36 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
37 |
32 files changed, 233 insertions(+), 3 deletions(-) |
32 files changed, 233 insertions(+), 3 deletions(-) |
38 |
|
|
39 |
--- linux-2.6.32-67.134.orig/fs/compat.c |
--- linux-2.6.32-70.137.orig/fs/compat.c |
40 |
+++ linux-2.6.32-67.134/fs/compat.c |
+++ linux-2.6.32-70.137/fs/compat.c |
41 |
@@ -56,6 +56,7 @@ |
@@ -56,6 +56,7 @@ |
42 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
43 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
55 |
if (retval < 0) |
if (retval < 0) |
56 |
goto out; |
goto out; |
57 |
|
|
58 |
--- linux-2.6.32-67.134.orig/fs/compat_ioctl.c |
--- linux-2.6.32-70.137.orig/fs/compat_ioctl.c |
59 |
+++ linux-2.6.32-67.134/fs/compat_ioctl.c |
+++ linux-2.6.32-70.137/fs/compat_ioctl.c |
60 |
@@ -114,6 +114,7 @@ |
@@ -114,6 +114,7 @@ |
61 |
#ifdef CONFIG_SPARC |
#ifdef CONFIG_SPARC |
62 |
#include <asm/fbio.h> |
#include <asm/fbio.h> |
85 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
86 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
87 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
88 |
--- linux-2.6.32-67.134.orig/fs/exec.c |
--- linux-2.6.32-70.137.orig/fs/exec.c |
89 |
+++ linux-2.6.32-67.134/fs/exec.c |
+++ linux-2.6.32-70.137/fs/exec.c |
90 |
@@ -63,6 +63,7 @@ |
@@ -63,6 +63,7 @@ |
91 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
92 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
104 |
if (retval < 0) |
if (retval < 0) |
105 |
goto out; |
goto out; |
106 |
|
|
107 |
--- linux-2.6.32-67.134.orig/fs/fcntl.c |
--- linux-2.6.32-70.137.orig/fs/fcntl.c |
108 |
+++ linux-2.6.32-67.134/fs/fcntl.c |
+++ linux-2.6.32-70.137/fs/fcntl.c |
109 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
110 |
#include <asm/poll.h> |
#include <asm/poll.h> |
111 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
124 |
/* O_NOATIME can only be set by the owner or superuser */ |
/* O_NOATIME can only be set by the owner or superuser */ |
125 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
126 |
if (!is_owner_or_cap(inode)) |
if (!is_owner_or_cap(inode)) |
127 |
--- linux-2.6.32-67.134.orig/fs/ioctl.c |
--- linux-2.6.32-70.137.orig/fs/ioctl.c |
128 |
+++ linux-2.6.32-67.134/fs/ioctl.c |
+++ linux-2.6.32-70.137/fs/ioctl.c |
129 |
@@ -18,6 +18,7 @@ |
@@ -18,6 +18,7 @@ |
130 |
#include <linux/falloc.h> |
#include <linux/falloc.h> |
131 |
|
|
152 |
if (error) |
if (error) |
153 |
goto out_fput; |
goto out_fput; |
154 |
|
|
155 |
--- linux-2.6.32-67.134.orig/fs/namei.c |
--- linux-2.6.32-70.137.orig/fs/namei.c |
156 |
+++ linux-2.6.32-67.134/fs/namei.c |
+++ linux-2.6.32-70.137/fs/namei.c |
157 |
@@ -37,6 +37,8 @@ |
@@ -37,6 +37,8 @@ |
158 |
|
|
159 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
277 |
if (error) |
if (error) |
278 |
goto exit6; |
goto exit6; |
279 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
280 |
--- linux-2.6.32-67.134.orig/fs/namespace.c |
--- linux-2.6.32-70.137.orig/fs/namespace.c |
281 |
+++ linux-2.6.32-67.134/fs/namespace.c |
+++ linux-2.6.32-70.137/fs/namespace.c |
282 |
@@ -33,6 +33,7 @@ |
@@ -33,6 +33,7 @@ |
283 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
284 |
#include "pnode.h" |
#include "pnode.h" |
296 |
if (retval) |
if (retval) |
297 |
return retval; |
return retval; |
298 |
|
|
299 |
@@ -1128,6 +1131,8 @@ SYSCALL_DEFINE2(umount, char __user *, n |
@@ -1130,6 +1133,8 @@ SYSCALL_DEFINE2(umount, char __user *, n |
300 |
if (!(flags & UMOUNT_NOFOLLOW)) |
if (!(flags & UMOUNT_NOFOLLOW)) |
301 |
lookup_flags |= LOOKUP_FOLLOW; |
lookup_flags |= LOOKUP_FOLLOW; |
302 |
|
|
305 |
retval = user_path_at(AT_FDCWD, name, lookup_flags, &path); |
retval = user_path_at(AT_FDCWD, name, lookup_flags, &path); |
306 |
if (retval) |
if (retval) |
307 |
goto out; |
goto out; |
308 |
@@ -1475,6 +1480,9 @@ static int do_loopback(struct path *path |
@@ -1477,6 +1482,9 @@ static int do_loopback(struct path *path |
309 |
|
|
310 |
if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) |
if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) |
311 |
goto out; |
goto out; |
315 |
|
|
316 |
err = -ENOMEM; |
err = -ENOMEM; |
317 |
if (recurse) |
if (recurse) |
318 |
@@ -1586,6 +1594,9 @@ static int do_move_mount(struct path *pa |
@@ -1588,6 +1596,9 @@ static int do_move_mount(struct path *pa |
319 |
if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) |
if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) |
320 |
goto out; |
goto out; |
321 |
|
|
325 |
err = -ENOENT; |
err = -ENOENT; |
326 |
mutex_lock(&path->dentry->d_inode->i_mutex); |
mutex_lock(&path->dentry->d_inode->i_mutex); |
327 |
if (IS_DEADDIR(path->dentry->d_inode)) |
if (IS_DEADDIR(path->dentry->d_inode)) |
328 |
@@ -1691,6 +1702,9 @@ int do_add_mount(struct vfsmount *newmnt |
@@ -1693,6 +1704,9 @@ int do_add_mount(struct vfsmount *newmnt |
329 |
err = -EINVAL; |
err = -EINVAL; |
330 |
if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) |
if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) |
331 |
goto unlock; |
goto unlock; |
335 |
|
|
336 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
337 |
if ((err = graft_tree(newmnt, path))) |
if ((err = graft_tree(newmnt, path))) |
338 |
@@ -1913,6 +1927,7 @@ int copy_mount_string(const void __user |
@@ -1915,6 +1929,7 @@ int copy_mount_string(const void __user |
339 |
long do_mount(char *dev_name, char *dir_name, char *type_page, |
long do_mount(char *dev_name, char *dir_name, char *type_page, |
340 |
unsigned long flags, void *data_page) |
unsigned long flags, void *data_page) |
341 |
{ |
{ |
343 |
struct path path; |
struct path path; |
344 |
int retval = 0; |
int retval = 0; |
345 |
int mnt_flags = 0; |
int mnt_flags = 0; |
346 |
@@ -1960,6 +1975,9 @@ long do_mount(char *dev_name, char *dir_ |
@@ -1962,6 +1977,9 @@ long do_mount(char *dev_name, char *dir_ |
347 |
|
|
348 |
retval = security_sb_mount(dev_name, &path, |
retval = security_sb_mount(dev_name, &path, |
349 |
type_page, flags, data_page); |
type_page, flags, data_page); |
353 |
if (retval) |
if (retval) |
354 |
goto dput_out; |
goto dput_out; |
355 |
|
|
356 |
@@ -2178,6 +2196,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
@@ -2180,6 +2198,8 @@ SYSCALL_DEFINE2(pivot_root, const char _ |
357 |
goto out1; |
goto out1; |
358 |
|
|
359 |
error = security_sb_pivotroot(&old, &new); |
error = security_sb_pivotroot(&old, &new); |
362 |
if (error) { |
if (error) { |
363 |
path_put(&old); |
path_put(&old); |
364 |
goto out1; |
goto out1; |
365 |
--- linux-2.6.32-67.134.orig/fs/open.c |
--- linux-2.6.32-70.137.orig/fs/open.c |
366 |
+++ linux-2.6.32-67.134/fs/open.c |
+++ linux-2.6.32-70.137/fs/open.c |
367 |
@@ -30,6 +30,7 @@ |
@@ -30,6 +30,7 @@ |
368 |
#include <linux/audit.h> |
#include <linux/audit.h> |
369 |
#include <linux/falloc.h> |
#include <linux/falloc.h> |
438 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
if (capable(CAP_SYS_TTY_CONFIG)) { |
439 |
tty_vhangup_self(); |
tty_vhangup_self(); |
440 |
return 0; |
return 0; |
441 |
--- linux-2.6.32-67.134.orig/fs/proc/version.c |
--- linux-2.6.32-70.137.orig/fs/proc/version.c |
442 |
+++ linux-2.6.32-67.134/fs/proc/version.c |
+++ linux-2.6.32-70.137/fs/proc/version.c |
443 |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
444 |
return 0; |
return 0; |
445 |
} |
} |
447 |
+ |
+ |
448 |
+static int __init ccs_show_version(void) |
+static int __init ccs_show_version(void) |
449 |
+{ |
+{ |
450 |
+ printk(KERN_INFO "Hook version: 2.6.32-67.134 2014/11/09\n"); |
+ printk(KERN_INFO "Hook version: 2.6.32-70.137 2015/01/12\n"); |
451 |
+ return 0; |
+ return 0; |
452 |
+} |
+} |
453 |
+module_init(ccs_show_version); |
+module_init(ccs_show_version); |
454 |
--- linux-2.6.32-67.134.orig/include/linux/init_task.h |
--- linux-2.6.32-70.137.orig/include/linux/init_task.h |
455 |
+++ linux-2.6.32-67.134/include/linux/init_task.h |
+++ linux-2.6.32-70.137/include/linux/init_task.h |
456 |
@@ -115,6 +115,14 @@ extern struct cred init_cred; |
@@ -115,6 +115,14 @@ extern struct cred init_cred; |
457 |
# define INIT_PERF_EVENTS(tsk) |
# define INIT_PERF_EVENTS(tsk) |
458 |
#endif |
#endif |
476 |
} |
} |
477 |
|
|
478 |
|
|
479 |
--- linux-2.6.32-67.134.orig/include/linux/sched.h |
--- linux-2.6.32-70.137.orig/include/linux/sched.h |
480 |
+++ linux-2.6.32-67.134/include/linux/sched.h |
+++ linux-2.6.32-70.137/include/linux/sched.h |
481 |
@@ -43,6 +43,8 @@ |
@@ -43,6 +43,8 @@ |
482 |
|
|
483 |
#ifdef __KERNEL__ |
#ifdef __KERNEL__ |
498 |
}; |
}; |
499 |
|
|
500 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
501 |
--- linux-2.6.32-67.134.orig/kernel/compat.c |
--- linux-2.6.32-70.137.orig/kernel/compat.c |
502 |
+++ linux-2.6.32-67.134/kernel/compat.c |
+++ linux-2.6.32-70.137/kernel/compat.c |
503 |
@@ -28,6 +28,7 @@ |
@@ -28,6 +28,7 @@ |
504 |
#include <linux/module.h> |
#include <linux/module.h> |
505 |
|
|
517 |
|
|
518 |
do_settimeofday(&tv); |
do_settimeofday(&tv); |
519 |
return 0; |
return 0; |
520 |
--- linux-2.6.32-67.134.orig/kernel/kexec.c |
--- linux-2.6.32-70.137.orig/kernel/kexec.c |
521 |
+++ linux-2.6.32-67.134/kernel/kexec.c |
+++ linux-2.6.32-70.137/kernel/kexec.c |
522 |
@@ -37,6 +37,7 @@ |
@@ -37,6 +37,7 @@ |
523 |
#include <asm/io.h> |
#include <asm/io.h> |
524 |
#include <asm/system.h> |
#include <asm/system.h> |
536 |
|
|
537 |
/* |
/* |
538 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
539 |
--- linux-2.6.32-67.134.orig/kernel/kmod.c |
--- linux-2.6.32-70.137.orig/kernel/kmod.c |
540 |
+++ linux-2.6.32-67.134/kernel/kmod.c |
+++ linux-2.6.32-70.137/kernel/kmod.c |
541 |
@@ -214,6 +214,11 @@ static int ____call_usermodehelper(void |
@@ -214,6 +214,11 @@ static int ____call_usermodehelper(void |
542 |
goto fail; |
goto fail; |
543 |
} |
} |
550 |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
551 |
|
|
552 |
/* Exec failed? */ |
/* Exec failed? */ |
553 |
--- linux-2.6.32-67.134.orig/kernel/module.c |
--- linux-2.6.32-70.137.orig/kernel/module.c |
554 |
+++ linux-2.6.32-67.134/kernel/module.c |
+++ linux-2.6.32-70.137/kernel/module.c |
555 |
@@ -55,6 +55,7 @@ |
@@ -55,6 +55,7 @@ |
556 |
#include <linux/async.h> |
#include <linux/async.h> |
557 |
#include <linux/percpu.h> |
#include <linux/percpu.h> |
578 |
|
|
579 |
/* Only one module load at a time, please */ |
/* Only one module load at a time, please */ |
580 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
581 |
--- linux-2.6.32-67.134.orig/kernel/ptrace.c |
--- linux-2.6.32-70.137.orig/kernel/ptrace.c |
582 |
+++ linux-2.6.32-67.134/kernel/ptrace.c |
+++ linux-2.6.32-70.137/kernel/ptrace.c |
583 |
@@ -22,6 +22,7 @@ |
@@ -22,6 +22,7 @@ |
584 |
#include <linux/pid_namespace.h> |
#include <linux/pid_namespace.h> |
585 |
#include <linux/syscalls.h> |
#include <linux/syscalls.h> |
606 |
|
|
607 |
/* |
/* |
608 |
* This lock_kernel fixes a subtle race with suid exec |
* This lock_kernel fixes a subtle race with suid exec |
609 |
--- linux-2.6.32-67.134.orig/kernel/sched.c |
--- linux-2.6.32-70.137.orig/kernel/sched.c |
610 |
+++ linux-2.6.32-67.134/kernel/sched.c |
+++ linux-2.6.32-70.137/kernel/sched.c |
611 |
@@ -74,6 +74,7 @@ |
@@ -74,6 +74,7 @@ |
612 |
|
|
613 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
625 |
|
|
626 |
/* |
/* |
627 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
628 |
--- linux-2.6.32-67.134.orig/kernel/signal.c |
--- linux-2.6.32-70.137.orig/kernel/signal.c |
629 |
+++ linux-2.6.32-67.134/kernel/signal.c |
+++ linux-2.6.32-70.137/kernel/signal.c |
630 |
@@ -34,6 +34,7 @@ |
@@ -34,6 +34,7 @@ |
631 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
632 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
680 |
|
|
681 |
return do_send_specific(tgid, pid, sig, info); |
return do_send_specific(tgid, pid, sig, info); |
682 |
} |
} |
683 |
--- linux-2.6.32-67.134.orig/kernel/sys.c |
--- linux-2.6.32-70.137.orig/kernel/sys.c |
684 |
+++ linux-2.6.32-67.134/kernel/sys.c |
+++ linux-2.6.32-70.137/kernel/sys.c |
685 |
@@ -45,6 +45,7 @@ |
@@ -45,6 +45,7 @@ |
686 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
687 |
#include <asm/io.h> |
#include <asm/io.h> |
728 |
|
|
729 |
down_write(&uts_sem); |
down_write(&uts_sem); |
730 |
errno = -EFAULT; |
errno = -EFAULT; |
731 |
--- linux-2.6.32-67.134.orig/kernel/sysctl.c |
--- linux-2.6.32-70.137.orig/kernel/sysctl.c |
732 |
+++ linux-2.6.32-67.134/kernel/sysctl.c |
+++ linux-2.6.32-70.137/kernel/sysctl.c |
733 |
@@ -53,6 +53,7 @@ |
@@ -53,6 +53,7 @@ |
734 |
|
|
735 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
748 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
749 |
newval, newlen, |
newval, newlen, |
750 |
head->root, head->ctl_table); |
head->root, head->ctl_table); |
751 |
--- linux-2.6.32-67.134.orig/kernel/time.c |
--- linux-2.6.32-70.137.orig/kernel/time.c |
752 |
+++ linux-2.6.32-67.134/kernel/time.c |
+++ linux-2.6.32-70.137/kernel/time.c |
753 |
@@ -41,6 +41,7 @@ |
@@ -41,6 +41,7 @@ |
754 |
|
|
755 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
776 |
|
|
777 |
if (tz) { |
if (tz) { |
778 |
/* SMP safe, global irq locking makes it work. */ |
/* SMP safe, global irq locking makes it work. */ |
779 |
--- linux-2.6.32-67.134.orig/kernel/time/ntp.c |
--- linux-2.6.32-70.137.orig/kernel/time/ntp.c |
780 |
+++ linux-2.6.32-67.134/kernel/time/ntp.c |
+++ linux-2.6.32-70.137/kernel/time/ntp.c |
781 |
@@ -14,6 +14,7 @@ |
@@ -14,6 +14,7 @@ |
782 |
#include <linux/timex.h> |
#include <linux/timex.h> |
783 |
#include <linux/time.h> |
#include <linux/time.h> |
802 |
|
|
803 |
/* |
/* |
804 |
* if the quartz is off by more than 10% then |
* if the quartz is off by more than 10% then |
805 |
--- linux-2.6.32-67.134.orig/net/ipv4/inet_connection_sock.c |
--- linux-2.6.32-70.137.orig/net/ipv4/inet_connection_sock.c |
806 |
+++ linux-2.6.32-67.134/net/ipv4/inet_connection_sock.c |
+++ linux-2.6.32-70.137/net/ipv4/inet_connection_sock.c |
807 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
808 |
#include <net/route.h> |
#include <net/route.h> |
809 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
821 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
822 |
if (ib_net(tb) == net && tb->port == rover) { |
if (ib_net(tb) == net && tb->port == rover) { |
823 |
if (tb->fastreuse > 0 && |
if (tb->fastreuse > 0 && |
824 |
--- linux-2.6.32-67.134.orig/net/ipv4/inet_hashtables.c |
--- linux-2.6.32-70.137.orig/net/ipv4/inet_hashtables.c |
825 |
+++ linux-2.6.32-67.134/net/ipv4/inet_hashtables.c |
+++ linux-2.6.32-70.137/net/ipv4/inet_hashtables.c |
826 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
827 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
828 |
#include <net/secure_seq.h> |
#include <net/secure_seq.h> |
840 |
head = &hinfo->bhash[inet_bhashfn(net, port, |
head = &hinfo->bhash[inet_bhashfn(net, port, |
841 |
hinfo->bhash_size)]; |
hinfo->bhash_size)]; |
842 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
843 |
--- linux-2.6.32-67.134.orig/net/ipv4/raw.c |
--- linux-2.6.32-70.137.orig/net/ipv4/raw.c |
844 |
+++ linux-2.6.32-67.134/net/ipv4/raw.c |
+++ linux-2.6.32-70.137/net/ipv4/raw.c |
845 |
@@ -77,6 +77,7 @@ |
@@ -77,6 +77,7 @@ |
846 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
847 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
860 |
|
|
861 |
copied = skb->len; |
copied = skb->len; |
862 |
if (len < copied) { |
if (len < copied) { |
863 |
--- linux-2.6.32-67.134.orig/net/ipv4/udp.c |
--- linux-2.6.32-70.137.orig/net/ipv4/udp.c |
864 |
+++ linux-2.6.32-67.134/net/ipv4/udp.c |
+++ linux-2.6.32-70.137/net/ipv4/udp.c |
865 |
@@ -105,6 +105,7 @@ |
@@ -105,6 +105,7 @@ |
866 |
#include <net/checksum.h> |
#include <net/checksum.h> |
867 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
890 |
|
|
891 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
892 |
copied = len; |
copied = len; |
893 |
--- linux-2.6.32-67.134.orig/net/ipv6/raw.c |
--- linux-2.6.32-70.137.orig/net/ipv6/raw.c |
894 |
+++ linux-2.6.32-67.134/net/ipv6/raw.c |
+++ linux-2.6.32-70.137/net/ipv6/raw.c |
895 |
@@ -59,6 +59,7 @@ |
@@ -59,6 +59,7 @@ |
896 |
|
|
897 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
910 |
|
|
911 |
copied = skb->len; |
copied = skb->len; |
912 |
if (copied > len) { |
if (copied > len) { |
913 |
--- linux-2.6.32-67.134.orig/net/ipv6/udp.c |
--- linux-2.6.32-70.137.orig/net/ipv6/udp.c |
914 |
+++ linux-2.6.32-67.134/net/ipv6/udp.c |
+++ linux-2.6.32-70.137/net/ipv6/udp.c |
915 |
@@ -48,6 +48,7 @@ |
@@ -48,6 +48,7 @@ |
916 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
917 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
930 |
|
|
931 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
932 |
copied = len; |
copied = len; |
933 |
--- linux-2.6.32-67.134.orig/net/socket.c |
--- linux-2.6.32-70.137.orig/net/socket.c |
934 |
+++ linux-2.6.32-67.134/net/socket.c |
+++ linux-2.6.32-70.137/net/socket.c |
935 |
@@ -97,6 +97,8 @@ |
@@ -97,6 +97,8 @@ |
936 |
#include <net/sock.h> |
#include <net/sock.h> |
937 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1002 |
if (err) |
if (err) |
1003 |
goto out_put; |
goto out_put; |
1004 |
|
|
1005 |
--- linux-2.6.32-67.134.orig/net/unix/af_unix.c |
--- linux-2.6.32-70.137.orig/net/unix/af_unix.c |
1006 |
+++ linux-2.6.32-67.134/net/unix/af_unix.c |
+++ linux-2.6.32-70.137/net/unix/af_unix.c |
1007 |
@@ -114,6 +114,7 @@ |
@@ -114,6 +114,7 @@ |
1008 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1009 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1023 |
if (err) |
if (err) |
1024 |
goto out_mknod_drop_write; |
goto out_mknod_drop_write; |
1025 |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); |
1026 |
--- linux-2.6.32-67.134.orig/security/Kconfig |
--- linux-2.6.32-70.137.orig/security/Kconfig |
1027 |
+++ linux-2.6.32-67.134/security/Kconfig |
+++ linux-2.6.32-70.137/security/Kconfig |
1028 |
@@ -203,5 +203,7 @@ config DEFAULT_SECURITY |
@@ -203,5 +203,7 @@ config DEFAULT_SECURITY |
1029 |
default "apparmor" if DEFAULT_SECURITY_APPARMOR |
default "apparmor" if DEFAULT_SECURITY_APPARMOR |
1030 |
default "" if DEFAULT_SECURITY_DAC |
default "" if DEFAULT_SECURITY_DAC |
1033 |
+ |
+ |
1034 |
endmenu |
endmenu |
1035 |
|
|
1036 |
--- linux-2.6.32-67.134.orig/security/Makefile |
--- linux-2.6.32-70.137.orig/security/Makefile |
1037 |
+++ linux-2.6.32-67.134/security/Makefile |
+++ linux-2.6.32-70.137/security/Makefile |
1038 |
@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
1039 |
# Object integrity file lists |
# Object integrity file lists |
1040 |
subdir-$(CONFIG_IMA) += integrity/ima |
subdir-$(CONFIG_IMA) += integrity/ima |