open_exec(const char *name) + err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); + if (err) + goto out_path_put; ++ /***** TOMOYO Linux start. *****/ ++ if (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC) { ++ /* 01 means "read". */ ++ err = ccs_check_open_permission(nd.path.dentry, nd.path.mnt, ++ 01); ++ if (err) ++ goto out_path_put; ++ } ++ /***** TOMOYO Linux end. *****/ + + file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); + if (IS_ERR(file)) +@@ -1340,7 +1359,7 @@ int do_execve(char * filename, + goto out; + + current->flags &= ~PF_KTHREAD; +- retval = search_binary_handler(bprm,regs); ++ retval = search_binary_handler_with_transition(bprm, regs); + if (retval >= 0) { + /* execve success */ + security_bprm_free(bprm); +--- linux-2.6.28.2.orig/fs/fcntl.c ++++ linux-2.6.28.2/fs/fcntl.c +@@ -24,6 +24,9 @@ + #include <asm/poll.h> + #include <asm/siginfo.h> + #include <asm/uaccess.h> ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + void set_close_on_exec(unsigned int fd, int flag) + { +@@ -155,6 +158,12 @@ static int setfl(int fd, struct file * f + if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode)) + return -EPERM; + ++ /***** TOMOYO Linux start. *****/ ++ if (((arg ^ filp->f_flags) & O_APPEND) && ++ ccs_check_rewrite_permission(filp)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ ++ + /* O_NOATIME can only be set by the owner or superuser */ + if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) + if (!is_owner_or_cap(inode)) +--- linux-2.6.28.2.orig/fs/ioctl.c ++++ linux-2.6.28.2/fs/ioctl.c +@@ -17,6 +17,9 @@ + #include <linux/buffer_head.h> + + #include <asm/ioctls.h> ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + /* So that the fiemap access checks can't overflow on 32 bit machines. */ + #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) +@@ -40,6 +43,10 @@ static long vfs_ioctl(struct file *filp, + + if (!filp->f_op) + goto out; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_IOCTL)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + if (filp->f_op->unlocked_ioctl) { + error = filp->f_op->unlocked_ioctl(filp, cmd, arg); +--- linux-2.6.28.2.orig/fs/namei.c ++++ linux-2.6.28.2/fs/namei.c +@@ -35,6 +35,10 @@ + + #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) + ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ ++ + /* [Feb-1997 T. Schoebel-Theuer] + * Fundamental changes in the pathname lookup mechanisms (namei) + * were necessary because of omirr. The reason is that omirr needs +@@ -1484,6 +1488,14 @@ int vfs_create(struct inode *dir, struct + error = security_inode_create(dir, dentry, mode); + if (error) + return error; ++ /***** TOMOYO Linux start. *****/ ++ if (nd) { ++ error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry, ++ nd->path.mnt); ++ if (error) ++ return error; ++ } ++ /***** TOMOYO Linux end. *****/ + DQUOT_INIT(dir); + error = dir->i_op->create(dir, dentry, mode, nd); + if (!error) +@@ -1538,6 +1550,13 @@ int may_open(struct nameidata *nd, int a + if (!is_owner_or_cap(inode)) + return -EPERM; + ++ /***** TOMOYO Linux start. *****/ ++ /* includes O_APPEND and O_TRUNC checks */ ++ error = ccs_check_open_permission(dentry, nd->path.mnt, flag); ++ if (error) ++ return error; ++ /***** TOMOYO Linux end. *****/ ++ + /* + * Ensure there are no outstanding leases on the file. + */ +@@ -1594,6 +1613,9 @@ static int __open_namei_create(struct na + return may_open(nd, 0, flag & ~O_TRUNC); + } + ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo_vfs.h> ++/***** TOMOYO Linux end. *****/ + /* + * Note that while the flag value (low two bits) for sys_open means: + * 00 - read-only +@@ -1954,6 +1976,16 @@ int vfs_mknod(struct inode *dir, struct + + static int may_mknod(mode_t mode) + { ++ /***** TOMOYO Linux start. *****/ ++ if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV)) ++ return -EPERM; ++ if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV)) ++ return -EPERM; ++ if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO)) ++ return -EPERM; ++ if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + switch (mode & S_IFMT) { + case S_IFREG: + case S_IFCHR: +@@ -2002,10 +2034,34 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const + error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd); + break; + case S_IFCHR: case S_IFBLK: ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_mknod(nd.path.dentry->d_inode, dentry, ++ mode); ++ if (error) ++ break; ++ error = ccs_check_1path_perm(S_ISCHR(mode) ? ++ TYPE_MKCHAR_ACL : ++ TYPE_MKBLOCK_ACL, ++ dentry, nd.path.mnt); ++ if (error) ++ break; ++ /***** TOMOYO Linux end. *****/ + error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode, + new_decode_dev(dev)); + break; + case S_IFIFO: case S_IFSOCK: ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_mknod(nd.path.dentry->d_inode, dentry, ++ mode); ++ if (error) ++ break; ++ error = ccs_check_1path_perm(S_ISFIFO(mode) ? ++ TYPE_MKFIFO_ACL : ++ TYPE_MKSOCK_ACL, ++ dentry, nd.path.mnt); ++ if (error) ++ break; ++ /***** TOMOYO Linux end. *****/ + error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0); + break; + } +@@ -2068,6 +2124,13 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const + error = mnt_want_write(nd.path.mnt); + if (error) + goto out_dput; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_mkdir(nd.path.dentry->d_inode, dentry); ++ if (!error) ++ error = ccs_check_1path_perm(TYPE_MKDIR_ACL, dentry, ++ nd.path.mnt); ++ if (!error) ++ /***** TOMOYO Linux end. *****/ + error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); + mnt_drop_write(nd.path.mnt); + out_dput: +@@ -2178,6 +2241,13 @@ static long do_rmdir(int dfd, const char + error = mnt_want_write(nd.path.mnt); + if (error) + goto exit3; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_rmdir(nd.path.dentry->d_inode, dentry); ++ if (!error) ++ error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry, ++ nd.path.mnt); ++ if (!error) ++ /***** TOMOYO Linux end. *****/ + error = vfs_rmdir(nd.path.dentry->d_inode, dentry); + mnt_drop_write(nd.path.mnt); + exit3: +@@ -2239,6 +2309,10 @@ static long do_unlinkat(int dfd, const c + struct inode *inode = NULL; + ino_t saved_ino = 0; + dev_t saved_dev = 0; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_UNLINK)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + error = user_path_parent(dfd, pathname, &nd, &name); + if (error) +@@ -2263,6 +2337,13 @@ static long do_unlinkat(int dfd, const c + error = mnt_want_write(nd.path.mnt); + if (error) + goto exit2; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_unlink(nd.path.dentry->d_inode, dentry); ++ if (!error) ++ error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry, ++ nd.path.mnt); ++ if (!error) ++ /***** TOMOYO Linux end. *****/ + error = vfs_unlink(nd.path.dentry->d_inode, dentry); + mnt_drop_write(nd.path.mnt); + exit2: +@@ -2327,6 +2408,10 @@ SYSCALL_DEFINE3(symlinkat, const char __ + char *to; + struct dentry *dentry; + struct nameidata nd; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_SYMLINK)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + from = getname(oldname); + if (IS_ERR(from)) +@@ -2344,6 +2429,13 @@ SYSCALL_DEFINE3(symlinkat, const char __ + error = mnt_want_write(nd.path.mnt); + if (error) + goto out_dput; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_symlink(nd.path.dentry->d_inode, dentry); ++ if (!error) ++ error = ccs_check_1path_perm(TYPE_SYMLINK_ACL, dentry, ++ nd.path.mnt); ++ if (!error) ++ /***** TOMOYO Linux end. *****/ + error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); + mnt_drop_write(nd.path.mnt); + out_dput: +@@ -2420,6 +2512,10 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con + + if ((flags & ~AT_SYMLINK_FOLLOW) != 0) + return -EINVAL; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_LINK)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + error = user_path_at(olddfd, oldname, + flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0, +@@ -2440,6 +2536,15 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con + error = mnt_want_write(nd.path.mnt); + if (error) + goto out_dput; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_link(old_path.dentry, nd.path.dentry->d_inode, ++ new_dentry); ++ if (!error) ++ error = ccs_check_2path_perm(TYPE_LINK_ACL, old_path.dentry, ++ old_path.mnt, new_dentry, ++ nd.path.mnt); ++ if (!error) ++ /***** TOMOYO Linux end. *****/ + error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); + mnt_drop_write(nd.path.mnt); + out_dput: +@@ -2616,6 +2721,10 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c + char *from; + char *to; + int error; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_RENAME)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + error = user_path_parent(olddfd, oldname, &oldnd, &from); + if (error) +@@ -2672,6 +2781,17 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c + error = -ENOTEMPTY; + if (new_dentry == trap) + goto exit5; ++ /***** TOMOYO Linux start. *****/ ++ error = pre_vfs_rename(old_dir->d_inode, old_dentry, ++ new_dir->d_inode, new_dentry); ++ if (error) ++ goto exit5; ++ error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry, ++ oldnd.path.mnt, new_dentry, ++ newnd.path.mnt); ++ if (error) ++ goto exit5; ++ /***** TOMOYO Linux end. *****/ + + error = mnt_want_write(oldnd.path.mnt); + if (error) +--- linux-2.6.28.2.orig/fs/namespace.c ++++ linux-2.6.28.2/fs/namespace.c +@@ -31,6 +31,12 @@ + #include <asm/unistd.h> + #include "pnode.h" + #include "internal.h" ++/***** SAKURA Linux start. *****/ ++#include <linux/sakura.h> ++/***** SAKURA Linux end. *****/ ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + + #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head)) + #define HASH_SIZE (1UL << HASH_SHIFT) +@@ -1041,6 +1047,11 @@ static int do_umount(struct vfsmount *mn + if (retval) + return retval; + ++ /***** SAKURA Linux start. *****/ ++ if (ccs_may_umount(mnt)) ++ return -EPERM; ++ /***** SAKURA Linux end. *****/ ++ + /* + * Allow userspace to request a mountpoint be expired rather than + * unmounting unconditionally. Unmount only happens if: +@@ -1132,6 +1143,10 @@ SYSCALL_DEFINE2(umount, char __user *, n + { + struct path path; + int retval; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_UMOUNT)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + retval = user_path(name, &path); + if (retval) +@@ -1480,6 +1495,11 @@ static int do_loopback(struct path *path + + if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) + goto out; ++ /***** SAKURA Linux start. *****/ ++ err = -EPERM; ++ if (ccs_may_mount(path)) ++ goto out; ++ /***** SAKURA Linux end. *****/ + + err = -ENOMEM; + if (recurse) +@@ -1591,6 +1611,11 @@ static int do_move_mount(struct path *pa + if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) + goto out; + ++ /***** SAKURA Linux start. *****/ ++ err = -EPERM; ++ if (ccs_may_umount(old_path.mnt) || ccs_may_mount(path)) ++ goto out; ++ /***** SAKURA Linux end. *****/ + err = -ENOENT; + mutex_lock(&path->dentry->d_inode->i_mutex); + if (IS_DEADDIR(path->dentry->d_inode)) +@@ -1694,6 +1719,11 @@ int do_add_mount(struct vfsmount *newmnt + err = -EINVAL; + if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) + goto unlock; ++ /***** SAKURA Linux start. *****/ ++ err = -EPERM; ++ if (ccs_may_mount(path)) ++ goto unlock; ++ /***** SAKURA Linux end. *****/ + + newmnt->mnt_flags = mnt_flags; + if ((err = graft_tree(newmnt, path))) +@@ -1917,6 +1947,17 @@ long do_mount(char *dev_name, char *dir_ + if (data_page) + ((char *)data_page)[PAGE_SIZE - 1] = 0; + ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_MOUNT)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ ++ /***** SAKURA Linux start. *****/ ++ retval = ccs_check_mount_permission(dev_name, dir_name, type_page, ++ &flags); ++ if (retval) ++ return retval; ++ /***** SAKURA Linux end. *****/ ++ + /* Separate the per-mountpoint flags */ + if (flags & MS_NOSUID) + mnt_flags |= MNT_NOSUID; +@@ -2180,6 +2221,10 @@ SYSCALL_DEFINE2(pivot_root, const char _ + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ++ /***** TOMOYO Linux start. *****/ ++ if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT)) ++ return -EPERM; ++ /***** TOMOYO Linux end. *****/ + + error = user_path_dir(new_root, &new); + if (error) +@@ -2193,6 +2238,10 @@ SYSCALL_DEFINE2(pivot_root, const char _ + goto out1; + + error = security_sb_pivotroot(&old, &new); ++ /***** SAKURA Linux start. *****/ ++ if (!error) ++ error = ccs_check_pivot_root_permission(&old, &new); ++ /***** SAKURA Linux end. *****/ + if (error) { + path_put(&old); + goto out1; +--- linux-2.6.28.2.orig/fs/open.c ++++ linux-2.6.28.2/fs/open.c +@@ -29,6 +29,12 @@ + #include <linux/vs_tag.h> + #include <linux/vs_cowbl.h> + #include <linux/grsecurity.h> ++/***** SAKURA Linux start. *****/ ++#include <linux/sakura.h> ++/***** SAKURA Linux end. *****/ ++/***** TOMOYO Linux start. *****/ ++#include <linux/tomoyo.h> ++/***** TOMOYO Linux end. *****/ + <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
