diff -Naur -X ../dontdiff bleeding_edge-2.5/arch/i386/kernel/ptrace.c lsm-2.5/arch/i386/kernel/ptrace.c
--- bleeding_edge-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:47:14 2002
+++ lsm-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:41:44 2002
@@ -160,8 +160,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/class.c lsm-2.5/drivers/base/fs/class.c
--- bleeding_edge-2.5/drivers/base/fs/class.c Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/class.c Tue Oct 15 16:13:11 2002
@@ -7,6 +7,8 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
#include "fs.h"
static struct driver_dir_entry class_dir;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/intf.c lsm-2.5/drivers/base/fs/intf.c
--- bleeding_edge-2.5/drivers/base/fs/intf.c Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/intf.c Tue Oct 15 16:14:27 2002
@@ -4,6 +4,8 @@
#include <linux/device.h>
#include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
#include "fs.h"
/**
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/exec.c lsm-2.5/fs/exec.c
--- bleeding_edge-2.5/fs/exec.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/exec.c Tue Oct 15 16:09:05 2002
@@ -43,6 +43,7 @@
#include <linux/namei.h>
#include <linux/proc_fs.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/locks.c lsm-2.5/fs/locks.c
--- bleeding_edge-2.5/fs/locks.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/locks.c Tue Oct 15 16:10:52 2002
@@ -122,6 +122,7 @@
#include <linux/timer.h>
#include <linux/time.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/semaphore.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/namespace.c lsm-2.5/fs/namespace.c
--- bleeding_edge-2.5/fs/namespace.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/namespace.c Tue Oct 15 16:12:00 2002
@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <linux/namespace.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/proc/base.c lsm-2.5/fs/proc/base.c
--- bleeding_edge-2.5/fs/proc/base.c Tue Oct 15 16:48:26 2002
+++ lsm-2.5/fs/proc/base.c Tue Oct 15 16:21:45 2002
@@ -28,6 +28,7 @@
#include <linux/namespace.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
+#include <linux/security.h>
/*
* For hysterical raisins we keep the same inumbers as in the old procfs.
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/readdir.c lsm-2.5/fs/readdir.c
--- bleeding_edge-2.5/fs/readdir.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/readdir.c Tue Oct 15 16:09:51 2002
@@ -11,6 +11,7 @@
#include <linux/file.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/xattr.c lsm-2.5/fs/xattr.c
--- bleeding_edge-2.5/fs/xattr.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/xattr.c Tue Oct 15 16:13:59 2002
@@ -13,6 +13,7 @@
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/sched.h lsm-2.5/include/linux/sched.h
--- bleeding_edge-2.5/include/linux/sched.h Tue Oct 15 16:48:49 2002
+++ lsm-2.5/include/linux/sched.h Tue Oct 15 15:59:24 2002
@@ -600,9 +600,11 @@
unsigned long, const char *, void *);
extern void free_irq(unsigned int, void *);
+
+#ifdef CONFIG_SECURITY
/* capable prototype and code moved to security.[hc] */
#include <linux/security.h>
-#if 0
+#else
static inline int capable(int cap)
{
if (cap_raised(current->cap_effective, cap)) {
@@ -611,7 +613,7 @@
}
return 0;
}
-#endif /* if 0 */
+#endif
/*
* Routines for handling mm_structs
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/security.h lsm-2.5/include/linux/security.h
--- bleeding_edge-2.5/include/linux/security.h Wed Oct 9 08:51:48 2002
+++ lsm-2.5/include/linux/security.h Tue Oct 15 16:40:09 2002
@@ -22,8 +22,6 @@
#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H
-#ifdef __KERNEL__
-
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/signal.h>
@@ -33,6 +31,7 @@
#include <linux/shm.h>
#include <linux/msg.h>
+
/*
* Values used in the task_security_ops calls
*/
@@ -848,6 +847,16 @@
struct security_operations *ops);
};
+#ifdef CONFIG_SECURITY
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+ return security_ops->ptrace (parent, child);
+}
/* prototypes */
extern int security_scaffolding_startup (void);
@@ -857,11 +866,17 @@
extern int mod_unreg_security (const char *name, struct security_operations *ops);
extern int capable (int cap);
-/* global variables */
+
+#endif /* CONFIG_SECURITY */
+
+static inline int security_scaffolding_startup (void) { return 0; }
extern struct security_operations *security_ops;
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+ return 0;
+}
-#endif /* __KERNEL__ */
#endif /* ! __LINUX_SECURITY_H */
diff -Naur -X ../dontdiff bleeding_edge-2.5/init/do_mounts.c lsm-2.5/init/do_mounts.c
--- bleeding_edge-2.5/init/do_mounts.c Mon Oct 7 13:46:56 2002
+++ lsm-2.5/init/do_mounts.c Tue Oct 15 16:05:18 2002
@@ -12,6 +12,7 @@
#include <linux/init.h>
#include <linux/suspend.h>
#include <linux/root_dev.h>
+#include <linux/security.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_fs_sb.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/capability.c lsm-2.5/kernel/capability.c
--- bleeding_edge-2.5/kernel/capability.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/capability.c Tue Oct 15 16:08:08 2002
@@ -8,6 +8,7 @@
*/
#include <linux/mm.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/kmod.c lsm-2.5/kernel/kmod.c
--- bleeding_edge-2.5/kernel/kmod.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/kmod.c Tue Oct 15 16:10:50 2002
@@ -29,6 +29,7 @@
#include <linux/completion.h>
#include <linux/file.h>
#include <linux/workqueue.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/ptrace.c lsm-2.5/kernel/ptrace.c
--- bleeding_edge-2.5/kernel/ptrace.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/ptrace.c Tue Oct 15 16:09:07 2002
@@ -14,6 +14,7 @@
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/signal.c lsm-2.5/kernel/signal.c
--- bleeding_edge-2.5/kernel/signal.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/signal.c Tue Oct 15 16:09:55 2002
@@ -18,6 +18,7 @@
#include <linux/fs.h>
#include <linux/tty.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/siginfo.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Config.in lsm-2.5/security/Config.in
--- bleeding_edge-2.5/security/Config.in Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Config.in Tue Oct 15 15:41:13 2002
@@ -3,5 +3,8 @@
#
mainmenu_option next_comment
comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+ dep_tristate ' Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
endmenu
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Makefile lsm-2.5/security/Makefile
--- bleeding_edge-2.5/security/Makefile Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Makefile Tue Oct 15 16:34:21 2002
@@ -6,8 +6,8 @@
export-objs := security.o
# Object file lists
-obj-y := security.o dummy.o
-
+obj-y += sys_security.o
+obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
include $(TOPDIR)/Rules.make
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/sys_security.c lsm-2.5/security/sys_security.c
--- bleeding_edge-2.5/security/sys_security.c Wed Dec 31 16:00:00 1969
+++ lsm-2.5/security/sys_security.c Tue Oct 15 16:34:03 2002
@@ -0,0 +1,45 @@
+/*
+ * Security plug functions
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+
+/**
+ * sys_security - security syscall multiplexor.
+ * @id: module id
+ * @call: call identifier
+ * @args: arg list for call
+ *
+ * Similar to sys_socketcall. Can use id to help identify which module user
+ * app is talking to. The recommended convention for creating the
+ * hexadecimal id value is:
+ * 'echo "Name_of_module" | md5sum | cut -c -8'.
+ * By following this convention, there's no need for a central registry.
+ */
+#ifdef CONFIG_SECURITY
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return security_ops->sys_security (id, call, args);
+}
+#else
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+#endif
+