--- trunk/1.6.x/ccs-patch/README.ccs	2008/09/11 03:40:09	1578
+++ trunk/1.6.x/ccs-patch/README.ccs	2008/11/04 04:30:02	1778
@@ -1590,3 +1590,121 @@
       This change makes it impossible to revoke permission to write to
       /proc/ccs/ interface without killing the process, but it will be better
       than nonfunctioning ccs-queryd program.
+
+Fix 2008/09/19
+
+    @ Allow selecting a domain by PID.
+
+      Sometimes we want to know what ACLs are given to specific PID, but
+      finding a domainname for that PID from /proc/ccs/.process_status and
+      reading ACLs from /proc/ccs/domain_policy by the domainname is very slow.
+      Thus, I modified /proc/ccs/domain_policy to allow selecting a domain by
+      PID. For example, to read domain ACL of current process from bash,
+      run as follows.
+
+      # exec 100<>/proc/ccs/domain_policy
+      # echo select pid=$$ >&100
+      # while read -u 100; do echo $REPLY; done
+
+      If a domain is once selected by PID, reading /proc/ccs/domain_policy will
+      print only that domain if that PID exists or print nothing otherwise.
+
+    @ Disallow concurrent /proc/ccs/ access using the same file descriptor.
+
+      Until now, one process can read() from /proc/ccs/ while other process
+      that shares the file descriptor can write() to /proc/ccs/ .
+      But to implement "Allow selecting a domain by PID" feature, I disabled
+      concurrent read()/write() because the feature need to modify read buffer
+      while writing.
+
+Fix 2008/10/01
+
+    @ Add retry counter into /proc/ccs/query .
+
+      To be able to handle some of queries from /proc/ccs/query without user's
+      interaction, I added retry counter for avoiding infinite loop caused by
+      "try again" response.
+
+Fix 2008/10/07
+
+    @ Don't transit to new domain until do_execve() succeeds.
+
+      Until now, a process's domain was updated to new domain which the process
+      will belongs to before do_execve() succeeds so that the kernel can do
+      permission checks for interpreters and environment variables based on
+      new domain. But this caused a subtle problem when other process sends
+      signals to the process, for the process returns to old domain if
+      do_execve() failed.
+
+      So, I modified to pass new domain to functions so that I can avoid
+      modifying a process's domain before do_execve() succeeds.
+
+    @ Use old task state for audit logs.
+
+      Until now, audit logs were generated using the task state after
+      processing "; set task.state" part. But to generate accurate logs,
+      I modified to save the task state before processing "; set task.state"
+      part and use the saved state for audit logs.
+
+    @ Use a structure for passing parameters.
+
+      As the number of parameters is increasing, I modified to use a structure
+      for passing parameters.
+
+Fix 2008/10/11
+
+    @ Remove domain_acl_lock mutex.
+
+      I noticed that I don't need to keep all functions that modify an ACL of
+      a domain mutually exclusive. Since each functions handles different type
+      of ACL, locking is needed only when they append an ACL to a domain.
+      So, I modified to use local locks.
+
+Fix 2008/10/14
+
+    @ Fix ccs_check_condition() bug.
+
+      Due to a bug in ccs_check_condition(), it was impossible to use
+      task.state[0] task.state[1] task.state[2] inside condition part
+      if the ACL does not treat a pathname. For example, an ACL like
+
+        allow_network TCP connect @HTTP_SERVERS 80 if task.state[0]=100
+
+      didn't work.
+
+Fix 2008/10/15
+
+    @ Show process information in /proc/ccs/.process_status .
+
+      To be able to determine a process's type, I added a command "info PID"
+      which returns process information of the specified PID in
+      "PID manager=\* execute_handler=\* state[0]=\$ state[1]=\$ state[2]=\$"
+      format.
+
+Fix 2008/10/20
+
+    @ Use rcu_dereference() when walking the list.
+
+      I was using "dependency ordering" for appending an element to a list
+      without asking the reader to take a lock. But "dependency ordering"
+      is not respected by DEC Alpha or by some aggressive value-speculation
+      compiler optimizations.
+
+      On such environment, use of "dependency ordering" can lead to system
+      crash because the reader might read uninitialized value of newly
+      appended element.
+
+      To prevent the reader from reading uninitialized value of newly appended
+      element, I inserted rcu_dereference() when walking the list.
+
+Fix 2008/11/04
+
+    @ Use sys_getpid() instead for current->pid.
+
+      Kernel 2.6.24 introduced PID namespace.
+
+      To compare PID given from userland, I can't use current->pid.
+      So, I modified to use sys_getpid() instead for current->pid.
+
+      I modified to use task_tgid_nr_ns() for 2.6.25 and later instead for
+      current->tgid when checking /proc/self/ in get_absolute_path().