well...
it seems that (by mistake) i've send an answers to unspawns question
to his addres, instead of list.
i apology for that; i've no time to properly configure a
client-program (well... no time and no skills :|), and i'm sending
everything via firefox.
anyway, this is what i wanted to send:
r...@linugrat:/usr/src/linux-2.6.27.10/fs# cat namei.c.rej
*************** static long do_unlinkat(int dfd, const c
*** 2352,2357 ****
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
--- 2422,2431 ----
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
+ /***** TOMOYO Linux start. *****/
+ if (!ccs_capable(TOMOYO_SYS_UNLINK))
+ return -EPERM;
+ /***** TOMOYO Linux end. *****/
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
r...@linugrat:/usr/src/linux-2.6.27.10/fs#
r...@linugrat:/usr/src/linux-2.6.27.10/fs# cat open.c
open.c open.c.orig open.c.rej
r...@linugrat:/usr/src/linux-2.6.27.10/fs# cat open.c.rej
***************
*** 29,34 ****
#include <linux/rcupdate.h>
#include <linux/audit.h>
#include <linux/falloc.h>
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
{
--- 29,40 ----
#include <linux/rcupdate.h>
#include <linux/audit.h>
#include <linux/falloc.h>
+ /***** SAKURA Linux start. *****/
+ #include <linux/sakura.h>
+ /***** SAKURA Linux end. *****/
+ /***** TOMOYO Linux start. *****/
+ #include <linux/tomoyo.h>
+ /***** TOMOYO Linux end. *****/
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
{
r...@linugrat:/usr/src/linux-2.6.27.10/fs#
r...@linugrat:/usr/src/linux-2.6.27.10/net/unix# cat af_unix.c.rej
***************
*** 114,119 ****
#include <linux/mount.h>
#include <net/checksum.h>
#include <linux/security.h>
static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
static DEFINE_SPINLOCK(unix_table_lock);
--- 114,122 ----
#include <linux/mount.h>
#include <net/checksum.h>
#include <linux/security.h>
+ /***** TOMOYO Linux start. *****/
+ #include <linux/tomoyo.h>
+ /***** TOMOYO Linux end. *****/
static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
static DEFINE_SPINLOCK(unix_table_lock);
*************** static int unix_bind(struct socket *sock
*** 841,846 ****
err = mnt_want_write(nd.path.mnt);
if (err)
goto out_mknod_dput;
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
mnt_drop_write(nd.path.mnt);
if (err)
--- 849,861 ----
err = mnt_want_write(nd.path.mnt);
if (err)
goto out_mknod_dput;
+ /***** TOMOYO Linux start. *****/
+ err = pre_vfs_mknod(nd.path.dentry->d_inode, dentry, mode);
+ if (!err)
+ err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
+ nd.path.mnt);
+ if (!err)
+ /***** TOMOYO Linux end. *****/
err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
mnt_drop_write(nd.path.mnt);
if (err)
r...@linugrat:/usr/src/linux-2.6.27.10/net/unix#
regards,
szymon
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
