Merge branch 'master' into next

author: James Morris <jmorris@namei.org> 2009-05-08 03:56:47 -0400
committer: James Morris <jmorris@namei.org> 2009-05-08 03:56:47 -0400
commit: d254117099d711f215e62427f55dfb8ebd5ad011 (patch)
tree: 0848ff8dd74314fec14a86497f8d288c86ba7c65 /security
parent: 07ff7a0b187f3951788f64ae1f30e8109bc8e9eb (diff)
parent: 8c9ed899b44c19e81859fbb0e9d659fe2f8630fc (diff)
14 files changed, 39 insertions, 28 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 97ac1f167717..48b7e0228fa3 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -948,7 +948,6 @@ changed:
        return commit_creds(new);
 no_change:
-        error = 0;
 error:
        abort_creds(new);
        return error;
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 3aacd0fe7179..5fda7df19723 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -11,6 +11,7 @@
 #include <linux/uaccess.h>
 #include <linux/seq_file.h>
 #include <linux/rcupdate.h>
+#include <linux/mutex.h>
 #define ACC_MKNOD 1
 #define ACC_READ  2
@@ -21,9 +22,11 @@
 #define DEV_CHAR  2
 #define DEV_ALL   4  /* this represents all devices */
+static DEFINE_MUTEX(devcgroup_mutex);
 /*
 * whitelist locking rules:
- * hold cgroup_lock() for update/read.
+ * hold devcgroup_mutex for update/read.
 * hold rcu_read_lock() for read.
 */
@@ -67,7 +70,7 @@ static int devcgroup_can_attach(struct cgroup_subsys *ss,
 }
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
 */
 static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig)
 {
@@ -92,7 +95,7 @@ free_and_exit:
 /* Stupid prototype - don't bother combining existing entries */
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
 */
 static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
                        struct dev_whitelist_item *wh)
@@ -130,7 +133,7 @@ static void whitelist_item_free(struct rcu_head *rcu)
 }
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
 */
 static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
                        struct dev_whitelist_item *wh)
@@ -185,8 +188,10 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss,
                list_add(&wh->list, &dev_cgroup->whitelist);
        } else {
                parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
+                mutex_lock(&devcgroup_mutex);
                ret = dev_whitelist_copy(&dev_cgroup->whitelist,
                                &parent_dev_cgroup->whitelist);
+                mutex_unlock(&devcgroup_mutex);
                if (ret) {
                        kfree(dev_cgroup);
                        return ERR_PTR(ret);
@@ -273,7 +278,7 @@ static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft,
 * does the access granted to dev_cgroup c contain the access
 * requested in whitelist item refwh.
 * return 1 if yes, 0 if no.
- * call with c->lock held
+ * call with devcgroup_mutex held
 */
 static int may_access_whitelist(struct dev_cgroup *c,
                                       struct dev_whitelist_item *refwh)
@@ -426,11 +431,11 @@ static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
                                  const char *buffer)
 {
        int retval;
-        if (!cgroup_lock_live_group(cgrp))
-                return -ENODEV;
+        mutex_lock(&devcgroup_mutex);
        retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
                                         cft->private, buffer);
-        cgroup_unlock();
+        mutex_unlock(&devcgroup_mutex);
        return retval;
 }
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 22a31582bfaa..03fe63ed55bd 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -311,7 +311,8 @@ static int construct_alloc_key(struct key_type *type,
        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
-        down_write(&dest_keyring->sem);
+        if (dest_keyring)
+                down_write(&dest_keyring->sem);
        /* attach the key to the destination keyring under lock, but we do need
         * to do another check just in case someone beat us to it whilst we
@@ -322,10 +323,12 @@ static int construct_alloc_key(struct key_type *type,
        if (!IS_ERR(key_ref))
                goto key_already_present;
-        __key_link(dest_keyring, key);
+        if (dest_keyring)
+                __key_link(dest_keyring, key);
        mutex_unlock(&key_construction_mutex);
-        up_write(&dest_keyring->sem);
+        if (dest_keyring)
+                up_write(&dest_keyring->sem);
        mutex_unlock(&user->cons_lock);
        *_key = key;
        kleave(" = 0 [%d]", key_serial(key));
diff --git a/security/security.c b/security/security.c
index 206e53844d2f..5284255c5cdf 100644
--- a/security/security.c
+++ b/security/security.c
@@ -445,6 +445,7 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
                return 0;
        return security_ops->inode_create(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_create);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
                         struct dentry *new_dentry)
@@ -475,6 +476,7 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
                return 0;
        return security_ops->inode_mkdir(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_mkdir);
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 39046ddd90a9..195906bce266 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3145,7 +3145,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
                                       struct fown_struct *fown, int signum)
 {
        struct file *file;
-        u32 sid = current_sid();
+        u32 sid = task_sid(tsk);
        u32 perm;
        struct file_security_struct *fsec;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f557767911c9..0d030b4513c8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -675,8 +675,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
            strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
                if (!capable(CAP_MAC_ADMIN))
                        rc = -EPERM;
-                /* a label cannot be void and cannot begin with '-' */
+                /*
-                if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
+                 * check label validity here so import wont fail on
+                 * post_setxattr
+                 */
+                if (size == 0 || size >= SMK_LABELLEN ||
+                    smk_import(value, size) == NULL)
                        rc = -EINVAL;
        } else
                rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -713,9 +717,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
        if (strcmp(name, XATTR_NAME_SMACK))
                return;
-        if (size >= SMK_LABELLEN)
-                return;
        isp = dentry->d_inode->i_security;
        /*
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index a0affd9cfca8..d4d41b3efc7c 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
@@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename)
        envp[2] = NULL;
        call_usermodehelper(argv[0], argv, envp, 1);
-        printk(KERN_INFO "TOMOYO: 2.2.0-pre   2009/02/01\n");
+        printk(KERN_INFO "TOMOYO: 2.2.0   2009/04/01\n");
        printk(KERN_INFO "Mandatory Access Control activated.\n");
        tomoyo_policy_loaded = true;
        { /* Check all profiles currently assigned to domains are defined. */
@@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename)
 static int tomoyo_read_version(struct tomoyo_io_buffer *head)
 {
        if (!head->read_eof) {
-                tomoyo_io_printf(head, "2.2.0-pre");
+                tomoyo_io_printf(head, "2.2.0");
                head->read_eof = true;
        }
        return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index e77e6a6de0f2..678f4ff16aa4 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 2f2b449ffd2d..2d6748741a26 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 65f50c1c5ee9..2316da8ec5bc 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index d47f16b844b2..bf8e2b451687 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -5,13 +5,14 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
 #include <linux/types.h>
 #include <linux/mount.h>
 #include <linux/mnt_namespace.h>
+#include <linux/fs_struct.h>
 #include "common.h"
 #include "realpath.h"
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
index 7ec9fc9cbc07..78217a37960b 100644
--- a/security/tomoyo/realpath.h
+++ b/security/tomoyo/realpath.h
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3eeeae12c4dc..5b481912752a 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index a0c8f6e0bea4..41c6ebafb9c5 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -5,7 +5,7 @@
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
 *
 */
author	James Morris <jmorris@namei.org>	2009-05-08 03:56:47 -0400
committer	James Morris <jmorris@namei.org>	2009-05-08 03:56:47 -0400
commit	d254117099d711f215e62427f55dfb8ebd5ad011 (patch)
tree	0848ff8dd74314fec14a86497f8d288c86ba7c65 /security
parent	07ff7a0b187f3951788f64ae1f30e8109bc8e9eb (diff)
parent	8c9ed899b44c19e81859fbb0e9d659fe2f8630fc (diff)

diff --git a/security/commoncap.c b/security/commoncap.c index 97ac1f167717..48b7e0228fa3 100644 --- a/security/commoncap.c +++ b/security/commoncap.c
@@ -948,7 +948,6 @@ changed:
948	return commit_creds(new);	948	return commit_creds(new);
949		949
950	no_change:	950	no_change:
951	error = 0;
952	error:	951	error:
953	abort_creds(new);	952	abort_creds(new);
954	return error;	953	return error;


diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 3aacd0fe7179..5fda7df19723 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c
@@ -11,6 +11,7 @@
11	#include <linux/uaccess.h>	11	#include <linux/uaccess.h>
12	#include <linux/seq_file.h>	12	#include <linux/seq_file.h>
13	#include <linux/rcupdate.h>	13	#include <linux/rcupdate.h>
		14	#include <linux/mutex.h>
14		15
15	#define ACC_MKNOD 1	16	#define ACC_MKNOD 1
16	#define ACC_READ 2	17	#define ACC_READ 2
@@ -21,9 +22,11 @@
21	#define DEV_CHAR 2	22	#define DEV_CHAR 2
22	#define DEV_ALL 4 /* this represents all devices */	23	#define DEV_ALL 4 /* this represents all devices */
23		24
		25	static DEFINE_MUTEX(devcgroup_mutex);
		26
24	/*	27	/*
25	* whitelist locking rules:	28	* whitelist locking rules:
26	* hold cgroup_lock() for update/read.	29	* hold devcgroup_mutex for update/read.
27	* hold rcu_read_lock() for read.	30	* hold rcu_read_lock() for read.
28	*/	31	*/
29		32
@@ -67,7 +70,7 @@ static int devcgroup_can_attach(struct cgroup_subsys *ss,
67	}	70	}
68		71
69	/*	72	/*
70	* called under cgroup_lock()	73	* called under devcgroup_mutex
71	*/	74	*/
72	static int dev_whitelist_copy(struct list_head dest, struct list_head orig)	75	static int dev_whitelist_copy(struct list_head dest, struct list_head orig)
73	{	76	{
@@ -92,7 +95,7 @@ free_and_exit:
92		95
93	/* Stupid prototype - don't bother combining existing entries */	96	/* Stupid prototype - don't bother combining existing entries */
94	/*	97	/*
95	* called under cgroup_lock()	98	* called under devcgroup_mutex
96	*/	99	*/
97	static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,	100	static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
98	struct dev_whitelist_item *wh)	101	struct dev_whitelist_item *wh)
@@ -130,7 +133,7 @@ static void whitelist_item_free(struct rcu_head *rcu)
130	}	133	}
131		134
132	/*	135	/*
133	* called under cgroup_lock()	136	* called under devcgroup_mutex
134	*/	137	*/
135	static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,	138	static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
136	struct dev_whitelist_item *wh)	139	struct dev_whitelist_item *wh)
@@ -185,8 +188,10 @@ static struct cgroup_subsys_state devcgroup_create(struct cgroup_subsys ss,
185	list_add(&wh->list, &dev_cgroup->whitelist);	188	list_add(&wh->list, &dev_cgroup->whitelist);
186	} else {	189	} else {
187	parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);	190	parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
		191	mutex_lock(&devcgroup_mutex);
188	ret = dev_whitelist_copy(&dev_cgroup->whitelist,	192	ret = dev_whitelist_copy(&dev_cgroup->whitelist,
189	&parent_dev_cgroup->whitelist);	193	&parent_dev_cgroup->whitelist);
		194	mutex_unlock(&devcgroup_mutex);
190	if (ret) {	195	if (ret) {
191	kfree(dev_cgroup);	196	kfree(dev_cgroup);
192	return ERR_PTR(ret);	197	return ERR_PTR(ret);
@@ -273,7 +278,7 @@ static int devcgroup_seq_read(struct cgroup cgroup, struct cftype cft,
273	* does the access granted to dev_cgroup c contain the access	278	* does the access granted to dev_cgroup c contain the access
274	* requested in whitelist item refwh.	279	* requested in whitelist item refwh.
275	* return 1 if yes, 0 if no.	280	* return 1 if yes, 0 if no.
276	* call with c->lock held	281	* call with devcgroup_mutex held
277	*/	282	*/
278	static int may_access_whitelist(struct dev_cgroup *c,	283	static int may_access_whitelist(struct dev_cgroup *c,
279	struct dev_whitelist_item *refwh)	284	struct dev_whitelist_item *refwh)
@@ -426,11 +431,11 @@ static int devcgroup_access_write(struct cgroup cgrp, struct cftype cft,
426	const char *buffer)	431	const char *buffer)
427	{	432	{
428	int retval;	433	int retval;
429	if (!cgroup_lock_live_group(cgrp))	434
430	return -ENODEV;	435	mutex_lock(&devcgroup_mutex);
431	retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),	436	retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
432	cft->private, buffer);	437	cft->private, buffer);
433	cgroup_unlock();	438	mutex_unlock(&devcgroup_mutex);
434	return retval;	439	return retval;
435	}	440	}
436		441


diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 22a31582bfaa..03fe63ed55bd 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c
@@ -311,7 +311,8 @@ static int construct_alloc_key(struct key_type *type,
311		311
312	set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);	312	set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
313		313
314	down_write(&dest_keyring->sem);	314	if (dest_keyring)
		315	down_write(&dest_keyring->sem);
315		316
316	/* attach the key to the destination keyring under lock, but we do need	317	/* attach the key to the destination keyring under lock, but we do need
317	* to do another check just in case someone beat us to it whilst we	318	* to do another check just in case someone beat us to it whilst we
@@ -322,10 +323,12 @@ static int construct_alloc_key(struct key_type *type,
322	if (!IS_ERR(key_ref))	323	if (!IS_ERR(key_ref))
323	goto key_already_present;	324	goto key_already_present;
324		325
325	__key_link(dest_keyring, key);	326	if (dest_keyring)
		327	__key_link(dest_keyring, key);
326		328
327	mutex_unlock(&key_construction_mutex);	329	mutex_unlock(&key_construction_mutex);
328	up_write(&dest_keyring->sem);	330	if (dest_keyring)
		331	up_write(&dest_keyring->sem);
329	mutex_unlock(&user->cons_lock);	332	mutex_unlock(&user->cons_lock);
330	*_key = key;	333	*_key = key;
331	kleave(" = 0 [%d]", key_serial(key));	334	kleave(" = 0 [%d]", key_serial(key));


diff --git a/security/security.c b/security/security.c index 206e53844d2f..5284255c5cdf 100644 --- a/security/security.c +++ b/security/security.c
@@ -445,6 +445,7 @@ int security_inode_create(struct inode dir, struct dentry dentry, int mode)
445	return 0;	445	return 0;
446	return security_ops->inode_create(dir, dentry, mode);	446	return security_ops->inode_create(dir, dentry, mode);
447	}	447	}
		448	EXPORT_SYMBOL_GPL(security_inode_create);
448		449
449	int security_inode_link(struct dentry old_dentry, struct inode dir,	450	int security_inode_link(struct dentry old_dentry, struct inode dir,
450	struct dentry *new_dentry)	451	struct dentry *new_dentry)
@@ -475,6 +476,7 @@ int security_inode_mkdir(struct inode dir, struct dentry dentry, int mode)
475	return 0;	476	return 0;
476	return security_ops->inode_mkdir(dir, dentry, mode);	477	return security_ops->inode_mkdir(dir, dentry, mode);
477	}	478	}
		479	EXPORT_SYMBOL_GPL(security_inode_mkdir);
478		480
479	int security_inode_rmdir(struct inode dir, struct dentry dentry)	481	int security_inode_rmdir(struct inode dir, struct dentry dentry)
480	{	482	{


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 39046ddd90a9..195906bce266 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -3145,7 +3145,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3145	struct fown_struct *fown, int signum)	3145	struct fown_struct *fown, int signum)
3146	{	3146	{
3147	struct file *file;	3147	struct file *file;
3148	u32 sid = current_sid();	3148	u32 sid = task_sid(tsk);
3149	u32 perm;	3149	u32 perm;
3150	struct file_security_struct *fsec;	3150	struct file_security_struct *fsec;
3151		3151


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f557767911c9..0d030b4513c8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -675,8 +675,12 @@ static int smack_inode_setxattr(struct dentry dentry, const char name,
675	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {	675	strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
676	if (!capable(CAP_MAC_ADMIN))	676	if (!capable(CAP_MAC_ADMIN))
677	rc = -EPERM;	677	rc = -EPERM;
678	/* a label cannot be void and cannot begin with '-' */	678	/*
679	if (size == 0 \|\| (size > 0 && ((char *)value)[0] == '-'))	679	* check label validity here so import wont fail on
		680	* post_setxattr
		681	*/
		682	if (size == 0 \|\| size >= SMK_LABELLEN \|\|
		683	smk_import(value, size) == NULL)
680	rc = -EINVAL;	684	rc = -EINVAL;
681	} else	685	} else
682	rc = cap_inode_setxattr(dentry, name, value, size, flags);	686	rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -713,9 +717,6 @@ static void smack_inode_post_setxattr(struct dentry dentry, const char name,
713	if (strcmp(name, XATTR_NAME_SMACK))	717	if (strcmp(name, XATTR_NAME_SMACK))
714	return;	718	return;
715		719
716	if (size >= SMK_LABELLEN)
717	return;
718
719	isp = dentry->d_inode->i_security;	720	isp = dentry->d_inode->i_security;
720		721
721	/*	722	/*


diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index a0affd9cfca8..d4d41b3efc7c 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11
@@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename)
1773	envp[2] = NULL;	1773	envp[2] = NULL;
1774	call_usermodehelper(argv[0], argv, envp, 1);	1774	call_usermodehelper(argv[0], argv, envp, 1);
1775		1775
1776	printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n");	1776	printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
1777	printk(KERN_INFO "Mandatory Access Control activated.\n");	1777	printk(KERN_INFO "Mandatory Access Control activated.\n");
1778	tomoyo_policy_loaded = true;	1778	tomoyo_policy_loaded = true;
1779	{ /* Check all profiles currently assigned to domains are defined. */	1779	{ /* Check all profiles currently assigned to domains are defined. */
@@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename)
1800	static int tomoyo_read_version(struct tomoyo_io_buffer *head)	1800	static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1801	{	1801	{
1802	if (!head->read_eof) {	1802	if (!head->read_eof) {
1803	tomoyo_io_printf(head, "2.2.0-pre");	1803	tomoyo_io_printf(head, "2.2.0");
1804	head->read_eof = true;	1804	head->read_eof = true;
1805	}	1805	}
1806	return 0;	1806	return 0;


diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index e77e6a6de0f2..678f4ff16aa4 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11


diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 2f2b449ffd2d..2d6748741a26 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11


diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 65f50c1c5ee9..2316da8ec5bc 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11


diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d47f16b844b2..bf8e2b451687 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c
@@ -5,13 +5,14 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11
12	#include <linux/types.h>	12	#include <linux/types.h>
13	#include <linux/mount.h>	13	#include <linux/mount.h>
14	#include <linux/mnt_namespace.h>	14	#include <linux/mnt_namespace.h>
		15	#include <linux/fs_struct.h>
15	#include "common.h"	16	#include "common.h"
16	#include "realpath.h"	17	#include "realpath.h"
17		18


diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h index 7ec9fc9cbc07..78217a37960b 100644 --- a/security/tomoyo/realpath.h +++ b/security/tomoyo/realpath.h
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11


diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3eeeae12c4dc..5b481912752a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11


diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index a0c8f6e0bea4..41c6ebafb9c5 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h
@@ -5,7 +5,7 @@
5	*	5	*
6	* Copyright (C) 2005-2009 NTT DATA CORPORATION	6	* Copyright (C) 2005-2009 NTT DATA CORPORATION
7	*	7	*
8	* Version: 2.2.0-pre 2009/02/01	8	* Version: 2.2.0 2009/04/01
9	*	9	*
10	*/	10	*/
11		11