diff -Nru linux-2.6.31.3.org/include/linux/lids_netlink.h linux-2.6.31.3/include/linux/lids_netlink.h --- linux-2.6.31.3.org/include/linux/lids_netlink.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/include/linux/lids_netlink.h 2009-10-09 15:46:08.000000000 -0400 @@ -0,0 +1,18 @@ +/* + * LIDS services exported to the rest of the kernel. + * + * Author: Kazuki Omo + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#include + +int lids_netfilter_ip_local_out; +#ifdef CONFIG_LIDS_NF_MARK +lids_netfilter_ip_local_out = 1; +#else +lids_netfilter_ip_local_out = 0; +#endif diff -Nru linux-2.6.31.3.org/security/Kconfig linux-2.6.31.3/security/Kconfig --- linux-2.6.31.3.org/security/Kconfig 2009-10-07 17:39:51.000000000 -0400 +++ linux-2.6.31.3/security/Kconfig 2009-08-22 01:45:27.000000000 -0400 @@ -133,6 +133,8 @@ source security/smack/Kconfig source security/tomoyo/Kconfig +source security/lids/Kconfig + source security/integrity/ima/Kconfig endmenu diff -Nru linux-2.6.31.3.org/security/lids/.built-in.o.cmd linux-2.6.31.3/security/lids/.built-in.o.cmd --- linux-2.6.31.3.org/security/lids/.built-in.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.built-in.o.cmd 2009-09-20 11:57:13.000000000 -0400 @@ -0,0 +1 @@ +cmd_security/lids/built-in.o := ld -m elf_i386 -r -o security/lids/built-in.o security/lids/lids.o diff -Nru linux-2.6.31.3.org/security/lids/include/linux/lidsext.h linux-2.6.31.3/security/lids/include/linux/lidsext.h --- linux-2.6.31.3.org/security/lids/include/linux/lidsext.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/include/linux/lidsext.h 2009-01-17 10:32:52.000000000 -0500 @@ -0,0 +1,122 @@ +#ifndef LIDSEXT_H +#define LIDSEXT_H + +/* + * This file contains LIDS macros needed for logging and debugging, + * used about everywhere in the kernel. + * + */ + +/* needed extern declarations */ + +#include + +extern void lids_cap_log(int); +extern void lids_ext_cap_log(int); +extern int lids_cap_time_checker(const int); +extern int lids_local_off(void); +extern int lids_reload_conf; +extern int lids_load; +extern int lids_local_on; +extern int lids_local_pid; +extern int lids_first_time; +extern int lids_state; + +#ifdef CONFIG_LIDS_DEBUG +#define LIDS_DEBUG +#endif + +#define LIDS_STR2(x) #x +#define LIDS_STR(X) LIDS_STR2(X) + +#ifdef LIDS_DEBUG +#define LIDS_DBG(fmt, arg...) \ + printk(KERN_DEBUG "LIDS: %s:%i: " fmt, \ + __FUNCTION__, __LINE__, ## arg) +#else +#define LIDS_DBG(fmt, arg...) +#endif + +#ifdef CONFIG_LIDS_RESTRICT_MODE_SWITCH + +static inline int +lids_check_tty(struct tty_struct *tty) +{ + return (tty && !(0 +#ifdef CONFIG_LIDS_MODE_SWITCH_CONSOLE + || tty->driver->type == TTY_DRIVER_TYPE_CONSOLE +#endif +#ifdef CONFIG_LIDS_MODE_SWITCH_SERIAL + || tty->driver->type == TTY_DRIVER_TYPE_SERIAL +#endif +#ifdef CONFIG_LIDS_MODE_SWITCH_PTY + || tty->driver->type == TTY_DRIVER_TYPE_PTY +#endif +)); +} +#else +static inline int +lids_check_tty(struct tty_struct *tty) +{ + return 0; +} +#endif /* CONFIG_LIDS_RESTRICT_MODE_SWITCH */ + +extern void lids_log(int flood, const char *message, ...); + +#define LIDS_TIMEOUT_AFTER_FLOOD 60 + +#ifdef CONFIG_LIDS_NO_FLOOD_LOG + +#define lids_security_alert(message, args...) \ +do { \ + if (lids_load && lids_local_load) { \ + static unsigned long warning_time, no_flood_yet; \ + static DEFINE_SPINLOCK(lids_security_alert_lock); \ + \ + spin_lock(&lids_security_alert_lock); \ + \ +/* Make sure at least LIDS_TIMEOUT_AFTER_FLOOD \ + * passed since the last warning logged \ + */ \ + if ((!warning_time) || \ + (jiffies-warning_time > LIDS_TIMEOUT_AFTER_FLOOD * HZ)) { \ + warning_time = jiffies; no_flood_yet = 1; \ + lids_log(0, message , ## args); \ + } else if (no_flood_yet) { \ + warning_time = jiffies; no_flood_yet = 0; \ + lids_log(1, message , ## args); \ + } \ + spin_unlock(&lids_security_alert_lock); \ + } \ +} while (0) + +#else /* CONFIG_LIDS_NO_FLOOD_LOG */ + +#define lids_security_alert(message, args...) \ +do { \ + if (lids_load && lids_local_load) { \ + static DEFINE_SPINLOCK(lids_security_alert_lock); \ + \ + spin_lock(&lids_security_alert_lock); \ + lids_log(0, message , ## args); \ + spin_unlock(&lids_security_alert_lock); \ + } \ +} while (0) + +#endif /* CONFIG_LIDS_NO_FLOOD_LOG */ + + +#if 1 +#define lids_local_load (lids_local_on || (!lids_local_off())) +#else +#define lids_local_load 1 +#endif /* CONFIG_LIDS_ALLOW_SWITCH */ + +#ifdef CONFIG_LIDS_TDE +#define lids_tde 1 +#else +#define lids_tde 0 +#endif + +#endif /* LIDSEXT_H */ diff -Nru linux-2.6.31.3.org/security/lids/include/linux/lids.h linux-2.6.31.3/security/lids/include/linux/lids.h --- linux-2.6.31.3.org/security/lids/include/linux/lids.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/include/linux/lids.h 2009-06-11 12:51:23.000000000 -0400 @@ -0,0 +1,158 @@ +#ifndef LIDS_H +#define LIDS_H + +/* + * This file include everything needed for LIDS internals. + * The biggest part is included from in lidsif.h + * + */ +#include +#include +#include +#include +#include +#include +#include + +#include "lidsext.h" +#include "lidsif.h" + +#ifndef KERNEL_VERSION +#define KERNEL_VERSION(x, y, z) (((x)<<16)+((y)<<8)+(z)) +#endif + +#define LIDS_VERSION "2.2.3rc8" + +#define LIDS_ERROR(value) lids_acl_discovery?0:value + +#define LIDS_SHELLCODE_LENGTH 512 +#ifdef CONFIG_X86 +#define LIDS_SHELLCODE_STRING "\xcd\x80" /* X86 int 80 */ +#endif +#ifdef CONFIG_SPARC32 +#define LIDS_SHELLCODE_STRING "\x91\xd0\x20" /* SPARC, ta */ +#endif +#ifdef CONFIG_PPC +#define LIDS_SHELLCODE_STRING " \x44\xFF\xFF\x02\x7C\xE0\x3B\x78" /* system call, PPC */ +#endif +#ifdef CONFIG_MIPS +#define LIDS_SHELLCODE_STRING "\x02\x04\x8d\x0c" /* system call, MIPS from irix */ +#endif + +extern kernel_cap_t lids_cap_val; +extern struct lids_s_inode lidsadm; +extern char lids_state_name[3][9]; +extern int lids_load; /* 1 = load ids protection , 0 = don't load */ +extern int lids_init_setup; /* 1 = init the seutp, 0 = do not */ +extern lids_flags_t lids_flags; /* 1 = load ids protection , 0 = don't load */ +extern int lids_local_on; +extern lids_flags_t lids_flags; +extern int lids_acl_discovery; /* 1 = in ACL DISCOVERY MODE, 0 = in normal mode */ +extern int lids_update_version; +extern __u32 lids_cap_bset; + +int _open_namei(const char *pathname, int flag, int mode, struct nameidata *nd); +extern struct file *_filp_open(const char *filename, int flags, int mode); + +extern void lids_free_task_security(struct task_struct *tsk); + +int lids_init_task_acl(struct lids_task_acl *acl); +int lids_compute_acls(struct lids_subject_acl *current_s_acl, + struct lids_subject_acl *new_s_acl, + struct lids_subject_acl *computed_s_acl, int protect); +void lids_set_task_acl(struct lids_subject_acl *acl, struct task_struct *task); +void lids_free_lids_task_acl(struct lids_task_acl *acl); +/* +int lids_get_inode_security(struct dentry *o_dentry, + struct inode *inode); +*/ +extern struct lids_inode_acl *lids_do_get_acl(struct inode *inode); + + +extern struct lids_sys_acl *lids_search_acl(unsigned long int ino, dev_t dev, + unsigned long lids_curr); +extern int lids_check_base(struct dentry *dentry, int flag); +extern int lids_check_hidden_inode(unsigned long int ino, dev_t dev); +extern int lids_bind_checker(const int); +extern int lids_local_off(void); +extern int lids_execve(struct linux_binprm *); +//extern int lids_fork_task(struct task_struct *tsk, struct cred *new, const struct cred *old); +extern int lids_fork_task(struct cred *new, const struct cred *old); +extern int lids_sysctl_init(void); +extern void lids_sysctl_reset(void); +extern int lids_check_task_kill(struct task_struct *p, struct siginfo *info, int sig); + +extern void lids_free_task_acl(struct lids_task_acl *); +extern void lids_free_inode_acl(struct lids_inode_acl *); +extern void lids_free_subject_acl(struct lids_subject_acl *s_acl); + +extern void lids_do_inode_post_create(struct inode *inode, + struct dentry *dentry); +extern int lids_setup_task_acl(int state); +//extern struct dentry *lids_get_task_dentry(struct task_struct *task); +extern struct dentry *lids_get_task_dentry(struct task_struct *task, const struct cred *cred); + +//extern int lids_check_capable(struct task_struct *tsk, int cap, int log); +extern int lids_check_capable(const struct cred *cred, int cap, int log); +extern int lids_ext_capable(struct task_struct *tsk, int type); +extern void lids_free_security(struct task_struct *p); + +extern void lids_alert(int type, long dst, long dst2, char *name, char *action); +extern int lids_read_pw(void); +extern int do_lids_setup(void); +//extern int lids_check_capset(struct task_struct *tsk, kernel_cap_t a, kernel_cap_t set); +extern int lids_check_capset(const struct cred *cred, kernel_cap_t a, kernel_cap_t set); + +extern int lids_protected(struct dentry *base, int prot); + +extern char *lids_find_fullpathname(struct path *path, char *buf, int len); + +extern int lids_check_file_mmap(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags); + +extern int lids_get_task_acl(struct task_struct *task, struct lids_task_acl *task_acl, struct lids_inode_acl *i_acl); + +extern void lids_clear_lids_task_acl(struct lids_task_acl *task_acl); + +extern int lids_broadcast_port(int port); + +extern int create_lidsfs(void); +extern void remove_lidsfs(void); + +#ifdef CONFIG_LIDS_TPE +extern int lids_exec_tpe_permission(struct linux_binprm *bprm); +extern int lids_mmap_tpe_permission(struct file *file, unsigned long prot, unsigned long flags); +extern int lids_module_tpe_permission(struct module *mod); +extern int lids_tpe; +#endif + +#ifdef CONFIG_LIDS_TDE +extern void lids_tde_policy(struct path *path, struct task_struct *task); +#define LIDS_DEV_TTY_PATH "/dev/tty" +extern struct lids_s_inode lidsdevtty; +extern int lids_dev_tty(struct dentry *dentry); +extern int lids_read_dev_tty(void); +extern int lids_sandboxed(const struct cred *cred, struct lids_task_acl *task_acl); +#define lids_not_sandboxed(task, task_acl) \ + (!task || !(task_acl->s_acl) || !(task_acl->s_acl->sandbox)) +#define CAP_LIDS_SANDBOX_SAFE_SET to_lids_cap_t(~0 & \ + ~CAP_TO_MASK(CAP_SETPCAP) & \ + ~CAP_TO_MASK(CAP_SYS_RAWIO) & \ + ~CAP_TO_MASK(CAP_SYS_MODULE) & \ + ~CAP_TO_MASK(CAP_MKNOD) & \ + ~CAP_TO_MASK(CAP_SYS_PTRACE) & \ + ~CAP_TO_MASK(CAP_HIDDEN) & \ + ~CAP_TO_MASK(CAP_PROTECTED)) +#ifdef CONFIG_CAP_LIDS_SANDBOX_EFF_SET +#define CAP_LIDS_SANDBOX_EFF_SET CAP_LIDS_SANDBOX_SAFE_SET +#else +#define CAP_LIDS_SANDBOX_EFF_SET 0 +#endif /* CONFIG_CAP_LIDS_SANDBOX_EFF_SET */ +#else +#define lids_dev_tty(dentry) 0 +#define lids_read_dev_tty() do {} while (0) +#define lids_sandboxed(cred, task_acl) 0 +#define lids_not_sandboxed(task, task_acl) 0 +#define CAP_LIDS_SANDBOX_EFF_SET 0 +#endif /* CONFIG_LIDS_TDE */ + +#endif /* LIDS_H */ diff -Nru linux-2.6.31.3.org/security/lids/include/linux/lidsif.h linux-2.6.31.3/security/lids/include/linux/lidsif.h --- linux-2.6.31.3.org/security/lids/include/linux/lidsif.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/include/linux/lidsif.h 2009-04-18 03:04:10.000000000 -0400 @@ -0,0 +1,251 @@ +#ifndef LIDSIF_H +#define LIDSIF_H + +/* + * This file contains every definitions needed for interfacing + * kernel part and user space part of LIDS + * + */ + +/* + * If the file is not compiled for the kernel, + * it must include replacement file which contains + * a copy of every internal structure needed + * + */ +#ifdef __KERNEL__ +#include +#include +#else +#include +#include +#endif +#include + +/* LIDS add-on Capabilities */ +/* Allow to hide the proceed from the system */ +#define CAP_HIDDEN 29 + +/* Allow the process to KILL the init children */ +#define CAP_KILL_PROTECTED 30 + +#define CAP_PROTECTED 31 + +/* + * Here begin the common structures, shared by LIDS and + * lidstools + * + */ + +#define LIDS_FLAGS_LIDS_ON 0 +#define LIDS_FLAGS_RELOAD_CONF 1 +#define LIDS_FLAGS_LIDS_LOCAL_ON 2 +#define LIDS_FLAGS_STATUS 3 +#define LIDS_FLAGS_INIT 4 +#define LIDS_FLAGS_POSTBOOT 5 +#define LIDS_FLAGS_SHUTDOWN 6 +#define LIDS_FLAGS_ACL_DISCOVERY_ON 7 +#define LIDS_FLAGS_TPE_ON 8 + +/* + * ACL target. + */ + +#define LIDS_DENY 0 /* DENY ACCESS */ +#define LIDS_READONLY 1 /* Read Only File */ +#define LIDS_APPEND 2 /* APPEND ONLY FILE */ +#define LIDS_WRITE 4 /* Protect Writing to device */ +#define LIDS_IGNORE 8 /* Ignore the protection */ +#define LIDS_CAP 16 /* acl type is capability */ +#define LIDS_SOCKET 32 /* acl type is socket */ +#define LIDS_SOCKET_ENABLE 33 /* acl type is socket with Enable */ + +/* SOCKET CAP */ + +#define LIDS_SOCKET_CREATE 0 +#define LIDS_SOCKET_CONNECT 1 +#define LIDS_SOCKET_BIND 2 +#define LIDS_SOCKET_LISTEN 3 +#define LIDS_SOCKET_ACCEPT 4 +#define LIDS_SOCKET_SENDMSG 5 +#define LIDS_SOCKET_RECVMSG 6 +#define LIDS_SOCKET_GETSOCKNAME 7 +#define LIDS_SOCKET_GETPEERNAME 8 +#define LIDS_SOCKET_GETSOCKOPT 9 +#define LIDS_SOCKET_SETSOCKOPT 10 +#define LIDS_SOCKET_SHUTDOWN 11 +#define LIDS_SOCKET_CREATE_TCP 12 +#define LIDS_SOCKET_CREATE_UDP 13 +#define LIDS_SOCKET_NF_MARK 14 +#define LIDS_EXEC 15 +#define LIDS_CAP_PROTECTED 16 +#define LIDS_CAP_KILL_PROTECTED 17 +#define LIDS_SANDBOX 18 + +/* LIDS STATE */ +#define LIDS_STATE_GLOBAL 0 +#define LIDS_STATE_BOOT 1 +#define LIDS_STATE_POSTBOOT 2 +#define LIDS_STATE_SHUTDOWN 3 + +/* CONF FILE definition */ +#define LIDS_CONF_DIR "/etc/lids" + +#define LIDS_PW_FILE "/etc/lids/lids.pw" +#define LIDS_PW_LEN 32 + +#define XATTR_NAME_LIDS "security.lids" +#define XATTR_NAME_LIDS_BOOT "security.lids.boot" +#define XATTR_NAME_LIDS_POSTBOOT "security.lids.postboot" +#define XATTR_NAME_LIDS_SHUTDOWN "security.lids.shutdown" + +#define LIDS_BOOT_ACL_FILE "/etc/lids/lids.boot.acl" /* the acligure boot file */ +#define LIDS_POSTBOOT_ACL_FILE "/etc/lids/lids.postboot.acl" /* the acligure boot file */ +#define LIDS_SHUTDOWN_ACL_FILE "/etc/lids/lids.shutdown.acl" /* the acligure boot file */ + +#ifdef CONFIG_LIDS_SHRINK_SIZE +#define LIDS_BOOT_ACL_SIZEINFO_FILE "/etc/lids/lids.boot.acl.sz" +#define LIDS_POSTBOOT_ACL_SIZEINFO_FILE "/etc/lids/lids.postboot.acl.sz" +#define LIDS_SHUTDOWN_ACL_SIZEINFO_FILE "/etc/lids/lids.shutdown.acl.sz" +#endif +/* + * Me ? Paranoiac !? + * + * The magic numbers are all around the encrypted password. + * They have a null byte to bother ASCIIZ functions. + */ + +#define LIDS_MAGIC 0x5344494c +#define LIDS_MAGIC_1 0x004e6741 +#define LIDS_MAGIC_2 0x68002d62 +#define LIDS_MAGIC_3 0xe68400c3 +#define LIDS_MAGIC_4 0xd94aa400 + +#define LIDS_FLAG_FULL_SET (~0) +#define LIDS_FLAG_TO_MASK(flag) (1 << (flag)) +#define lids_flag_raise(flag, bit) ((flag) |= LIDS_FLAG_TO_MASK(bit)) +#define lids_flag_lower(flag, bit) ((flag) &= ~LIDS_FLAG_TO_MASK(bit)) +#define lids_flag_raised(flag, bit) ((flag) & LIDS_FLAG_TO_MASK(bit) & LIDS_FLAG_FULL_SET) + +#define LIDS_TIME_ITEM 2 +#define LIDS_PORT_ITEM 16 +#define LIDS_MAX_TRY 3 +#define LIDS_TTW_FAIL 3 + +#define LIDS_MAX_XATTR_LEN 8096 + +/* + * Define some function for computing capability + */ + +#ifdef STRICT_CAP_T_TYPECHECKS + +#define to_lids_cap_t(x) { x } +#define lids_cap_t(x) (x).cap + +#else + +#define to_lids_cap_t(x) (x) +#define lids_cap_t(x) (x) + +#endif + +#define lids_cap_raise(c, flag) (lids_cap_t(c) |= CAP_TO_MASK(flag)) +#define lids_cap_lower(c, flag) (lids_cap_t(c) &= ~CAP_TO_MASK(flag)) +#define lids_cap_raised(c, flag) (lids_cap_t(c) & CAP_TO_MASK(flag)) + +typedef __u32 lids_flags_t; + +typedef char passwd_t[64]; + +typedef struct lids_locks_s { + __u32 magic1; + kernel_cap_t cap_bset; + __u32 magic2; + lids_flags_t flags; + __u32 magic3; + passwd_t passwd; + __u32 magic4; +} __attribute__ ((__packed__)) lids_locks_t ; + +struct lids_s_dev { + __u32 major; + __u32 minor; +} __attribute__ ((__packed__)); + +struct lids_s_inode { + __u32 ino; + struct lids_s_dev dev; +} __attribute__ ((__packed__)); +struct lids_cap { + int inherit; /* this capabilities inherit level */ +} __attribute__ ((__packed__)); + +struct lids_object_acl { + __u32 sid; /* subject id*/ + __u32 oid; /* object id*/ + struct lids_s_inode inode; /* point the the original inode */ + __u32 type; /* READ WRITE APPEND DENY */ + __u32 inherit; /* the inherit level */ + struct lids_object_acl *next; +#ifdef __KERNEL__ + char name[64]; /* filename of the inode */ +#else + char name[PATH_MAX]; /* filename of the inode */ +#endif +} __attribute__ ((__packed__)) ; + +struct lids_subject_acl { + __u32 sid; /* sid */ + __u32 ext_cap; /* socket */ + __u32 mark; /* NF MARK */ + __u32 o_acl_num; /* the object number */ + __u32 port[16][2]; /* ports for CAP_NET_BIND_SERVICE */ + __u32 cport[16][2]; /* ports for CAP_NET_BROADCAST */ + kernel_cap_t sys_cap; /* Move from tsk */ + struct lids_cap cap_inherit[32]; /* inheritable array */ + struct lids_object_acl *o_acl; /* object acl */ +} __attribute__ ((__packed__)) ; + +#ifdef __KERNEL__ +struct lids_task_acl { + __u32 magic; + struct cred *cred; /* back to the pointer */ + struct lids_subject_acl *s_acl; + struct list_head list; + spinlock_t t_lock; /* lock */ + +} __attribute__ ((__packed__)); +#endif +struct lids_perm { + __u32 sid; + __u32 oid; + __u32 type; +} __attribute__ ((__packed__)); + +struct lids_inode_acl { + __u32 magic; + __u32 type; /* READ WRITE APPEND DENY */ + __u32 version; /* current vesion of acl*/ + __u32 flags; /* inode flags */ + struct lids_s_inode inode; /* point the the original inode */ + struct lids_perm perm[64]; /* the sid/oid that have perm on this file */ + struct lids_subject_acl *s_acl; +#ifdef __KERNEL__ + char name[64]; /* filename of the inode */ +#else + char name[PATH_MAX]; /* filename of the inode */ +#endif +} __attribute__ ((__packed__)) ; +struct lids_acl_header{ + __u32 magic; /* MAGIC */ + __u32 version; /* ACL Version */ + kernel_cap_t sys_cap; /* Overall Cap */ + __u32 ext_cap; /* Overall Ext Cap */ + __u32 discovery; /* Discovery Mode*/ + __u32 search; /* Search Matrix*/ + __u32 u_size; /* user size */ + struct lids_s_inode lidsadm; /* lidsadm's inode value*/ +} __attribute__ ((__packed__)); + +#endif diff -Nru linux-2.6.31.3.org/security/lids/include/linux/lids_sysctl.h linux-2.6.31.3/security/lids/include/linux/lids_sysctl.h --- linux-2.6.31.3.org/security/lids/include/linux/lids_sysctl.h 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/include/linux/lids_sysctl.h 2009-09-19 15:05:15.000000000 -0400 @@ -0,0 +1,175 @@ +#include +#include +#include + +#ifdef CONFIG_LIDS_ALLOW_LFS +#define lids_process_switch() \ +do { \ + if (lids_load != (lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON) != 0)) { \ + lids_load = (lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON) != 0);\ + lids_security_alert("LIDS switched to %d", lids_load);\ + if (lids_load) \ + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_ON); \ + else \ + lids_flag_lower(lids_flags, LIDS_FLAGS_LIDS_ON); \ + } \ + if (lids_local_on != \ + (lids_flag_raised(flags, LIDS_FLAGS_LIDS_LOCAL_ON) != 0)) { \ + lids_local_on = (lids_flag_raised(flags, LIDS_FLAGS_LIDS_LOCAL_ON) != 0); \ + /* XXX: Race condition here. We must first assign the PID */ \ + lids_security_alert("LIDS locally switched to %i", \ + lids_local_on); \ + if (lids_local_on) { \ + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_LOCAL_ON); \ + } else { \ + lids_local_pid = current->real_parent->pid; \ + \ + if (lids_local_pid == 1) { /* this doesn't apply to init */\ + printk \ + ("Can't give local lids deactivation to init!!\n"); \ + lids_flag_raise(lids_flags, \ + LIDS_FLAGS_LIDS_LOCAL_ON); \ + lids_local_on = 1; \ + } else \ + lids_flag_lower(lids_flags, LIDS_FLAGS_LIDS_LOCAL_ON); \ + } \ + } \ +} while (0); +#else +#define lids_process_switch() \ +do { \ + if (!lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON)) { \ + lids_security_alert \ + ("Attempt to switch LIDS off (feature disabled)"); \ + return -1; \ + } \ +} while (0); +#endif + +#ifdef CONFIG_LIDS_ALLOW_SWITCH + +#define lids_process_password() \ +do { \ + char lids_sig[LIDS_PW_LEN*2]; \ + struct cred *cred; \ + if ((!lids_first_time) || (locks.passwd[0])) { \ + lids_sha256(locks.passwd, LIDS_PW_LEN, lids_sig); \ + memset((char *)locks.passwd, '\0', sizeof(passwd_t)); \ + } \ + if (((lids_first_time) && (!locks.passwd[0])) || \ + (!memcmp(lids_sig, lids_pw, LIDS_PW_LEN))) { \ + /* access granted ! */ \ + number_failed = 0; \ + if (lids_process_flags(locks.flags) == 0) { \ + /* Seal the kernel,we can change the cap_set here */\ + if (lids_first_time || \ + lids_flag_raised(locks.flags, \ + LIDS_FLAGS_RELOAD_CONF)\ + || lids_flag_raised(locks.flags, \ + LIDS_FLAGS_SHUTDOWN)) { \ + cred = (struct cred *) current->cred; \ + cred->cap_bset = lids_cap_val; \ + lids_cap_bset = lids_cap_val.cap[0]; \ + } else { \ + cred = (struct cred *) current->cred; \ + cred->cap_bset = locks.cap_bset; \ + lids_cap_bset = locks.cap_bset.cap[0]; } \ + lids_security_alert \ + ("Changed: cap_bset=0x%x lids_flags=0x%x",\ + lids_cap_t(cred->cap_bset), lids_flags); \ + } \ + lids_first_time = 0; \ + } else { \ + number_failed++; \ + lids_security_alert \ + ("Give incorrect password (try #%d) with caps=0x%x and flags=0x%x",\ + number_failed, lids_cap_t(locks.cap_bset), locks.flags); \ + if (number_failed >= LIDS_MAX_TRY) { \ + wait_after_fail = 1; \ + init_timer(&fail_timer); \ + fail_timer.function = reenable_sysctl; \ + fail_timer.data = (unsigned long)NULL; \ + fail_timer.expires = \ + jiffies + LIDS_TTW_FAIL * HZ; \ + add_timer(&fail_timer); \ + } \ + } \ +} while (0); +#else +#define lids_process_password() \ +do { \ + if ((lids_first_time) && (!locks.passwd[0])) { \ + /* access granted ! */ \ + number_failed = 0; \ + if (lids_process_flags(locks.flags) == 0) { \ + if (lids_first_time || \ + lids_flag_raised(locks.flags, \ + LIDS_FLAGS_RELOAD_CONF)\ + || lids_flag_raised(locks.flags, \ + LIDS_FLAGS_SHUTDOWN)) { \ + current->cap_bset = lids_cap_val; \ + lids_cap_bset = lids_cap_val; \ + } else { \ + current->cap_bset = locks.cap_bset; \ + lids_cap_bset = current->cap_bset.cap[0]; } \ + lids_security_alert \ + ("Changed: cap_bset=0x%x lids_flags=0x%x",\ + lids_cap_t(current->cap_bset), lids_flags); \ + } \ + lids_first_time = 0;\ + lids_security_alert \ + ("Attempt %d to switch caps/flags with caps=0x%x and flags=0x%x (feature disabled)",\ + number_failed, lids_cap_t(locks.cap_bset), locks.flags);\ + } \ +} while (0); +#endif + +#ifdef CONFIG_LIDS_ALLOW_SWITCH +static char lids_pw[LIDS_PW_LEN+16]; +int lids_read_pw() +{ + struct file *filp; + char buffer[LIDS_PW_LEN]; + mm_segment_t oldfs; + int bytes; + int error = 0; + + filp = filp_open(LIDS_PW_FILE, O_RDONLY, 0); + if (IS_ERR(filp) || (filp == NULL)) { + error = -1; + printk(KERN_INFO "LIDS: Error opening passwd file " LIDS_PW_FILE + ". Does it exist?\n"); + return error; + } + + if (filp->f_op->read == NULL) { + fput(filp); + error = -3; + printk(KERN_INFO "LIDS: The file " LIDS_PW_FILE " can not be read\n"); + return error; + } + + /* Now read LIDS_PW_LEN bytes from postion "StartPos" */ + filp->f_pos = 0; + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, buffer, LIDS_PW_LEN, &filp->f_pos); + set_fs(oldfs); + + if (bytes < LIDS_PW_LEN) { + printk(KERN_INFO "LIDS: The file " LIDS_PW_FILE " is too short, need %d, got %d\n", LIDS_PW_LEN, bytes); + return -1; + } + + memset(lids_pw, '\0', LIDS_PW_LEN); + memcpy(lids_pw, buffer, LIDS_PW_LEN); + /* Close the file */ + fput(filp); + return error; +} +#else +int lids_read_pw() +{ + return 0; +} +#endif diff -Nru linux-2.6.31.3.org/security/lids/include/linux/lids_sysctl.h.org linux-2.6.31.3/security/lids/include/linux/lids_sysctl.h.org --- linux-2.6.31.3.org/security/lids/include/linux/lids_sysctl.h.org 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/include/linux/lids_sysctl.h.org 2009-02-23 08:55:52.000000000 -0500 @@ -0,0 +1,175 @@ +#include +#include +#include + +#ifdef CONFIG_LIDS_ALLOW_LFS +#define lids_process_switch() \ +do { \ + if (lids_load != (lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON) != 0)) { \ + lids_load = (lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON) != 0);\ + lids_security_alert("LIDS switched to %d", lids_load);\ + if (lids_load) \ + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_ON); \ + else \ + lids_flag_lower(lids_flags, LIDS_FLAGS_LIDS_ON); \ + } \ + if (lids_local_on != \ + (lids_flag_raised(flags, LIDS_FLAGS_LIDS_LOCAL_ON) != 0)) { \ + lids_local_on = (lids_flag_raised(flags, LIDS_FLAGS_LIDS_LOCAL_ON) != 0); \ + /* XXX: Race condition here. We must first assign the PID */ \ + lids_security_alert("LIDS locally switched to %i", \ + lids_local_on); \ + if (lids_local_on) { \ + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_LOCAL_ON); \ + } else { \ + lids_local_pid = current->real_parent->pid; \ + \ + if (lids_local_pid == 1) { /* this doesn't apply to init */\ + printk \ + ("Can't give local lids deactivation to init!!\n"); \ + lids_flag_raise(lids_flags, \ + LIDS_FLAGS_LIDS_LOCAL_ON); \ + lids_local_on = 1; \ + } else \ + lids_flag_lower(lids_flags, LIDS_FLAGS_LIDS_LOCAL_ON); \ + } \ + } \ +} while (0); +#else +#define lids_process_switch() \ +do { \ + if (!lids_flag_raised(flags, LIDS_FLAGS_LIDS_ON)) { \ + lids_security_alert \ + ("Attempt to switch LIDS off (feature disabled)"); \ + return -1; \ + } \ +} while (0); +#endif + +#ifdef CONFIG_LIDS_ALLOW_SWITCH + +#define lids_process_password() \ +do { \ + char lids_sig[LIDS_PW_LEN*2]; \ + struct cred *cred; \ + if ((!lids_first_time) || (locks.passwd[0])) { \ + lids_sha256(locks.passwd, LIDS_PW_LEN, lids_sig); \ + memset((char *)locks.passwd, '\0', sizeof(passwd_t)); \ + } \ + if (((lids_first_time) && (!locks.passwd[0])) || \ + (!memcmp(lids_sig, lids_pw, LIDS_PW_LEN))) { \ + /* access granted ! */ \ + number_failed = 0; \ + if (lids_process_flags(locks.flags) == 0) { \ + /* Seal the kernel,we can change the cap_set here */\ + if (lids_first_time || \ + lids_flag_raised(locks.flags, \ + LIDS_FLAGS_RELOAD_CONF)\ + || lids_flag_raised(locks.flags, \ + LIDS_FLAGS_SHUTDOWN)) { \ + cred = (struct cred *) current->real_parent->cred; \ + cred->cap_bset = lids_cap_val; \ + lids_cap_bset = lids_cap_val.cap[0]; \ + } else { \ + cred = (struct cred *) current->real_parent->cred; \ + cred->cap_bset = locks.cap_bset; \ + lids_cap_bset = locks.cap_bset.cap[0]; } \ + lids_security_alert \ + ("Changed: cap_bset=0x%x lids_flags=0x%x",\ + lids_cap_t(cred->cap_bset), lids_flags); \ + } \ + lids_first_time = 0; \ + } else { \ + number_failed++; \ + lids_security_alert \ + ("Give incorrect password (try #%d) with caps=0x%x and flags=0x%x",\ + number_failed, lids_cap_t(locks.cap_bset), locks.flags); \ + if (number_failed >= LIDS_MAX_TRY) { \ + wait_after_fail = 1; \ + init_timer(&fail_timer); \ + fail_timer.function = reenable_sysctl; \ + fail_timer.data = (unsigned long)NULL; \ + fail_timer.expires = \ + jiffies + LIDS_TTW_FAIL * HZ; \ + add_timer(&fail_timer); \ + } \ + } \ +} while (0); +#else +#define lids_process_password() \ +do { \ + if ((lids_first_time) && (!locks.passwd[0])) { \ + /* access granted ! */ \ + number_failed = 0; \ + if (lids_process_flags(locks.flags) == 0) { \ + if (lids_first_time || \ + lids_flag_raised(locks.flags, \ + LIDS_FLAGS_RELOAD_CONF)\ + || lids_flag_raised(locks.flags, \ + LIDS_FLAGS_SHUTDOWN)) { \ + current->cap_bset = lids_cap_val; \ + lids_cap_bset = lids_cap_val; \ + } else { \ + current->cap_bset = locks.cap_bset; \ + lids_cap_bset = current->cap_bset.cap[0]; } \ + lids_security_alert \ + ("Changed: cap_bset=0x%x lids_flags=0x%x",\ + lids_cap_t(current->cap_bset), lids_flags); \ + } \ + lids_first_time = 0;\ + lids_security_alert \ + ("Attempt %d to switch caps/flags with caps=0x%x and flags=0x%x (feature disabled)",\ + number_failed, lids_cap_t(locks.cap_bset), locks.flags);\ + } \ +} while (0); +#endif + +#ifdef CONFIG_LIDS_ALLOW_SWITCH +static char lids_pw[LIDS_PW_LEN+16]; +int lids_read_pw() +{ + struct file *filp; + char buffer[LIDS_PW_LEN]; + mm_segment_t oldfs; + int bytes; + int error = 0; + + filp = filp_open(LIDS_PW_FILE, O_RDONLY, 0); + if (IS_ERR(filp) || (filp == NULL)) { + error = -1; + printk(KERN_INFO "LIDS: Error opening passwd file " LIDS_PW_FILE + ". Does it exist?\n"); + return error; + } + + if (filp->f_op->read == NULL) { + fput(filp); + error = -3; + printk(KERN_INFO "LIDS: The file " LIDS_PW_FILE " can not be read\n"); + return error; + } + + /* Now read LIDS_PW_LEN bytes from postion "StartPos" */ + filp->f_pos = 0; + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, buffer, LIDS_PW_LEN, &filp->f_pos); + set_fs(oldfs); + + if (bytes < LIDS_PW_LEN) { + printk(KERN_INFO "LIDS: The file " LIDS_PW_FILE " is too short, need %d, got %d\n", LIDS_PW_LEN, bytes); + return -1; + } + + memset(lids_pw, '\0', LIDS_PW_LEN); + memcpy(lids_pw, buffer, LIDS_PW_LEN); + /* Close the file */ + fput(filp); + return error; +} +#else +int lids_read_pw() +{ + return 0; +} +#endif diff -Nru linux-2.6.31.3.org/security/lids/Kconfig linux-2.6.31.3/security/lids/Kconfig --- linux-2.6.31.3.org/security/lids/Kconfig 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/Kconfig 2009-01-17 10:32:52.000000000 -0500 @@ -0,0 +1,191 @@ +# +# Kconfig for LIDS +# + +config LIDS + depends on SECURITY + default n + bool "Linux Intrusion Detection System support" + help + LIDS - Linux Intrusion Detection System can let you protect + your linux kernel. + + In order to use LIDS, you need to download the lidstools first + from http://www.lids.org/ + + Please read help provided with each option carefully. At the end + of each option we indicate what answer will increase security. + Be aware that security always has side effects, and some + programs could break. + + If you have any questions about LIDS, mail to the authors : + Huagang Xie ( xie@www.lids.org) + Philippe.biondi (philippe.biondi@webmotion.net) + + or visit lids home , + http://www.lids.org/ + + And you can get help from the LIDS Mailing list at + http://www.lids.org/maillist.html + + If your want to make LIDS as module, say "M" here , or if you + want to build it into the kernel, say "Y" here. otherwise, + say "N". + +config LIDS_NO_FLOOD_LOG + bool "Attempt not to flood logs" + depends on LIDS + default y + help + If you say Yes here, LIDS will try not to flood logs with the + same message repeated a lot of times. + + Saying yes will increase security. + +config LIDS_ALLOW_SWITCH + bool "Allow switching the LFS and States" + depends on LIDS && PROC_FS && CRYPTO_SHA256 + default y + help + If you say Yes here, you will enable the switch the LIDS between states + Note: You must set a password with 'lidsadm -P' + +config LIDS_ALLOW_LFS + bool "Allow switch the Linux Free Session" + depends on LIDS && LIDS_ALLOW_SWITCH + default y + help + If you say Yes here, you will enable the possibility to switch LIDS on and off. + + You can turn LIDS off only on current console by + lidsadm -S -- -LIDS + or globally off by + lidsadm -S -- -LIDS_GLOBAL + by enable this option. + + Saying no increases security. + +config LIDS_RESTRICT_MODE_SWITCH + bool "Restrict mode switching to specified terminals" + depends on LIDS && LIDS_ALLOW_SWITCH + default n + help + If you enable this option, mode switching will be only allowed + from specified terminal types. + +config LIDS_MODE_SWITCH_CONSOLE + bool "Allow mode switching from a Linux Console" + depends on LIDS && LIDS_RESTRICT_MODE_SWITCH + default y + help + Allow mode switching from a Linux Console. + +config LIDS_MODE_SWITCH_SERIAL + bool "Allow mode switching from a serial Console" + depends on LIDS && LIDS_RESTRICT_MODE_SWITCH + help + Allow mode switching from a serial Console. + +config LIDS_MODE_SWITCH_PTY + bool "Allow mode switching from a PTY" + depends on LIDS && LIDS_RESTRICT_MODE_SWITCH + help + Allow mode switching from a PTY. + +config LIDS_NF_MARK + bool "LIDS NFMark option" + depends on LIDS + default n + help + If you say Yes here, LIDS will be able to use NFMARK. + +config LIDS_TPE + bool "Enable LIDS Trusted Path Execution (TPE) mode feature(EXPERIMENTAL)" + depends on LIDS + default n + help + This option configures Trusted Path Execution (TPE) mode in LIDS. + If you say Yes here, you will be allowed to switch TPE mode on and + off in LIDS by using "lidsadm -S -- +TPE" and " lidsadm -S -- -TPE". + The TPE mode can be switched on as well when sealing the kernel, + using "lidsadm -I +TPE". + + If this option is not selected, TPE mode won't be available in LIDS. + + In TPE mode, i.e., when TPE mode is on, LIDS will only execute programs + as well as libraries, and load kernel modules as far as they are + at least protected with READONLY. + + Please be aware that script-based programs, such as Bash, Perl, Phyton + programs and so on, can be executed by running the corresponding + interpreter and passing the programs to the interpreter. In this case, + if the interpeter is protected LIDS cannot prevent the programs from + running even in TPE mode. + + Saying yes increases security. + +config LIDS_TDE + bool "Enable LIDS Trusted Domain Enforcement (TDE) feature(EXPERIMENTAL)" + depends on LIDS + default n + help + This option enables Trusted Domain Enforcement (TDE) feature in LIDS. + If you say Yes here, LIDS will enforce a TDE policy: A privileged process + that reads unprotected input, including character devices, files, etc, + will be moved into the untrusted domain. + + A process moved into the untrusted domain still runs, but loses its + privileges, including granted capabilities, set in LIDS ACLs. + This will help reduce security risks to a certain extent in case + the process is abused with malicious input. + + Granting LIDS_CAP_PROTECTED to a process will force LIDS not to move the + process into the untrusted domain even if the process reads unprotected + input. In some cases, you need to grant LIDS_CAP_PROTECTED to special + processes that really need input from the standard input to make them + run properly. The '/bin/su' program is an example. But care must + be taken when granting LIDS_CAP_PROTECTED to a process. Granting this + capability to a not-so-well written script/binary increases the risks of + the privileges/capabilities being abused by malicious input. + + TDE also enables an application sandboxing feature in LIDS. + Once you put an application (say, /opt/myls) into a sandbox as follows: + + # lidsconf -A -s /opt/myls -o LIDS_SANDBOX -j ENABLE + + All rules for '/opt/myls' in order to run properly must be explicitly + set. Thus, the basic principle for a sandboxed application is + not "Default first, specific follows" but "All must be specified". + The more specific the rules are, the tighter the sandbox is. + + Saying yes increases security. + +config CAP_LIDS_SANDBOX_EFF_SET + bool "Enable LIDS Sandbox Effective Capability Set(EXPERIMENTAL)" + depends on LIDS && LIDS_TDE + default n + help + If you say Yes here, LIDS Sandbox Effective Capability Set is + defined. All capabilities for a sandboxed process, except the + following, are enabled by default: + CAP_SETPCAP + CAP_SYS_RAWIO + CAP_MKNOD + CAP_SYS_PTRACE + CAP_HIDDEN + CAP_PROTECTED + + Saying no will increase security. + +config LIDS_SHRINK_SIZE + bool "Shrink the size of ACLs(EXPERIMENTAL)" + depends on LIDS && 4KSTACKS!=y + help + Shrink the size of ACLs information. Disable 4K Stacks under "Kernel Hacking" when you wish to use this option. + +config LIDS_DEBUG + bool "LIDS Debug Option" + depends on LIDS + default n + help + If you say Yes here, LIDS Debug-mode will enable . diff -Nru linux-2.6.31.3.org/security/lids/lids_acl.c linux-2.6.31.3/security/lids/lids_acl.c --- linux-2.6.31.3.org/security/lids/lids_acl.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_acl.c 2009-10-09 11:36:23.000000000 -0400 @@ -0,0 +1,1189 @@ +/* + * LIDS ACL functions + * + * Copyright (C) 2002,2004 Huagang Xie + * Copyright (C) 2002,2003 Philippe Biondi + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +/* + * Changes: + * + * [Oct 14 1999, Xie Huagang] initial creation + * [Sep 26 2000, Xie Huagang] Port to linux 2.4.0-test8 + * [Feb 23 2003, Xie Huagang] LSM support for 2.5.x + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + + /*********************************************************************** + * General variables + ***********************************************************************/ +int lids_load = 1; +int lids_local_on = 1; +int lids_acl_discovery; /* */ +lids_flags_t lids_flags; +int lids_local_pid; +u32 lids_current; +int lids_first_time = 1; + +int lids_state = LIDS_STATE_BOOT; /* initial state is boot */ + +void *b11; +static int lids_get_inode_security(struct dentry *o_dentry, + struct inode *inode); + +/* + * Free routine + * + */ +static void +lids_free_object_acl(struct lids_object_acl *o_acl) +{ + struct lids_object_acl *p; + + if (!o_acl) + return; + + while (o_acl) { + p = o_acl->next; + kfree(o_acl); + o_acl = p; + } +} + +void +lids_free_subject_acl(struct lids_subject_acl *s_acl) +{ + struct lids_object_acl *o_acl; + + if (!s_acl) + return; + + o_acl = s_acl->o_acl; + lids_free_object_acl(o_acl); + kfree(s_acl); +} + +void +lids_free_inode_acl(struct lids_inode_acl *i_acl) +{ + if (!i_acl) + return; + if (i_acl->magic != LIDS_MAGIC) + return; + + lids_free_subject_acl(i_acl->s_acl); + kfree(i_acl); +} + +/* + * free the lids acl structure here + */ +void +lids_free_task_acl(struct lids_task_acl *task_acl) +{ + struct lids_subject_acl *s_acl; + + if (!task_acl) + return; + + s_acl = task_acl->s_acl; + lids_free_subject_acl(s_acl); + kfree(task_acl); + return; +} + +/** + * lids_clear_lids_task_acl - clear a lids_task_acl without freeing + * lids_task_acl->lids_sys_acl. + * @acl - target lids_task_acl to be cleared + */ +void +lids_clear_lids_task_acl(struct lids_task_acl *task_acl) +{ + struct lids_subject_acl *this_sys_acl = task_acl->s_acl; + struct lids_object_acl *this_object_acl, *next_object_acl; + + + task_acl->s_acl->sys_cap.cap[0] = 0x0UL; + if (!this_sys_acl) + return; + + this_object_acl = this_sys_acl->o_acl; + while (this_object_acl) { + next_object_acl = this_object_acl->next; + kfree(this_object_acl); + this_object_acl = next_object_acl; + } + + memset(this_sys_acl, 0, sizeof(struct lids_subject_acl)); + this_sys_acl->port[0][0] = -1; + this_sys_acl->port[0][1] = -1; + this_sys_acl->cport[0][0] = -1; + this_sys_acl->cport[0][1] = -1; + this_sys_acl->o_acl = NULL; + + return; +} + +/* + * lids allocation routine + */ +static struct lids_task_acl * +lids_alloc_task_acl(struct cred *cred) +{ + struct lids_task_acl *task_acl; + + task_acl = kmalloc(sizeof(struct lids_task_acl), GFP_ATOMIC); + if (!task_acl) { + printk(KERN_INFO "LIDS: kmalloc error for task_acl\n"); + return NULL; + } + task_acl->magic = LIDS_MAGIC; + task_acl->cred = cred; + task_acl->s_acl = NULL; + INIT_LIST_HEAD(&task_acl->list); + spin_lock_init(&task_acl->t_lock); + + cred->security = task_acl; + + return task_acl; +} + +/*********************************************************************** + *********************************************************************** + * + * LIDS protection management + * + *********************************************************************** + ***********************************************************************/ + +int +lids_local_off(void) +{ + struct task_struct *t; + + rcu_read_lock(); + t = current; + while (t && (t->pid > 1)) { + if (t->pid == lids_local_pid) { + rcu_read_unlock(); + return 1; + } + t = t->real_parent; + } + rcu_read_unlock(); + return 0; +} + +/* + * + * LIDS ACL Function + * + */ + +static int +lids_check_acl_inode(struct inode *inode, int type) +{ + + const struct cred *cred = current_cred(); + struct lids_task_acl *task_acl = cred->security; + struct lids_object_acl *o_acl; + struct lids_inode_acl *i_acl = inode->i_security; + + int i = 0; + + if (!(task_acl && task_acl->s_acl)) + return -EPERM; + + if (!(i_acl)) + return -EPERM; + + /* Get dentry of current process, if any */ + + while (i_acl->perm[i].sid != 0 && i < 64) { + o_acl = task_acl->s_acl->o_acl; + + while (o_acl) { + if (i_acl->perm[i].sid == o_acl->sid && + i_acl->perm[i].oid == o_acl->oid) { + if (type & i_acl->perm[i].type) { + return 0 ; + } else { + return -EPERM; + } + } + o_acl = o_acl->next; + } + i++; + } + return -EPERM; +} + +/* +* ACLS computed routine. +*/ +static int +lids_compute_inherit_acl(struct lids_subject_acl *current_s_acl, + struct lids_subject_acl *computed_s_acl) +{ + struct lids_object_acl *src_acl, *dst_acl; + + computed_s_acl->o_acl = NULL; + src_acl = current_s_acl->o_acl; + + while (src_acl) { + if (src_acl->inherit != 0) { + dst_acl = + kmalloc(sizeof(struct lids_object_acl), + GFP_KERNEL); + if (!dst_acl) { + LIDS_DBG("kmalloc failed\n"); + lids_free_subject_acl(computed_s_acl); + return -ENOMEM; + } + memcpy(dst_acl, src_acl, + sizeof(struct lids_object_acl)); + if (dst_acl->inherit > 0) + dst_acl->inherit--; + + LIDS_DBG + (" +++ pid %i: 1 ACL inherited. remaining TTL : %i\n", + current->pid, dst_acl->inherit); + + dst_acl->next = computed_s_acl->o_acl; + computed_s_acl->o_acl = dst_acl; + + } else { + LIDS_DBG + (" + pid %i: 1 ACL not inherited: TTL elapsed.\n", + current->pid); + } + src_acl = src_acl->next; + } + LIDS_DBG("%s: = pid %i: %s inherit acls\n", __func__, current->pid, + computed_s_acl->o_acl ? "does" : "does not"); + return 0; +} + +static void +lids_compute_inherit_cap(struct lids_subject_acl *current_s_acl, + struct lids_subject_acl *computed_s_acl) +{ + int i; + + computed_s_acl->ext_cap = current_s_acl->ext_cap; + computed_s_acl->mark = current_s_acl->mark; + + if (!current_s_acl->sys_cap.cap[0]) + return; + computed_s_acl->sys_cap.cap[0] = 0; + /* reset the cap_inherit */ + for (i = 0; i < 32; i++) { + if (test_bit(i, (void *)¤t_s_acl->sys_cap.cap[0]) && + (current_s_acl->cap_inherit[i].inherit != 0)) { + set_bit(i, (void *)&computed_s_acl->sys_cap.cap[0]); + memcpy(&computed_s_acl->cap_inherit[i], + ¤t_s_acl->cap_inherit[i], + sizeof(struct lids_cap)); + if (current_s_acl->cap_inherit[i].inherit > 0) + computed_s_acl->cap_inherit[i].inherit--; + } + } + LIDS_DBG("%s: %d current %x computed %x\n", __func__, current->pid, current_s_acl->sys_cap.cap[0], computed_s_acl->sys_cap.cap[0]); + +} + +static int +lids_compute_new_acl(struct lids_subject_acl *new_s_acl, + struct lids_subject_acl *computed_s_acl) +{ + struct lids_object_acl *src_acl, *dst_acl; + + src_acl = new_s_acl->o_acl; + computed_s_acl->o_acl = NULL; + while (src_acl) { + LIDS_DBG(" + pid %i: getting a ne w fs ACL, %s type %d inherit %d\n", current->pid, src_acl->name, src_acl->type, src_acl->inherit); + dst_acl = kmalloc(sizeof(struct lids_object_acl), GFP_KERNEL); + if (!dst_acl) { + LIDS_DBG("kmalloc failed\n"); + return -3; + } + memcpy(dst_acl, src_acl, sizeof(struct lids_object_acl)); + dst_acl->next = computed_s_acl->o_acl; + computed_s_acl->o_acl = dst_acl; + src_acl = src_acl->next; + } + return 0; +} + +static void +lids_compute_new_cap(struct lids_subject_acl *new_s_acl, + struct lids_subject_acl *computed_s_acl) +{ + int i; + + computed_s_acl->sys_cap.cap[0] |= new_s_acl->sys_cap.cap[0]; + + /* 0. SOCKET inherit FIXME later */ + computed_s_acl->ext_cap |= new_s_acl->ext_cap; + /* if its real_parent do not has mark, use its own */ + computed_s_acl->mark |= new_s_acl->mark; + + memcpy(computed_s_acl->port, new_s_acl->port, sizeof(computed_s_acl->port)); + + for (i = 0; i < 32; i++) { + /* Here we do an unsigned comparison for -1 to be the biggest number */ + if (test_bit(i, (void *)&new_s_acl->sys_cap.cap[0]) && + ((u32) computed_s_acl->cap_inherit[i].inherit < + (u32) new_s_acl->cap_inherit[i].inherit)) + + computed_s_acl->cap_inherit[i].inherit = + new_s_acl->cap_inherit[i].inherit; + + } +} + +/* + * lids_set_acls, this_sys_acl must be NOT NULL. + * protected if the flag for current process, if it is under protected, protected = 1, otherwise = 0 + */ +int +lids_compute_acls(struct lids_subject_acl *current_s_acl, + struct lids_subject_acl *new_s_acl, + struct lids_subject_acl *computed_s_acl, int protect) +{ + + memset(computed_s_acl, 0, sizeof(struct lids_subject_acl)); + + if (current_s_acl) { + + LIDS_DBG("%s: + pid %i: inherit ACLs: %lx ext %lx port %d oacl %p\n", __func__, + current->pid, current_s_acl->sys_cap.cap[0], + current_s_acl->ext_cap, current_s_acl->port[0][0], + current_s_acl->o_acl); + + lids_compute_inherit_cap(current_s_acl, computed_s_acl); + + if (protect) { + if (lids_compute_inherit_acl + (current_s_acl, computed_s_acl) < 0) + return -ENOMEM; + } + } + + if (new_s_acl && protect) { + + LIDS_DBG + ("%s: + pid %i: getting new ACLs: cap %lx, ext_cap %lx computed %lx, ext %lx port %d oacl %p\n", __func__, + current->pid, new_s_acl->sys_cap.cap[0], new_s_acl->ext_cap, + new_s_acl->ext_cap, computed_s_acl->ext_cap, + new_s_acl->port[0][0], + new_s_acl->o_acl); + + lids_compute_new_cap(new_s_acl, computed_s_acl); + + if (lids_compute_new_acl(new_s_acl, computed_s_acl) < 0) + return -ENOMEM; + + + } + + LIDS_DBG("%s: = pid %i: final caps : %#lx ext_cap = %lx port %d o_acl = %p\n", + __func__, current->pid, computed_s_acl->sys_cap.cap[0], + computed_s_acl->ext_cap, computed_s_acl->port[0][0], computed_s_acl->o_acl); + + + return 0; +} + +/* + * apply the acl to task->security + */ +void +lids_set_task_acl(struct lids_subject_acl *s_acl, struct task_struct *task) +{ + struct lids_task_acl *acl = task->cred->security; + + if (!task || !s_acl) { + printk(KERN_INFO "LIDS: %s:yee..bug!\n", __func__); + return; + } + if (s_acl) { + /* check this acl, to see if it really contain an ACL */ + if (s_acl->sys_cap.cap[0] == 0 && s_acl->o_acl == NULL && + s_acl->ext_cap == 0) { + lids_free_subject_acl(s_acl); + /* lock ?? */ + spin_lock(&acl->t_lock); + acl->s_acl = NULL; + spin_unlock(&acl->t_lock); + } else { + /* lock ?? */ + spin_lock(&acl->t_lock); + acl->s_acl = s_acl; + spin_unlock(&acl->t_lock); + LIDS_DBG(" pid %i: set caps : %#lx\n", task->pid, + s_acl->sys_cap.cap[0]); + } + } + + return; +} + +static struct lids_subject_acl * +lids_copy_subject_acl(struct lids_subject_acl *src) +{ + + struct lids_object_acl *s, *d; + struct lids_subject_acl *dst; + + dst = (struct lids_subject_acl *) + kmalloc(sizeof(struct lids_subject_acl), GFP_KERNEL); + if (!dst) { + LIDS_DBG("kmalloc error\n"); + return NULL; + } + + memcpy(dst, src, sizeof(struct lids_subject_acl)); + + /* 1 . copy lids_acl */ + dst->o_acl = NULL; + s = src->o_acl; + while (s) { + d = kmalloc(sizeof(struct lids_object_acl), GFP_KERNEL); + if (!d) { + LIDS_DBG("kmalloc error\n"); + lids_free_subject_acl(dst); + return NULL; + } + memcpy(d, s, sizeof(struct lids_object_acl)); + d->next = dst->o_acl; + dst->o_acl = d; + s = s->next; + } + + return dst; +} + +/*********************************************************************** + * + * lids_check_base(); + * + * check if the base have been protected by the IDS system. + * use the base->d_parent + * check if the requried access can be permitted + */ + +int +lids_check_base(struct dentry *dentry, int flag) +{ + struct inode *inode = dentry->d_inode; + struct lids_inode_acl *i_acl; + const struct cred *cred = current_cred(); + struct lids_task_acl *current_task_acl = current_cred()->security; + struct lids_task_acl *p_task_acl = current->real_parent->cred->security; + int error; + + if (inode == NULL) + return 0; + +/* + if (cred == NULL) + return 0; +*/ + + if (current_task_acl == NULL) + return 0; + +/* + if (lids_local_on == 0) + return 0; +*/ + if (lids_local_load == 0) + return 0; + + error = lids_get_inode_security(dentry, inode); + + /* if current is sandboxed check directly current's ACLs */ + if (current_task_acl) { + if (lids_sandboxed(cred, current_task_acl)) { + LIDS_DBG("Process [pid %d ppid %d] is sandboxed \n", + current->pid, current->real_parent->pid); + /* ignore if dentry is /dev/tty */ + if (lids_dev_tty(dentry)) + return 0; + + /* ignore if object dentry is / */ + if ((inode->i_ino == 2)) + return 0; + + if (lids_check_acl_inode(inode, flag) != 0) + return -EPERM; + return 0; + } + } + + if (error) { + printk(KERN_INFO"%s: yeee. [%s] error ??\n", __func__, dentry->d_iname); + return -EPERM; + } + + i_acl = (struct lids_inode_acl *) inode->i_security; + + LIDS_DBG("%s: LIDS ACL: i_acl= %p, name=[%s], inode = %d\n", + __func__, i_acl, dentry->d_iname, inode->i_ino); + /* if it is a socket or link .. */ + if (i_acl == NULL) + return 0; + + /* do not have any acl */ + if (i_acl->type == 0xffffffff) + return 0; + + if (((i_acl->type) & flag) > 0) + return 0; + + return lids_check_acl_inode(inode, flag); +} + +/** + * lids_protected - check if 'base' is protected stronger than 'prot' + * Return 1 if true. Otherwise, return 0. + * @base - dentry to check + * @prot - protection mode + * + * To check if base is protected with READONLY mode at the minimum, + * prot should be set to LIDS_APPEND. + */ +int lids_protected(struct dentry *base, int prot) +{ + int permission = 0; + int i = 0; + struct dentry *dentry = base; + struct lids_inode_acl *i_acl; + + for (permission = 0; permission <= prot; permission++) { + i_acl = dentry->d_inode->i_security; + if (!i_acl) + return 1; + if (i_acl->type < permission) { + while (i_acl->perm[i].sid != 0 && i < 64) { + if (i_acl->perm[i].type > permission) + return 1; + i++; + } + return 1; + } + } + return 0; +} + +/** + * lids_free_lids_task_acl - free lids_task_acl + * @acl - target lids_task_acl to be freed + */ +void +lids_free_lids_task_acl(struct lids_task_acl *acl) +{ + struct lids_subject_acl *this_subject_acl = acl->s_acl; + struct lids_object_acl *this_object_acl, *next_object_acl; + + if (!this_subject_acl) { + return; + } + + this_object_acl = this_subject_acl->o_acl; + while (this_object_acl) { + next_object_acl = this_object_acl->next; + kfree(this_object_acl); + this_object_acl = next_object_acl; + } + LIDS_DBG("pid=%d begin to free %p\n", current->pid, + this_subject_acl); + kfree(this_subject_acl); + acl->s_acl = NULL; +} + +int +lids_get_task_acl(struct task_struct *task, struct lids_task_acl *task_acl, + struct lids_inode_acl *i_acl) +{ +/* + struct lids_subject_acl *task_s_acl = NULL; + struct lids_subject_acl *task_s_acl = NULL; + struct lids_subject_acl *current_s_acl = NULL; + struct lids_subject_acl *new_s_acl = NULL; + struct lids_subject_acl *computed_s_acl = NULL; +*/ + struct lids_subject_acl *task_s_acl; + struct lids_subject_acl *current_s_acl; + struct lids_subject_acl *new_s_acl; + struct lids_subject_acl *computed_s_acl; + + struct cred *cred = task->cred; + struct lids_task_acl *current_task_acl = NULL; + struct lids_task_acl *p_task_acl = NULL; + + current_task_acl = task->cred->security; + p_task_acl = task->real_parent->cred->security; + + int retval = 0; + + LIDS_DBG("%s:##### pid %i ppid %d\n", __func__, task->pid, + task->real_parent->pid); + + /* if no acl for itself and its real_parent has not acl */ + if (i_acl) + new_s_acl = i_acl->s_acl; + + if (task_acl) + task_s_acl = task_acl->s_acl; + + /* if no acl with this inode and not for its real_parent */ + if (!new_s_acl && !task_s_acl) + return 0; + + if (current_task_acl == NULL) { + current_task_acl = lids_alloc_task_acl(cred); + if (current_task_acl == NULL) { + printk(KERN_INFO + "LIDS: kmalloc memeory for task acl\n"); + return -ENOMEM; + } + } else { + if (current_task_acl->magic != LIDS_MAGIC) { + printk + (KERN_INFO + "LIDS: Bug!! task security magic mismatch!\n"); + /* return 0? */ + return 0; + } + } + current_s_acl = current_task_acl->s_acl; + + /* check if this program is protected or not */ + if (i_acl && (i_acl->type & LIDS_APPEND) == 0) { + /* task and its real_parent do not have acl */ + computed_s_acl = + kmalloc(sizeof(struct lids_subject_acl), GFP_KERNEL); + + if (computed_s_acl == NULL) { + printk(KERN_INFO "LIDS: kmalloc error for computed acl\n"); + retval = -ENOMEM; + goto out; + } + +#ifdef CONFIG_LIDS_TDE + if (computed_s_acl && + test_bit(LIDS_SANDBOX, (void *)&computed_s_acl->ext_cap)) { + lids_cap_raise(computed_s_acl->ext_cap, LIDS_SANDBOX); + } +#endif + + if (lids_compute_acls(task_s_acl, new_s_acl, computed_s_acl, 1) + < 0) { + lids_free_subject_acl(computed_s_acl); + retval = -EPERM; + goto out; + } + LIDS_DBG("%s: LIDS: protected pid %d %d get acl\n", + __func__, task->pid, task->real_parent->pid); + + spin_lock(¤t_task_acl->t_lock); + current_task_acl->s_acl = computed_s_acl; + spin_unlock(¤t_task_acl->t_lock); + } else { + /* reset all the privileges */ + /* maybe we need some locks here */ + if (task_s_acl) { + computed_s_acl = + kmalloc(sizeof(struct lids_subject_acl), + GFP_KERNEL); + if (computed_s_acl == NULL) { + printk + (KERN_INFO + "LIDS: kmalloc error for computed acl\n"); + retval = -ENOMEM; + goto out; + } + retval = lids_compute_acls(task_s_acl, NULL, computed_s_acl, 0); + if (retval < 0) { + lids_free_subject_acl(computed_s_acl); + retval = -EPERM; + goto out; + } + /* restrict socket access found */ + /* remove the capability but leave socket */ + if (computed_s_acl->ext_cap != 0) { + LIDS_DBG + ("LIDS: unprotected pid %d %d get socket inheritance\n", + task->pid, task->real_parent->pid); + lids_free_object_acl(computed_s_acl->o_acl); + computed_s_acl->o_acl = NULL; + computed_s_acl->sys_cap.cap[0] = 0; + memset(computed_s_acl->cap_inherit, 0, + 32 * sizeof(struct lids_cap)); + spin_lock(¤t_task_acl->t_lock); + current_task_acl->s_acl = computed_s_acl; + spin_unlock(¤t_task_acl->t_lock); + } else { + /* clean the task */ + task_lock(task); + cred = (struct cred *) task->cred; + cred->security = NULL; + task_unlock(task); + lids_free_subject_acl(computed_s_acl); + spin_lock(¤t_task_acl->t_lock); + current_task_acl->s_acl = NULL; + spin_unlock(¤t_task_acl->t_lock); + } + } + } + out: + lids_free_subject_acl(current_s_acl); + + current_s_acl = current_task_acl->s_acl; + if (!current_s_acl) { + task_lock(task); + cred = (struct cred *) task->cred; + cred->security = NULL; + task_unlock(task); + lids_free_task_acl(current_task_acl); + } + return retval; +} + +/* lids task acl */ +static LIST_HEAD(lids_init_head); +static DEFINE_SPINLOCK(lids_init_lock); + +static int +lids_push_task_acl(struct task_struct *task) +{ + struct lids_task_acl *task_acl; + const struct cred *cred=task->cred; + + /* init, ignore it */ + if (task->real_parent->pid == 0) + return 0; + + LIDS_DBG("%s: pushing %d %d\n", __func__, task->pid, + task->real_parent->pid); + task_acl = task->cred->security; + /* it maybe have acl when switch within states */ + if (!task_acl) { + /* can not sleep */ + task_acl = lids_alloc_task_acl(cred); + if (!task_acl) + return -ENOMEM; + + } + /* can I hold a lock */ + spin_lock(&lids_init_lock); + if (list_empty(&task_acl->list)) + list_add(&task_acl->list, &lids_init_head); + spin_unlock(&lids_init_lock); + return 0; +} + +/* + * + */ +struct dentry * +lids_get_task_dentry(struct task_struct *task, const struct cred *cred) +{ + struct dentry *dentry = NULL; + struct vm_area_struct *vma; + + if (task->mm) { + vma = task->mm->mmap; + while (vma) { + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { + dentry = vma->vm_file->f_path.dentry; + break; + } + vma = vma->vm_next; + } + } + return dentry; +} + +static int +lids_attach_task_acl(struct cred *cred) +{ + struct lids_task_acl *task_acl; + struct dentry *dentry = NULL; + int retval; + + /* Get dentry of current process, if any */ + + dentry = lids_get_task_dentry(current, cred); + if (!dentry) + return 0; + +// LIDS_DBG("attaching pid %d ppid %d %s\n", cred->pid, cred->real_parent->pid, +// dentry->d_iname); + + retval = lids_get_inode_security(dentry, dentry->d_inode); + if (retval < 0) + return retval; + + //task_acl = task->cred->security; + task_acl = cred->security; + if (task_acl->s_acl == NULL) + return retval; + + if (task_acl && task_acl->s_acl) { + lids_free_subject_acl(task_acl->s_acl); + /* FIXME lock ?? */ + task_acl->s_acl = NULL; + } + task_acl = current->real_parent->cred->security; + retval = lids_get_task_acl(current, task_acl, dentry->d_inode->i_security); + return retval; +} + +int +lids_setup_task_acl(int state) +{ + struct task_struct *p; + + rcu_read_lock(); + for_each_process(p) { + if (lids_push_task_acl(p) < 0) + return -1; + } + rcu_read_unlock(); + /* attach now */ + spin_lock(&lids_init_lock); + next_task: + if (!list_empty(&lids_init_head)) { + struct lids_task_acl *task_acl; + task_acl = list_entry(lids_init_head.next, + struct lids_task_acl, list); + spin_unlock(&lids_init_lock); + lids_attach_task_acl(task_acl->cred); + spin_lock(&lids_init_lock); + list_del_init(&task_acl->list); + goto next_task; + } + spin_unlock(&lids_init_lock); + + return 0; +} + +/* inode acl */ + +static int +lids_copy_inode_acl(struct lids_inode_acl *d_i_acl, struct lids_inode_acl *s_i_acl) +{ + struct lids_subject_acl *d_s_acl; + struct lids_object_acl *d_o_acl, *s_o_acl; + + memcpy(d_i_acl, s_i_acl, sizeof(struct lids_inode_acl)); + + LIDS_DBG("%s: inode name = %s, perm sid %d oid %d\n", __func__, s_i_acl->name, s_i_acl->perm[0].sid, s_i_acl->perm[0].oid); + + if (s_i_acl->s_acl) { + d_s_acl = kmalloc(sizeof(struct lids_subject_acl), GFP_KERNEL); + if (!d_s_acl) { + printk(KERN_INFO "%s: LIDS: kmalloc subject acl error\n", __func__); + return -ENOMEM; + } + memcpy(d_s_acl, s_i_acl->s_acl, sizeof(struct lids_subject_acl)); + + d_i_acl->s_acl = d_s_acl; + d_s_acl->o_acl = NULL; + + s_o_acl = s_i_acl->s_acl->o_acl; + + while (s_o_acl) { + d_o_acl = kmalloc(sizeof(struct lids_object_acl), GFP_KERNEL); + if (!d_o_acl) { + printk(KERN_INFO "%s: LIDS: kmalloc object acl error\n", __func__); + return -ENOMEM; + } + memcpy(d_o_acl, s_o_acl, sizeof(struct lids_object_acl)); + d_o_acl->next = d_s_acl->o_acl; + d_s_acl->o_acl = d_o_acl; + + s_o_acl = s_o_acl->next; + + } + } + return 0; +} + +static struct lids_inode_acl * +lids_set_inode_acl(struct inode *inode, struct lids_inode_acl *c_i_acl) +{ + struct lids_inode_acl *i_acl; + + i_acl = kmalloc(sizeof(struct lids_inode_acl), GFP_KERNEL); + if (!i_acl) { + printk(KERN_INFO "LIDS: kmalloc failed for inode_acl\n"); + return NULL; + } + if (!c_i_acl) { + c_i_acl = kmalloc(sizeof(struct lids_inode_acl), GFP_KERNEL); + if (!c_i_acl) { + printk(KERN_INFO "LIDS: fatal error c_i_acl kmalloc failed\n"); + return NULL; + } + memset(c_i_acl, 0, sizeof(struct lids_inode_acl)); + c_i_acl->version = lids_update_version; + c_i_acl->type = 0xffffffff; + c_i_acl->magic = LIDS_MAGIC; + } + lids_copy_inode_acl(i_acl, c_i_acl); + /* FIXME, if inode has security */ + + spin_lock(&inode->i_lock); + lids_free_inode_acl(inode->i_security); + inode->i_security = i_acl; + spin_unlock(&inode->i_lock); + + return c_i_acl; +} + +static int +lids_get_inode_security(struct dentry *dentry, struct inode *inode) +{ + struct lids_inode_acl *i_acl, *c_i_acl; + struct dentry *i_dentry = NULL; + + if (inode == NULL) + return 0; + + if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) + || S_ISLNK(inode->i_mode))) + return 0; + + LIDS_DBG("%s: ##### inode: mode %d [%d:%d %ld]\n", __func__, + inode->i_mode, + MAJOR(inode->i_sb->s_dev), + MINOR(inode->i_sb->s_dev), inode->i_ino); + + i_acl = inode->i_security; + if (i_acl && i_acl->version == lids_update_version) + return 0; + + + if (!dentry) { + printk(KERN_INFO "%s: dentry is NULL, Bug?\n", __func__); + return 0; + } + i_dentry = dentry; + while (1) { + c_i_acl = lids_do_get_acl(i_dentry->d_inode); + if (c_i_acl != NULL || i_dentry == i_dentry->d_parent) { + c_i_acl = lids_set_inode_acl(i_dentry->d_inode, c_i_acl); + break; + } + i_dentry = i_dentry->d_parent; + + i_acl = i_dentry->d_inode->i_security; + if (i_acl && i_acl->version == lids_update_version) { + c_i_acl = i_acl; + break; + } + } + if (!c_i_acl) + return -ENOMEM; + + while (dentry != i_dentry) { + c_i_acl = lids_set_inode_acl(dentry->d_inode, c_i_acl); + if (!c_i_acl) + return -ENOMEM; + dentry = dentry->d_parent; + /* it is root now */ + } + return 0; +} + +/* + * the current->security struct lids_sys_acl + */ +int +lids_execve(struct linux_binprm *bprm) +{ + struct lids_task_acl *current_task_acl = current_cred()->security; + struct lids_task_acl *p_current_task_acl = current->real_parent->cred->security; + struct dentry *dentry, *t_dentry; + struct lids_inode_acl *i_acl = NULL; + + /* if current is sandboxed check directly current's ACLs */ + int error; + + if (current->real_parent->pid == 0) + return 0; + + if (bprm == NULL) + return 0; + + if (bprm->file == NULL) + return 0; + + if (!bprm || !bprm->file) { + printk(KERN_INFO "LIDS: %s:BUG!\n", __func__); + return 0; + } + + LIDS_DBG("@@@@@@ %s:##### pid %i ppid %i exec [%s]\n", __func__, + current->pid, current->real_parent->pid, bprm->filename); + dentry = bprm->file->f_path.dentry; + /* check if this dentry is the same as this pid or not */ + /* LIDS_EXEC checking here */ + + t_dentry = lids_get_task_dentry(current, current_cred()); + + if (t_dentry && lids_load && lids_local_load + && lids_ext_capable(current, 15) < 0) { + if (dentry->d_inode->i_ino != t_dentry->d_inode->i_ino || + dentry->d_inode->i_sb->s_dev != + t_dentry->d_inode->i_sb->s_dev +) { + lids_security_alert + ("pid %i ppid %i, exec [%s] denied\n", + current->pid, current->real_parent->pid, + bprm->filename); + return -EPERM; + } + } + + if (dentry && dentry->d_inode) { + error = lids_get_inode_security(dentry, dentry->d_inode); + if (error < 0) + return error; + i_acl = dentry->d_inode->i_security; + } + + error = lids_get_task_acl(current, current_task_acl, i_acl); + + if (error) + return error; + +#ifdef CONFIG_LIDS_TPE + error = lids_exec_tpe_permission(bprm); + if (error < 0) + return error; + +#endif + return 0; +} + +/* copy the fork + */ + +int +lids_fork_task(struct cred *new, const struct cred *old) +{ + struct lids_subject_acl *src = NULL; + struct lids_subject_acl *dst = NULL; + struct lids_task_acl *new_task_acl, *old_task_acl; + struct cred *current_cred = current_cred(); + struct cred *p_current_cred = current->real_parent->cred; + struct lids_task_acl *current_task_acl = current_cred()->security; + struct lids_task_acl *p_current_task_acl = current->real_parent->cred->security; + old_task_acl = old->security; + + if (!old) { + printk(KERN_INFO "LIDS: %s: BUG\n", __func__); + return 0; + } + + if (!(current->real_parent->pid)) + return 0; + + if (!old_task_acl) { + LIDS_DBG(KERN_WARNING "%s: current task is NULL\n", + __func__); + return 0; + } + + src = old_task_acl->s_acl; + + if (!src) + return 0; + + dst = lids_copy_subject_acl(src); + if (dst == NULL) { + LIDS_DBG("lids_copy_subject_acl error\n"); + return -1; + } + new_task_acl = lids_alloc_task_acl(new); + + if (!new_task_acl) { + LIDS_DBG(KERN_WARNING "LIDS: kmalloc failed for task_acl\n"); + return -ENOMEM; + } + + new_task_acl->s_acl = dst; + + return 0; +} + +int +lids_check_task_kill(struct task_struct *p, struct siginfo *info, int sig) +{ + struct lids_task_acl *task_acl = p->cred->security; + struct lids_subject_acl *s_acl = task_acl->s_acl; + + if (s_acl && lids_cap_raised(s_acl->ext_cap, LIDS_CAP_PROTECTED)) { + if (current->pid && (current->pid != p->pid) + && ((sig != SIGCHLD) || (current->real_parent->pid != p->pid))) { + if (!(lids_ext_capable(current, LIDS_CAP_KILL_PROTECTED))) { + lids_security_alert + ("Attempt to kill pid=%d with sig=%d", + p->pid, sig); + lids_ext_cap_log(LIDS_CAP_PROTECTED); + return LIDS_ERROR(-EPERM); + } + } + } + return 0; +} + +/* + * checking permissions for a mmap operation(for TPE) + */ +int +lids_check_file_mmap(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags) +{ + int error = 0; +#ifdef CONFIG_LIDS_TPE + error = lids_mmap_tpe_permission(file, prot, flags); + if (error < 0) + return error; +#endif + + return 0; +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_acl.o.cmd linux-2.6.31.3/security/lids/.lids_acl.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_acl.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_acl.o.cmd 2009-09-20 11:57:07.000000000 -0400 @@ -0,0 +1,554 @@ +cmd_security/lids/lids_acl.o := gcc -Wp,-MD,security/lids/.lids_acl.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_acl)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_acl.o security/lids/lids_acl.c + +deps_security/lids/lids_acl.o := \ + security/lids/lids_acl.c \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/lids/tpe.h) \ + include/linux/mm.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sysctl.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/numa.h) \ + $(wildcard include/config/sparsemem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/highmem.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/proc/fs.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + include/linux/gfp.h \ + $(wildcard include/config/kmemcheck.h) \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + $(wildcard include/config/debug/lock/alloc.h) \ + include/linux/typecheck.h \ + include/linux/preempt.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + $(wildcard include/config/paravirt.h) \ + include/linux/stringify.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + include/asm-generic/memory_model.h \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/seqlock.h \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/rbtree.h \ + include/linux/prio_tree.h \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mm/owner.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + include/linux/completion.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/linux/tracepoint.h \ + $(wildcard include/config/tracepoints.h) \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + include/trace/define_trace.h \ + $(wildcard include/config/event/tracing.h) \ + include/linux/kmalloc_sizes.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/pfn.h \ + include/linux/proc_fs.h \ + $(wildcard include/config/proc/devicetree.h) \ + $(wildcard include/config/proc/kcore.h) \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/sysfs.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/security.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/rculist.h \ + include/linux/path.h \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/math64.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/radix-tree.h \ + include/linux/pid.h \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/magic.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + include/linux/key.h \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/quotaops.h \ + include/linux/uaccess.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unaligned.h \ + include/linux/unaligned/access_ok.h \ + include/linux/unaligned/generic.h \ + include/linux/namei.h \ + include/linux/highmem.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cacheflush.h \ + $(wildcard include/config/debug/rodata.h) \ + $(wildcard include/config/debug/rodata/test.h) \ + include/linux/file.h \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/version.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/binfmts.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + +security/lids/lids_acl.o: $(deps_security/lids/lids_acl.o) + +$(deps_security/lids/lids_acl.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_cap.c linux-2.6.31.3/security/lids/lids_cap.c --- linux-2.6.31.3.org/security/lids/lids_cap.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_cap.c 2009-04-16 05:13:25.000000000 -0400 @@ -0,0 +1,291 @@ +/* + * LIDS Capability functions + * + * Copyright (C) 2002 Huagang Xie + * Copyright (C) 2002 Philippe Biondi + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* for sysctl_local_port_range[] */ +#include +#include +#include +#include +#include +#include +/* + * lids capability violate logging + */ + +kernel_cap_t lids_cap_val; + +static char *lids_caps_desc[] = { + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_DAC_READ_SEARCH", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETPCAP", + "CAP_LINUX_IMMUTABLE", + "CAP_NET_BIND_SERVICE", + "CAP_NET_BROADCAST", + "CAP_NET_ADMIN", + "CAP_NET_RAW", + "CAP_IPC_LOCK", + "CAP_IPC_OWNER", + "CAP_SYS_MODULE", + "CAP_SYS_RAWIO", + "CAP_SYS_CHROOT", + "CAP_SYS_PTRACE", + "CAP_SYS_PACCT", + "CAP_SYS_ADMIN", + "CAP_SYS_BOOT", + "CAP_SYS_NICE", + "CAP_SYS_RESOURCE", + "CAP_SYS_TIME", + "CAP_SYS_TTY_CONFIG", + "CAP_MKNOD", + "CAP_LEASE", + "CAP_AUDIT_WRITE", + "CAP_AUDIT_CONTROL", + "CAP_SETFCAP", + "CAP_SET_MAC_OVERRIDE", + "CAP_MAC_ADMIN", + "CAP_LAST_CAP", + NULL +}; + +static char *lids_ext_caps_desc[] = { + "LIDS_SOCKET_CREATE", + "LIDS_SOCKET_CONNECT", + "LIDS_SOCKET_BIND", + "LIDS_SOCKET_LISTEN", + "LIDS_SOCKET_ACCEPT", + "LIDS_SOCKET_SENDMSG", + "LIDS_SOCKET_RECVMSG", + "LIDS_SOCKET_GETSOCKNAME", + "LIDS_SOCKET_GETPEERNAME", + "LIDS_SOCKET_GETSOCKOPT", + "LIDS_SOCKET_SETSOCKOPT", + "LIDS_SOCKET_SHUTDOWN", + "LIDS_SOCKET_CREATE_TCP", + "LIDS_SOCKET_CREATE_UDP", + "LIDS_SOCKET_NF_MARK", + "LIDS_EXEC", + "LIDS_CAP_PROTECTED", + "LIDS_CAP_KILL_PROTECTED", + "LIDS_SANDBOX", + NULL +}; + +/* + * check the CAP_NET_BIND_SERVICE to bind to specify port + */ +int +lids_bind_checker(const int port) +{ + int i = 0; + struct lids_task_acl *current_task_acl = current->cred->security; + struct lids_subject_acl *s_acl; + + if (current_task_acl) { + if (lids_sandboxed(current->cred, current_task_acl) && + lids_cap_raised(CAP_LIDS_SANDBOX_EFF_SET, CAP_NET_BIND_SERVICE)) { + return 1; + } + } + + /* if CAP_NET_BIND_SERVICE is enable global, return success */ + + if (current_task_acl) { + if (!lids_sandboxed(current->cred, current_task_acl)) { + if (cap_raised(current->cred->cap_bset, CAP_NET_BIND_SERVICE)) + return 1; + /* check only port < 1024) */ + if (port >= 1024 || !current_task_acl->s_acl) + return 1; + } + } else if (cap_raised(current->cred->cap_bset, CAP_NET_BIND_SERVICE)) { + return 1; + } + + /* if the LIDS is disable , return success */ + /* check only port < 1024) */ + if (!(lids_load && lids_local_load) || port > 1023) + return 1; + if (current_task_acl) { + if (!(current_task_acl && current_task_acl->s_acl)) + return 1; + s_acl = current_task_acl->s_acl; + + for (i = 0; i < LIDS_PORT_ITEM && s_acl->port[i][0] != -1; i++) { + if (port <= s_acl->port[i][1] + && port >= s_acl->port[i][0]) + return 1; + } + } + return -1; +} + +/** + * lids_broadcast_port - check if the 'current' process can connect to a given + * port#. + * Return 1 if success. Otherwise, return 0. + * + * @port - target port number + * + * This is used in conjunction with CAP_NET_BROADCAST. + */ +int +lids_broadcast_port(const int port) +{ + struct lids_task_acl *current_task_acl = current->cred->security; + int i = 0; + + if (!(lids_load && lids_local_load)) + return 1; + + if (lids_sandboxed(current->cred, current_task_acl) && + lids_cap_raised(CAP_LIDS_SANDBOX_EFF_SET, CAP_NET_BROADCAST)) + return 1; + + if (!lids_sandboxed(current->cred, current_task_acl) && + cap_raised(lids_cap_val, CAP_NET_BROADCAST)) + return 1; + + for (i = 0; + i < LIDS_PORT_ITEM && current_task_acl->s_acl->cport[i][0] != -1; + i++) { + + if (port <= current_task_acl->s_acl->cport[i][1] && + port >= current_task_acl->s_acl->cport[i][0]) + return 1; + } + + if (lids_acl_discovery) { + lids_alert(LIDS_CAP, -1, CAP_NET_BROADCAST, "CAP_NET_BROADCAST", "CAP_NET_BROADCAST"); + return 1; + } + + return 0; +} + +static void +lids_capset_log(kernel_cap_t dest) +{ + int i = 0, len = 0; + char action[640]; + + + + memset(action, '\0', 640); + + for (i = 0; i < 32; i++) { + if (cap_raised(dest, i) && (len+strlen(lids_caps_desc[i])+1) < 640) { + memcpy(action+len, lids_caps_desc[i], strlen(lids_caps_desc[i])); + len = len+strlen(lids_caps_desc[i])+1; + action[len-1] = 0x20; + + } + } + lids_alert(LIDS_CAP, -1, i, "cap" , action); +} + +int +lids_check_capset(const struct cred *cred, kernel_cap_t a, kernel_cap_t set) +{ + struct lids_task_acl *tsk_acl = cred->security; + kernel_cap_t dest, dest_log; + dest.cap[0] = a.cap[0] & ~set.cap[0]; + + if (tsk_acl && tsk_acl->s_acl) { + if (!(dest.cap[0] & ~(tsk_acl->s_acl->sys_cap.cap[0]))) + return 0; + } + dest_log.cap[0] = dest.cap[0] & ~(tsk_acl->s_acl->sys_cap.cap[0]) ; + lids_capset_log(dest_log); + + return LIDS_ERROR(-EPERM); + +} + +int +lids_check_capable(const struct cred *cred, int cap, int log) +{ + struct lids_task_acl *tsk_acl = cred->security; + + if (!(lids_init_setup)) + return 0; + + if (cap_raised(current->cred->cap_bset, cap) && !lids_sandboxed(cred, tsk_acl)) { + return 0; + } else if (tsk_acl && tsk_acl->s_acl) { + if ((lids_cap_raised(tsk_acl->s_acl->sys_cap.cap[0], cap))) + return 0; + } + if (log) + lids_cap_log(cap); + + return LIDS_ERROR(-EPERM); +} + +void +lids_cap_log(int cap) +{ + struct lids_task_acl *current_task_acl = current->cred->security; + if (!cap_raised(lids_cap_val, cap)) { + if (lids_sandboxed(current->cred, current_task_acl) && + !lids_cap_raised(current_task_acl->s_acl->sys_cap.cap[0], cap)) + lids_alert(LIDS_SANDBOX, -1, cap, lids_caps_desc[cap], + lids_caps_desc[cap]); + else + lids_alert(LIDS_CAP, -1, cap, lids_caps_desc[cap], + lids_caps_desc[cap]); + } + +} + +void +lids_ext_cap_log(int cap) +{ + lids_alert(LIDS_SOCKET, -1, cap, lids_ext_caps_desc[cap], + lids_ext_caps_desc[cap]); +} + +int +lids_ext_capable(struct task_struct *tsk, int type) +{ + struct lids_task_acl *task_acl = tsk->cred->security; + struct lids_subject_acl *s_acl; + + if (!task_acl) + return 0; + + s_acl = task_acl->s_acl; + if (s_acl && test_bit(type, (void *)&(s_acl->ext_cap))) + return -EPERM; + + return 0; +} + diff -Nru linux-2.6.31.3.org/security/lids/.lids_cap.o.cmd linux-2.6.31.3/security/lids/.lids_cap.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_cap.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_cap.o.cmd 2009-09-20 11:57:08.000000000 -0400 @@ -0,0 +1,767 @@ +cmd_security/lids/lids_cap.o := gcc -Wp,-MD,security/lids/.lids_cap.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_cap)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_cap.o security/lids/lids_cap.c + +deps_security/lids/lids_cap.o := \ + security/lids/lids_cap.c \ + include/linux/module.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/tracepoints.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/event/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/constructors.h) \ + $(wildcard include/config/sysfs.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/numa.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + include/linux/kmod.h \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + include/linux/tracepoint.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/trace/define_trace.h \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/prio_tree.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/path.h \ + include/linux/pid.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rculist.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + $(wildcard include/config/security.h) \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/security.h \ + $(wildcard include/config/security/path.h) \ + $(wildcard include/config/security/network.h) \ + $(wildcard include/config/security/network/xfrm.h) \ + $(wildcard include/config/securityfs.h) \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/radix-tree.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/binfmts.h \ + include/linux/shm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmparam.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmbuf.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/msg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msgbuf.h \ + include/linux/xfrm.h \ + include/net/flow.h \ + include/linux/in6.h \ + include/linux/mman.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mman.h \ + include/asm-generic/mman-common.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/file.h \ + include/linux/ext2_fs.h \ + include/linux/magic.h \ + include/linux/ext2_fs_sb.h \ + include/linux/blockgroup_lock.h \ + include/net/ip.h \ + $(wildcard include/config/inet.h) \ + $(wildcard include/config/ipv6.h) \ + include/linux/ip.h \ + include/linux/skbuff.h \ + $(wildcard include/config/nf/conntrack.h) \ + $(wildcard include/config/bridge/netfilter.h) \ + $(wildcard include/config/has/dma.h) \ + $(wildcard include/config/xfrm.h) \ + $(wildcard include/config/net/sched.h) \ + $(wildcard include/config/net/cls/act.h) \ + $(wildcard include/config/ipv6/ndisc/nodetype.h) \ + $(wildcard include/config/mac80211.h) \ + $(wildcard include/config/net/dma.h) \ + $(wildcard include/config/network/secmark.h) \ + include/linux/kmemcheck.h \ + include/linux/net.h \ + include/linux/socket.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/socket.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sockios.h \ + include/linux/sockios.h \ + include/linux/random.h \ + include/linux/irqnr.h \ + include/linux/textsearch.h \ + include/net/checksum.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/checksum.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/checksum_32.h \ + include/linux/dmaengine.h \ + $(wildcard include/config/dma/engine.h) \ + $(wildcard include/config/async/tx/dma.h) \ + include/linux/device.h \ + $(wildcard include/config/debug/devres.h) \ + include/linux/ioport.h \ + include/linux/klist.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/device.h \ + $(wildcard include/config/dmar.h) \ + include/linux/pm_wakeup.h \ + $(wildcard include/config/pm.h) \ + include/linux/dma-mapping.h \ + $(wildcard include/config/have/dma/attrs.h) \ + include/linux/dma-attrs.h \ + include/linux/bug.h \ + include/linux/scatterlist.h \ + $(wildcard include/config/debug/sg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/scatterlist.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_32.h \ + include/asm-generic/iomap.h \ + include/linux/vmalloc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/dma-mapping.h \ + include/linux/dma-debug.h \ + $(wildcard include/config/dma/api/debug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swiotlb.h \ + $(wildcard include/config/swiotlb.h) \ + include/linux/swiotlb.h \ + include/asm-generic/dma-coherent.h \ + $(wildcard include/config/have/generic/dma/coherent.h) \ + include/asm-generic/dma-mapping-common.h \ + include/linux/in.h \ + include/net/inet_sock.h \ + include/linux/jhash.h \ + include/net/sock.h \ + $(wildcard include/config/net/ns.h) \ + include/linux/list_nulls.h \ + include/linux/netdevice.h \ + $(wildcard include/config/dcb.h) \ + $(wildcard include/config/wlan/80211.h) \ + $(wildcard include/config/ax25.h) \ + $(wildcard include/config/mac80211/mesh.h) \ + $(wildcard include/config/tr.h) \ + $(wildcard include/config/net/ipip.h) \ + $(wildcard include/config/net/ipgre.h) \ + $(wildcard include/config/ipv6/sit.h) \ + $(wildcard include/config/ipv6/tunnel.h) \ + $(wildcard include/config/netpoll.h) \ + $(wildcard include/config/net/poll/controller.h) \ + $(wildcard include/config/fcoe.h) \ + $(wildcard include/config/wireless/ext.h) \ + $(wildcard include/config/net/dsa.h) \ + $(wildcard include/config/net/dsa/tag/dsa.h) \ + $(wildcard include/config/net/dsa/tag/trailer.h) \ + $(wildcard include/config/netpoll/trap.h) \ + include/linux/if.h \ + include/linux/hdlc/ioctl.h \ + include/linux/if_ether.h \ + include/linux/if_packet.h \ + include/linux/ethtool.h \ + include/net/net_namespace.h \ + $(wildcard include/config/ip/dccp.h) \ + $(wildcard include/config/netfilter.h) \ + $(wildcard include/config/net.h) \ + include/net/netns/core.h \ + include/net/netns/mib.h \ + $(wildcard include/config/xfrm/statistics.h) \ + include/net/snmp.h \ + include/linux/snmp.h \ + include/net/netns/unix.h \ + include/net/netns/packet.h \ + include/net/netns/ipv4.h \ + $(wildcard include/config/ip/multiple/tables.h) \ + $(wildcard include/config/ip/mroute.h) \ + $(wildcard include/config/ip/pimsm/v1.h) \ + $(wildcard include/config/ip/pimsm/v2.h) \ + include/net/inet_frag.h \ + include/net/netns/ipv6.h \ + $(wildcard include/config/ipv6/multiple/tables.h) \ + $(wildcard include/config/ipv6/mroute.h) \ + $(wildcard include/config/ipv6/pimsm/v2.h) \ + include/net/netns/dccp.h \ + include/net/netns/x_tables.h \ + include/linux/netfilter.h \ + $(wildcard include/config/netfilter/debug.h) \ + $(wildcard include/config/nf/nat/needed.h) \ + include/linux/proc_fs.h \ + $(wildcard include/config/proc/devicetree.h) \ + $(wildcard include/config/proc/kcore.h) \ + include/net/netns/xfrm.h \ + include/linux/seq_file_net.h \ + include/linux/seq_file.h \ + include/net/dsa.h \ + include/linux/interrupt.h \ + $(wildcard include/config/generic/irq/probe.h) \ + $(wildcard include/config/debug/shirq.h) \ + include/linux/irqreturn.h \ + include/linux/hardirq.h \ + $(wildcard include/config/virt/cpu/accounting.h) \ + include/linux/ftrace_irq.h \ + $(wildcard include/config/ftrace/nmi/enter.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/hardirq.h \ + $(wildcard include/config/x86/mce.h) \ + $(wildcard include/config/x86/mce/threshold.h) \ + include/linux/irq.h \ + $(wildcard include/config/irq/per/cpu.h) \ + $(wildcard include/config/irq/release/method.h) \ + $(wildcard include/config/intr/remap.h) \ + $(wildcard include/config/generic/pending/irq.h) \ + $(wildcard include/config/numa/irq/desc.h) \ + $(wildcard include/config/generic/hardirqs/no//do/irq.h) \ + $(wildcard include/config/cpumasks/offstack.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_regs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/hw_irq.h \ + include/linux/profile.h \ + $(wildcard include/config/profiling.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sections.h \ + include/asm-generic/sections.h \ + include/linux/filter.h \ + include/linux/rculist_nulls.h \ + include/linux/poll.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/poll.h \ + include/asm-generic/poll.h \ + include/net/dst.h \ + $(wildcard include/config/net/cls/route.h) \ + include/linux/rtnetlink.h \ + include/linux/netlink.h \ + include/linux/if_link.h \ + include/linux/if_addr.h \ + include/linux/neighbour.h \ + include/net/neighbour.h \ + include/net/rtnetlink.h \ + include/net/netlink.h \ + include/net/request_sock.h \ + include/net/netns/hash.h \ + include/linux/uaccess.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + +security/lids/lids_cap.o: $(deps_security/lids/lids_cap.o) + +$(deps_security/lids/lids_cap.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_init.c linux-2.6.31.3/security/lids/lids_init.c --- linux-2.6.31.3.org/security/lids/lids_init.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_init.c 2009-10-09 11:47:44.000000000 -0400 @@ -0,0 +1,584 @@ +/* + * LIDS INIT functions + * + * Copyright (C) 2002-2003 Huagang Xie + * Copyright (C) 2002 Philippe Biondi + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static int lids_lock_init; +static spinlock_t lids_lock; +int lids_init_setup; +static int lids_u_size; + +static char lids_binary_acl_file[3][PATH_MAX] = + { LIDS_BOOT_ACL_FILE, LIDS_POSTBOOT_ACL_FILE, LIDS_SHUTDOWN_ACL_FILE }; + +char lids_state_name[3][9] = { "BOOT\0", "POSTBOOT\0", "SHUTDOWN\0" }; + +#define LIDS_MAX_ACL_NUM 1024 +#ifdef CONFIG_LIDS_SHRINK_SIZE +#include +static char lids_binary_acl_sizeinfo_file[3][PATH_MAX] = + { LIDS_BOOT_ACL_SIZEINFO_FILE, LIDS_POSTBOOT_ACL_SIZEINFO_FILE, LIDS_SHUTDOWN_ACL_SIZEINFO_FILE }; +static struct lids_inode_acl *lids_acl[2] = {NULL, NULL}; +#else +static struct lids_inode_acl lids_acl[2][LIDS_MAX_ACL_NUM]; +#endif +static int lids_last_acl[2]; +static int lids_eft_set; +int lids_update_version; + +#ifdef CONFIG_LIDS_SHRINK_SIZE +/* We think these valuable is not used. */ +#else +/* fast guessing table*/ +static unsigned long lids_bittab[32] = { + 0x00000001, 0x00000002, 0x00000004, 0x00000008, + 0x00000010, 0x00000020, 0x00000040, 0x00000080, + 0x00000100, 0x00000200, 0x00000400, 0x00000800, + 0x00001000, 0x00002000, 0x00004000, 0x00008000, + 0x00010000, 0x00020000, 0x00040000, 0x00080000, + 0x00100000, 0x00200000, 0x00400000, 0x00800000, + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000 +}; +static int fastguess[2][2048]; +static unsigned long lids_search_value[2]; +#endif + +struct lids_inode_acl * +lids_do_get_acl(struct inode *inode) +{ + int i; + + for (i = 0; i < lids_last_acl[lids_eft_set]; i++) { + if (inode->i_ino == lids_acl[lids_eft_set][i].inode.ino && + MAJOR(inode->i_sb->s_dev) == lids_acl[lids_eft_set][i].inode.dev.major && + MINOR(inode->i_sb->s_dev) == lids_acl[lids_eft_set][i].inode.dev.minor) + return &lids_acl[lids_eft_set][i]; + + + } + + return NULL; +} + +static int +lids_buffer_to_inode_acl(char *buffer, int len, struct lids_inode_acl *i_acl) +{ + int num; + char *p = buffer; + struct lids_subject_acl *s_acl; + struct lids_object_acl *o_acl, *pre_acl; +#ifndef CONFIG_LIDS_SHRINK_SIZE + u32 eft_set = (lids_eft_set & 1) ^ 1; +#endif + int i; + + + if (len < sizeof(struct lids_inode_acl) - sizeof(char *) + lids_u_size) { + printk(KERN_INFO "LIDS: Inode ACL incorrect, len = %d\n", len); + return -1; + } + /* we do not have the psinLock_t in the xattr */ + memcpy(i_acl, p, sizeof(struct lids_inode_acl) - sizeof(char *) - 64); + memcpy(i_acl->name, p+sizeof(struct lids_inode_acl)-sizeof(char *)+lids_u_size-64, 64); + + i_acl->version = lids_update_version; /* current version */ + i_acl->s_acl = NULL; + + if (i_acl->magic != LIDS_MAGIC) { /* LIDS magic */ + printk(KERN_INFO "LIDS: magic code mismatch %x\n", + i_acl->magic); + return -1; + } +#ifndef CONFIG_LIDS_SHRINK_SIZE + /* fastguesing */ + i = ((MKDEV(i_acl->inode.dev.major, i_acl->inode.dev.minor)) ^ (i_acl->inode.ino)) & 0xffff; + fastguess[eft_set][i >> 5] |= lids_bittab[i & 31]; +#endif + + if (len == (sizeof(struct lids_inode_acl)) - sizeof(char *)+lids_u_size) + return 0; + len -= (sizeof(struct lids_inode_acl) - sizeof(char *)+lids_u_size); + + s_acl = kmalloc(sizeof(struct lids_subject_acl), GFP_KERNEL); + if (!s_acl) + return -ENOMEM; + + + p += (sizeof(struct lids_inode_acl) - sizeof(char *) + lids_u_size); + memcpy(s_acl, p, sizeof(struct lids_subject_acl) - sizeof(char *) + lids_u_size); + + /* set it */ + i_acl->s_acl = s_acl; + s_acl->o_acl = NULL; + + if (len == sizeof(struct lids_subject_acl) - sizeof(char *) + lids_u_size) + return 0; + + len -= sizeof(struct lids_subject_acl) - sizeof(char *) + lids_u_size; + + if (len < 0) { + printk(KERN_INFO "LIDS: Subject ACL incorrect, len = %d\n", + len); + return -1; + } + num = (unsigned int) (len % (sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size)); + if (num > 0) { + printk(KERN_INFO "LIDS: Object ACLs incorrect, len = %d\n", + len); + return -1; + } + num = (unsigned int) (len / (sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size)); + + p += sizeof(struct lids_subject_acl) - sizeof(char *) + lids_u_size;; + o_acl = NULL; + pre_acl = NULL; + for (i = 0; i < num; i++) { + o_acl = kmalloc(sizeof(struct lids_object_acl), GFP_KERNEL); + if (!o_acl) + return -ENOMEM; + memcpy(o_acl, p, sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size - 64); + o_acl->next = pre_acl; + memcpy(o_acl->name, p+sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size-64, 64); + + p += sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size; + pre_acl = o_acl; + } + /* the last one */ + s_acl->o_acl = o_acl; + return 0; + +} +/* + * translate buffer into acl + */ +static int +lids_buffer_to_acl(char *buffer, int len) +{ + int err = 0; + char *p , *q; + u32 num; + u32 plen = 0; + u32 hlen; + u32 eft_set = (lids_eft_set & 1) ^ 1; + + hlen = sizeof(struct lids_inode_acl) - sizeof(char *) + lids_u_size; + p = buffer; + q = buffer; + while (len >= hlen) { + hlen = sizeof(struct lids_inode_acl) - sizeof(char *) - 64; + num = *(u32 *)(p+12); + + plen = sizeof(struct lids_inode_acl) - sizeof(char *) + lids_u_size; + + if (num != 0) { + hlen = plen + sizeof(struct lids_subject_acl) - sizeof(char *) + lids_u_size; + if (hlen > len) + return len; + + num = *(u32 *)(p+plen+12); + plen = hlen; + + if (num != 0) { + plen += num*(sizeof(struct lids_object_acl) - sizeof(char *) + lids_u_size); + if (plen > len) + return len; + + } + } + err = lids_buffer_to_inode_acl(p, plen, &lids_acl[eft_set][lids_last_acl[eft_set]]); + + if (err) + return err; + lids_last_acl[eft_set]++; + + len -= plen; + hlen = sizeof(struct lids_inode_acl) - sizeof(char *) + lids_u_size; + p += plen; + } + + return len; +} +void +lids_free_lids_set(int eft_set) +{ +#ifdef CONFIG_LIDS_SHRINK_SIZE + if (lids_acl[eft_set] != NULL) { + vfree(lids_acl[eft_set]); + lids_acl[eft_set] = NULL; + } +#else + int i; + + for (i = 0; i < lids_last_acl[eft_set]; i++) + lids_free_subject_acl((lids_acl[eft_set][i].s_acl)); + + memset(lids_acl[eft_set], 0, sizeof(lids_acl[eft_set])); +#endif +} +/* + * lids read capability from /etc/lids/lids.cap + */ + +static int +lids_read_acl(int state) +{ + struct file *filp = NULL; + char *buffer; + mm_segment_t oldfs; + int bytes, rlen = 1024; + int error = 0; + u32 start = 0, finished = 0; + struct lids_acl_header hdr; + u32 eft_set = (lids_eft_set & 1) ^ 1; +#ifdef CONFIG_LIDS_SHRINK_SIZE + int lids_acl_num = 0, j = 0; + int lids_acl_sizeinfo[LIDS_MAX_ACL_NUM]; +#endif + + lids_update_version++; + lids_last_acl[eft_set] = 0; + + /* using MUTEX to protect lids_acl[] */ + /* FIXME, need to free the subject+acl if any*/ + + lids_free_lids_set(eft_set); + +#ifdef CONFIG_LIDS_SHRINK_SIZE + /* If the size information file is not exist, * + * we have to allocate the memory for lids_acl with the default size. * + * So, the default value is set here. */ + lids_acl_num = LIDS_MAX_ACL_NUM; + memset(lids_acl_sizeinfo, 0, sizeof(lids_acl_sizeinfo)); + + filp = filp_open(lids_binary_acl_sizeinfo_file[state-1], O_RDONLY, 0); + + if (!IS_ERR(filp) && (filp != NULL)) { + if (filp->f_op->read != NULL) { + filp->f_pos = 0; + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, (char *)&lids_acl_num, sizeof(int), &filp->f_pos); + set_fs(oldfs); + if (bytes == sizeof(int) && lids_acl_num) { + int i; + for (i = 0; i < lids_acl_num ; i++) { + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, (char *)&lids_acl_sizeinfo[i], sizeof(int), &filp->f_pos); + set_fs(oldfs); + if (bytes != sizeof(int)) + break; + } + if (i == lids_acl_num) + rlen = lids_acl_sizeinfo[j++]; + } + } + /* Close the file */ + fput(filp); + } + /* Now, we can get all of the length information of ACLs. * + * So, let us allocate the memory for ACLs. */ + lids_acl[eft_set] = vmalloc(sizeof(struct lids_inode_acl) * lids_acl_num); + if (lids_acl[eft_set] == NULL) { + /* This is a critical error. * + * Since the value of "error" is meaningless now, we just return -1. */ + error = -1; + printk(KERN_INFO "LIDS: Error allocating the memory for ACLs in state %d.\n", state); + return error; + } +#endif + + filp = filp_open(lids_binary_acl_file[state-1], O_RDONLY, 0); + + if (IS_ERR(filp) || (filp == NULL)) { + error = -1; + printk + ("LIDS: Error opening ACLs file %s in state %d, Does it exist?\n", + lids_binary_acl_file[state-1], state); + /* FIXME: if (lids_load) goto err_panic; */ + return error; + } + + if (filp->f_op->read == NULL) { + fput(filp); + error = -3; + printk(KERN_INFO "LIDS: The capability file can not be read [state %d]\n", + state); + /* + if (lids_load) goto err_panic ; + */ + return error; + } + /* read the LIDS cap and version */ + filp->f_pos = 0; + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, (char *)&hdr, sizeof(hdr), &filp->f_pos); + set_fs(oldfs); + + if (bytes != sizeof(hdr)) { + printk(KERN_INFO "LIDS: %s format error\n", lids_binary_acl_file[state]); + fput(filp); + return -4; + } + lids_cap_val.cap[0] = hdr.sys_cap.cap[0]; + lids_cap_bset = lids_cap_val.cap[0]; +#ifndef CONFIG_LIDS_SHRINK_SIZE + lids_search_value[eft_set] = hdr.search; +#endif + lids_u_size = hdr.u_size; + printk(KERN_INFO "LIDS: user space is %d bit\n", lids_u_size*8); + + if (lids_state == LIDS_STATE_BOOT) { + lids_acl_discovery = hdr.discovery; + memcpy(&lidsadm, &(hdr.lidsadm), sizeof(struct lids_s_inode)); + printk(KERN_INFO "LIDS: lidsadm inode 0x%x dev 0x%x:%x\n", lidsadm.ino, lidsadm.dev.major, lidsadm.dev.minor); + } + + start = sizeof(hdr); + +#ifdef CONFIG_LIDS_SHRINK_SIZE + while (!finished && j < lids_acl_num) { +#else + while (!finished) { +#endif + buffer = kmalloc(rlen, GFP_KERNEL); + memset(buffer, 0, rlen); + + filp->f_pos = start; + oldfs = get_fs(); + set_fs(KERNEL_DS); + bytes = filp->f_op->read(filp, buffer, rlen, &filp->f_pos); + set_fs(oldfs); + + if (bytes < rlen) + finished = 1; + + error = lids_buffer_to_acl(buffer, bytes); + + kfree(buffer); + + if (error < 0) + break; + /* we do not have enough room for the whole buffer */ + if (bytes == error) { + if (!bytes && finished && start == sizeof(hdr)) + break; + if (finished) { + printk(KERN_INFO "LIDS: Format error\n"); + error = -10; + break; + } else { +#ifdef CONFIG_LIDS_SHRINK_SIZE + if (lids_acl_sizeinfo[j] != 0) { + /* This should not be happened. */ + error = -1; + printk(KERN_INFO "LIDS: Error size invalid in %s for state %d.\n", lids_binary_acl_sizeinfo_file[state-1], state); + break; + + } else { + rlen += rlen; /* enlarge the buffer*/ + } +#else + rlen += rlen; /* enlarge the buffer*/ +#endif + } + } else { +#ifdef CONFIG_LIDS_SHRINK_SIZE + if (lids_acl_sizeinfo[j] != 0) + rlen = lids_acl_sizeinfo[j++]; + else + rlen = 1024; +#else + rlen = 1024; +#endif + } + + start += bytes-error; + } + /* Close the file */ + fput(filp); + + /* switch it */ + lids_eft_set = eft_set; + + printk(KERN_INFO "LIDS: ACL Discovery: %s, ", lids_acl_discovery?"ON":"OFF"); + printk(KERN_INFO "Effective Capability: %x, ", lids_cap_val.cap[0]); + printk(KERN_INFO "Total ACLs Count: %d\n", lids_last_acl[eft_set]); + + return error; +} + +/*********************************************************************** + * + * lids_init + * + * initialize the vfs security system. read the config file . + * add the inode to the files. + * + */ + +int +lids_init(void) +{ + struct cred *cred; + + int error = 0; + /* Get lidsadm dev/inode */ + + LIDS_DBG("into lids_init_..\n"); + + lids_local_on = 0; + lids_local_pid = current->pid; + + if (!lids_lock_init) { + spin_lock_init(&lids_lock); + lids_lock_init = 1; + } + + /* read /dev/tty */ + lids_read_dev_tty(); + + /* read global acl */ + /* Read the password now */ + if (lids_read_pw()) { + printk(KERN_INFO "LIDS: Read password file error\n"); + error = -8; + goto lids_panic; + } + /* read capability first based on state */ + printk(KERN_INFO "LIDS: Initializing LIDS ACLs\n"); + + if (lids_read_acl(lids_state)) { + printk(KERN_INFO "LIDS: Read ACL file error, state %d\n", + lids_state); + error = -9; + goto lids_panic; + } + + if (lids_state == LIDS_STATE_BOOT) { + cred = (struct cred *) current->cred; + cred->cap_bset.cap[0] = lids_cap_val.cap[0]; + printk(KERN_INFO + "LIDS: GLOBAL and %s state configuration files loaded\n", + lids_state_name[lids_state - 1]); + printk(KERN_INFO "LIDS: Entering %s state\n", + lids_state_name[lids_state - 1]); + } + + lids_local_on = 1; + + if (!error) + return 0; +lids_panic: + printk + ("LIDS_ERR: Cannot initialize the lids system, return code %d\n", + error); + return error; +} + +/* + mount securityfs + */ +void +lids_mount_securityfs(void) +{ +struct nameidata nd; +if (!path_lookup("/sys/kernel", LOOKUP_FOLLOW, &nd) == 0) { + dput(nd.path.dentry); + mntput_no_expire(nd.path.mnt); + } else { + mm_segment_t oldfs = get_fs(); + set_fs(KERNEL_DS); + sys_mount("sysfs", "/sys", "sysfs", 0, NULL); + set_fs(oldfs); + } +if (!path_lookup("/sys/kernel/security", LOOKUP_FOLLOW, &nd) == 0) { + dput(nd.path.dentry); + mntput_no_expire(nd.path.mnt); + } else { + mm_segment_t oldfs = get_fs(); + set_fs(KERNEL_DS); + sys_mount("securityfs", "/sys/kernel/security", "securityfs", 0, NULL); + set_fs(oldfs); + + } +} + +/* + do_lids_setup + */ +int +do_lids_setup(void) +{ + int err = 0; + + /* init the ids file system */ + struct file *filp; + + filp = filp_open(LIDS_PW_FILE, O_RDONLY, 0); + + if (IS_ERR(filp) || (filp == NULL)) + return -1; + + + lids_init_setup = 1; + lids_local_on = 1; + lids_flags = 0; + lids_state = LIDS_STATE_BOOT; + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_LOCAL_ON); + lids_flag_raise(lids_flags, LIDS_FLAGS_INIT); + + if (lids_load) + lids_flag_raise(lids_flags, LIDS_FLAGS_LIDS_ON); + + lids_update_version = (int)get_seconds(); + lids_eft_set = 0; + memset(lids_last_acl, 0, sizeof(lids_last_acl)); + memset(lids_acl, 0, sizeof(lids_acl)); + + lids_sysctl_init(); + /* load BOOT acl */ + /* make it read the configure file easier. */ + err = lids_init(); + + printk(KERN_NOTICE "LIDS: Linux Intrusion Detection System %s %s\n", LIDS_VERSION, + lids_load == 1 ? "started" : "not started"); + + if (lids_load) + lids_mount_securityfs(); + + return err; +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_init.o.cmd linux-2.6.31.3/security/lids/.lids_init.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_init.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_init.o.cmd 2009-09-20 11:57:10.000000000 -0400 @@ -0,0 +1,610 @@ +cmd_security/lids/lids_init.o := gcc -Wp,-MD,security/lids/.lids_init.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_init)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_init.o security/lids/lids_init.c + +deps_security/lids/lids_init.o := \ + security/lids/lids_init.c \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/module.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/tracepoints.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/event/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/constructors.h) \ + $(wildcard include/config/sysfs.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/numa.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + include/linux/kmod.h \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + include/linux/tracepoint.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/trace/define_trace.h \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/prio_tree.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/path.h \ + include/linux/pid.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rculist.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + $(wildcard include/config/security.h) \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/syscalls.h \ + $(wildcard include/config/ftrace/syscalls.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/have/syscall/wrappers.h) \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/trace/syscall.h \ + include/linux/security.h \ + $(wildcard include/config/security/path.h) \ + $(wildcard include/config/security/network.h) \ + $(wildcard include/config/security/network/xfrm.h) \ + $(wildcard include/config/securityfs.h) \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/radix-tree.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/binfmts.h \ + include/linux/shm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmparam.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmbuf.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/msg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msgbuf.h \ + include/linux/xfrm.h \ + include/net/flow.h \ + include/linux/in6.h \ + include/linux/mman.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mman.h \ + include/asm-generic/mman-common.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/file.h \ + include/linux/namei.h \ + include/linux/mount.h \ + include/linux/ext2_fs.h \ + include/linux/magic.h \ + include/linux/ext2_fs_sb.h \ + include/linux/blockgroup_lock.h \ + include/linux/uaccess.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + +security/lids/lids_init.o: $(deps_security/lids/lids_init.o) + +$(deps_security/lids/lids_init.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_logs.c linux-2.6.31.3/security/lids/lids_logs.c --- linux-2.6.31.3.org/security/lids/lids_logs.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_logs.c 2009-01-19 20:05:45.000000000 -0500 @@ -0,0 +1,175 @@ +/* + * LIDS LOG functions + * + * Copyright (C) 2002-2003 Huagang Xie + * Copyright (C) 2002 Philippe Biondi + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include +#include +#include +#include +#include + +#ifdef STR +#undef STR +#endif +#define STR2(x) #x +#define STR(x) STR2(x) + +#define lids_print(message, args...) printk(KERN_ALERT message , ## args) + +/* + * copy from driver/tty/tty_io.c + * + * This routine returns the name of tty. + */ +static char * +_lids_tty_make_name(struct tty_struct *tty, const char *name, char *buf) +{ + + if (!tty) /* Hmm. NULL pointer. That's fun. */ + strncpy(buf, "NULL tty", 64); + else + snprintf(buf, 64, name, tty->name); + + return buf; +} + +char * +lids_tty_name(struct tty_struct *tty, char *buf) +{ + return _lids_tty_make_name(tty, (tty) ? tty->name : NULL, buf); +} + +/* return current dentry */ +static struct dentry * +lids_current_dentry(void) +{ + struct dentry *lids_f_dentry = NULL; + struct vm_area_struct *vma = NULL; + + if (current->mm) { + vma = current->mm->mmap; + while (vma) { + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { + lids_f_dentry = vma->vm_file->f_path.dentry; + break; + } + vma = vma->vm_next; + } + } + return lids_f_dentry; +} + +void +lids_log(int flood, const char *message, ...) +{ + va_list args; + char ttyname[64]; + char progname[64]; + char proginfo[64 + 10 + 10 + 20 + 24]; /* %s+%d+%d+%ld+le texte avec un peu de marge = 128 */ + char msgstr[256]; + char mesg[256]; + u32 real_parent_pid; + + struct dentry *f_current_dentry = NULL; + + /* Get args on the stack */ + va_start(args, message); + vsnprintf(mesg, 255, message, args); + printk(KERN_INFO "LIDS_ARGS: %s \n", mesg); + + /* Get dentry of current process, if any */ + f_current_dentry = lids_current_dentry(); + /* Get the tty name, if any */ + memset(ttyname, '\0', 64); +/* modules do not support the ttyname right now */ + lids_tty_name(current->signal->tty, ttyname); + + /* Make the proginfo string */ + if (f_current_dentry && f_current_dentry->d_inode) { + strncpy(progname, f_current_dentry->d_iname, 63); + snprintf(proginfo, 127, "%s (dev %d:%d inode %ld)", + progname, + MAJOR(f_current_dentry->d_inode->i_sb->s_dev), + MINOR(f_current_dentry->d_inode->i_sb->s_dev), + f_current_dentry->d_inode->i_ino); + } else { + strncpy(proginfo, "(undetermined program)", 63); + } + + /* Make the message string */ + vsnprintf(msgstr, 255, message, args); + + real_parent_pid = current->real_parent->pid; + + /* Make the log string */ + + lids_print("LIDS: %s pid %d ppid %d uid/gid (%d/%d) on (%s) : %s %s\n", + proginfo, + current->pid, + real_parent_pid, + current->cred->uid, + current->cred->gid, + ttyname, + msgstr, + flood ? " - logging disabled for " + STR(LIDS_TIMEOUT_AFTER_FLOOD) "s" : ""); + + /* deal with args on the stack */ + va_end(args); + +} + +/* sent out message */ +void +lids_alert(int type, long dst, long dst2, char *name, char *action) +{ + struct dentry *f_current_dentry = NULL; + + switch (type) { + case LIDS_CAP: + lids_security_alert("violated %s", action); + break; + case LIDS_SOCKET: + lids_security_alert("attempt to %s", action); + break; + case LIDS_SANDBOX: + lids_security_alert("A sandboxed process violated %s", action); + break; + case LIDS_SOCKET_ENABLE: + lids_security_alert("attempt to %s", action); + break; + case LIDS_READONLY: + /* compatible to the acl */ + type = 1; + lids_security_alert("attempt to %s %s dev:%d inode:%d for reading", action, name, dst2, dst); + break; + case LIDS_APPEND: + type = 3; + lids_security_alert("attempt to %s %s dev:%d inode:%d for appending", action, name, dst2, dst); + break; + case LIDS_WRITE: + type = 7; + lids_security_alert("attempt to %s %s dev:%d inode:%d for writing", action, name, dst2, dst); + break; + default: + lids_security_alert("yeee, alert type mismatch"); + break; + } + /* if in acl_discovery mode, print out the acl_discovery mode string */ + if (lids_acl_discovery) { + f_current_dentry = lids_current_dentry(); + printk(KERN_INFO + "LIDS_ACL_DISCOVERY:[state %d]%ld:%d:%s:%d:0:%ld:%ld:%s:0-0\n", + lids_state, f_current_dentry->d_inode->i_ino, + f_current_dentry->d_inode->i_sb->s_dev, f_current_dentry->d_iname, type, + dst, dst2, name); + } +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_logs.o.cmd linux-2.6.31.3/security/lids/.lids_logs.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_logs.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_logs.o.cmd 2009-09-20 11:57:11.000000000 -0400 @@ -0,0 +1,535 @@ +cmd_security/lids/lids_logs.o := gcc -Wp,-MD,security/lids/.lids_logs.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_logs)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_logs.o security/lids/lids_logs.c + +deps_security/lids/lids_logs.o := \ + security/lids/lids_logs.c \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/sysfs.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/preempt/notifiers.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/preempt/rcu.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/debug/mutexes.h) \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/compat.h) \ + $(wildcard include/config/numa.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/debug/stack/usage.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/preempt.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + $(wildcard include/config/paravirt.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/linux/timex.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + $(wildcard include/config/x86/vsmp.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/debug/lock/alloc.h) \ + include/linux/preempt.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/preempt/tracer.h) \ + include/linux/thread_info.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/asm-generic/percpu.h \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lock/stat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/nodemask.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + include/linux/prio_tree.h \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/completion.h \ + include/linux/wait.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + include/linux/mutex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + include/linux/kref.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/path.h \ + include/linux/pid.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/linux/tracepoint.h \ + $(wildcard include/config/tracepoints.h) \ + include/trace/define_trace.h \ + $(wildcard include/config/event/tracing.h) \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rculist.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/latencytop.h \ + include/linux/cred.h \ + $(wildcard include/config/security.h) \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/version.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/radix-tree.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/binfmts.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + +security/lids/lids_logs.o: $(deps_security/lids/lids_logs.o) + +$(deps_security/lids/lids_logs.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_lsm.c linux-2.6.31.3/security/lids/lids_lsm.c --- linux-2.6.31.3.org/security/lids/lids_lsm.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_lsm.c 2009-10-09 11:42:39.000000000 -0400 @@ -0,0 +1,1189 @@ +/* + * Linux Intrusion Detectino System for Linux Security Modules project + * + * Copyright (C) 2002-2004 Huagang Xie (xie@www.lids.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Feb 4th, 2002, Huagang, Initial the project + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct security_operations *lids_secondary_ops; +__u32 lids_cap_bset; + +static inline int cap_limit_ptraced_target(void) { return 1; } + +static int +lids_ptrace_may_access(struct task_struct *child, unsigned int mode) +{ + int ret = 0; + + if (lids_load && lids_local_load) { + rcu_read_lock(); + if (!cap_issubset(__task_cred(child)->cap_permitted, + current_cred()->cap_permitted) && + (!lids_check_capable(child->cred, CAP_SYS_PTRACE, 1)) ) { + lids_security_alert("Attempt to trace pid %i\n", + child->pid); + ret = -EPERM; + } + rcu_read_unlock(); + } + return ret; +} + +static int +lids_ptrace_traceme(struct task_struct *parent) +{ + int ret = 0; + + if (lids_load && lids_local_load) { + rcu_read_lock(); + if (!cap_issubset(current_cred()->cap_permitted, + __task_cred(parent)->cap_permitted) && + lids_check_capable(parent->cred, CAP_SYS_PTRACE, 1)) { + lids_security_alert("Attempt to trace pid %i\n", + current->pid); + ret = -EPERM; + } + rcu_read_unlock(); + } + return ret; +} + +/* from security/commoncap.c */ +int lids_capget(struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) +{ + const struct cred *cred; + + /* Derived from kernel/capability.c:sys_capget. */ + rcu_read_lock(); + cred = __task_cred(target); + *effective = cred->cap_effective; + *inheritable = cred->cap_inheritable; + *permitted = cred->cap_permitted; + rcu_read_unlock(); + return 0; +} + +/* from security/commoncap.c */ +static inline int cap_inh_is_capped(void) +{ +#ifdef CONFIG_SECURITY_FILE_CAPABILITIES + + /* they are so limited unless the current task has the CAP_SETPCAP + * capability + */ + if (cap_capable(current, current_cred(), CAP_SETPCAP, + SECURITY_CAP_AUDIT) == 0) + return 0; +#endif + return 1; +} + + + +/* from security/commoncap.c */ +int lids_cap_capset(struct cred *new, + const struct cred *old, + const kernel_cap_t *effective, + const kernel_cap_t *inheritable, + const kernel_cap_t *permitted) +{ + if (lids_load) { + if (lids_load && lids_local_load) { + if (lids_check_capable(old, CAP_SETPCAP, 1)) { + return -EPERM; + } + } + + if (cap_inh_is_capped() && + !cap_issubset(*inheritable, + cap_combine(old->cap_inheritable, + old->cap_permitted))) + + /* incapable of using this inheritable set */ + return -EPERM; + + if (!cap_issubset(*inheritable, + cap_combine(old->cap_inheritable, + old->cap_bset))) + /* no new pI capabilities outside bounding set */ + return -EPERM; + + /* verify restrictions on target's new Permitted set */ + if (!cap_issubset(*permitted, old->cap_permitted)) { + if (lids_check_capset(new, *permitted, + cap_combine(new->cap_permitted, + current_cred()->cap_permitted))) { + lids_security_alert("capset_check permitted error, 0x%x, 0x%x", + *permitted, cap_combine(new->cap_permitted, + current_cred()->cap_permitted)) ; + return -EPERM; + } + + } + /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ + if (!cap_issubset(*effective, *permitted)) { + if (lids_check_capset(new, *effective, + cap_combine(new->cap_effective, + current_cred()->cap_permitted))) { + lids_security_alert("capset_check effective error, 0x%x, 0x%x", + *effective, *permitted); + return -EPERM; + } + } + + + new->cap_effective = *effective; + new->cap_inheritable = *inheritable; + new->cap_permitted = *permitted; + + } + + return 0; +} + +static int lids_capable(struct task_struct *tsk, const struct cred *cred, int cap, + int audit) +{ + if cap_raised(cred->cap_effective, cap) { + if (lids_load && lids_local_load) { + return lids_check_capable(tsk->cred, cap, 1); + } + + return 0; + } + return -EPERM; +} + +static inline void lids_cap_emulate_setxuid(struct cred *new, const struct cred *old) +{ + if ((old->uid == 0 || old->euid == 0 || old->suid == 0) && + (new->uid != 0 && new->euid != 0 && new->suid != 0) && + !issecure(SECURE_KEEP_CAPS)) { + cap_clear(new->cap_permitted); + cap_clear(new->cap_effective); + } + if (old->euid == 0 && new->euid != 0) + cap_clear(new->cap_effective); + if (old->euid != 0 && new->euid == 0) + new->cap_effective = new->cap_permitted; +} + +static int +lids_bprm_set_creds(struct linux_binprm *bprm) +{ + int ret=0; + + if (lids_load && lids_local_load) { + const struct cred *old = current_cred(); + struct cred *new = bprm->cred; + struct cred *p_cred = current->real_parent->cred; + bool effective; + + if (lids_execve(bprm)) + ret = -EPERM; + +#ifdef CONFIG_LIDS_TDE + struct dentry *dentry = dget(bprm->file->f_dentry); + struct lids_task_acl *current_task_acl, *p_current_task_acl; + struct lids_inode_acl *lids_acl; + struct lids_subject_acl *s_acl; + + current_task_acl = current_cred()->security; + p_current_task_acl = current->real_parent->cred->security; + + if (!current_task_acl) + goto OUT; + + if (!current_task_acl->s_acl) { + if (!lids_sandboxed(p_cred, p_current_task_acl)) { + goto OUT; + } + } + +#endif + + + effective = false; + if (ret < 0) + return ret; + + if (!issecure(SECURE_NOROOT)) { + /* + * To support inheritance of root-permissions and suid-root + * executables under compatibility mode, we override the + * capability sets for the file. + * + * If only the real uid is 0, we do not set the effective bit. + */ + if (new->euid == 0 || new->uid == 0) { + /* pP' = (cap_bset & ~0) | (pI & ~0) */ + new->cap_permitted = cap_combine(old->cap_bset, + old->cap_inheritable); + } + if (new->euid == 0) + effective = true; + } + + /* Don't let someone trace a set[ug]id/setpcap binary with the revised + * credentials unless they have the appropriate permit + */ + if ((new->euid != old->uid || + new->egid != old->gid || + !cap_issubset(new->cap_permitted, old->cap_permitted)) && + bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { + /* downgrade; they get no more than they had, and maybe less */ + if (!capable(CAP_SETUID)) { + new->euid = new->uid; + new->egid = new->gid; + } + if (cap_limit_ptraced_target()) + new->cap_permitted = cap_intersect(new->cap_permitted, + old->cap_permitted); + } + + new->suid = new->fsuid = new->euid; + new->sgid = new->fsgid = new->egid; + + /* For init, we want to retain the capabilities set in the initial + * task. Thus we skip the usual capability rules + */ + if (!is_global_init(current)) { + if (effective) + new->cap_effective = new->cap_permitted; + else + cap_clear(new->cap_effective); + } + bprm->cap_effective = effective; + + /* + * Audit candidate if current->cap_effective is set + * + * We do not bother to audit if 3 things are true: + * 1) cap_effective has all caps + * 2) we are root + * 3) root is supposed to have all caps (SECURE_NOROOT) + * Since this is just a normal root execing a process. + * + * Number 1 above might fail if you don't have a full bset, but I think + * that is interesting information to audit. + */ + if (!cap_isclear(new->cap_effective)) { + if (!cap_issubset(CAP_FULL_SET, new->cap_effective) || + new->euid != 0 || new->uid != 0 || + issecure(SECURE_NOROOT)) { + ret = audit_log_bprm_fcaps(bprm, new, old); + if (ret < 0) + return ret; + } + } + + new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); + +#ifdef CONFIG_LIDS_TDE + current_task_acl = current_cred()->security; + p_current_task_acl = current->real_parent->cred->security; + + if (!current_task_acl) + goto OUT; + + if (!current_task_acl->s_acl) + goto OUT; + + /* if real_parent is already sandboxed current must be sandboxed */ + if (current_task_acl != NULL && lids_sandboxed(current_cred(), current_task_acl) != 0) { + /* + LIDS_DBG("Parent process [pid %d] is already " + "sandboxed, current_pid=%d, current_caps=0x%lx, " + "real_parent_caps=0x%lx\n", current->real_parent->pid, + current->pid, current_task_acl->s_acl->sys_cap.cap[0], + p_current_task_acl->s_acl->sys_cap.cap[0]); + */ + goto lids_sandbox_out; + } + + if (dentry && dentry->d_inode) { + lids_acl = lids_do_get_acl(dentry->d_inode); + + if (!lids_acl) { + s_acl = NULL; + } + else + { + s_acl = lids_acl->s_acl; + } + + if (current_task_acl->s_acl && s_acl && + test_bit(LIDS_SANDBOX, (void *)&s_acl->ext_cap)) { + lids_cap_raise(current_task_acl->s_acl->ext_cap, LIDS_SANDBOX); + current_task_acl->s_acl->sys_cap.cap[0] = + current_task_acl->s_acl->sys_cap.cap[0] | + (CAP_LIDS_SANDBOX_EFF_SET); + + LIDS_DBG("Process [pid %d ppid %d] is sandboxed\n", current->pid, current->real_parent->pid); + } + } +lids_sandbox_out: + dput(dentry); +#endif + +OUT: + if (lids_secondary_ops) + lids_secondary_ops->bprm_set_creds(bprm); + } + return ret; +} + +static inline void bprm_clear_caps(struct linux_binprm *bprm) +{ + cap_clear(bprm->cred->cap_permitted); + bprm->cap_effective = false; +} + +static inline int get_file_caps(struct linux_binprm *bprm, bool *effective) + { + return 0; + } + +static int lids_file_mmap(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags, unsigned long addr, unsigned long addr_only) +{ + int rc = 0; + + if (lids_load && lids_local_load) + rc = lids_check_file_mmap(file, reqprot, prot, flags); + + return rc; +} + + +#ifndef MODULE +static int __init +lids_load_setup(char *str) +{ + lids_load = simple_strtol(str, NULL, 0); + return 1; +} +#endif + +static int lids_sb_mount(char *dev_name, struct path *path, char *type, + unsigned long flags, void *data) +{ + struct dentry *dentry = path->dentry; + + if (IS_ROOT(dentry)) { + if (!lids_init_setup) + do_lids_setup(); + + } + return 0; +} + +static int lids_sb_kern_mount(struct super_block *sb, int flags, void *data) +{ + return 0; +} + +static void lids_sb_post_remount(struct vfsmount *mnt, unsigned long flags, + void *data) +{ + struct vfsmount *parent; + + + parent = mnt->mnt_parent; + + if (parent == mnt || IS_ROOT(mnt->mnt_mountpoint)) { + if (!lids_init_setup) + do_lids_setup(); + + } + + + return; +} + +static void lids_inode_free_security(struct inode *inode) +{ + struct xt_mark_target_info *markinfo = inode->i_security; + + if (!markinfo) { + return; + } + inode->i_security = NULL; + kfree(markinfo); + if (lids_load && lids_local_load) + lids_free_inode_acl(inode->i_security); + return; +} + +static void lids_file_free_security(struct file *file) +{ + file->f_security = NULL; +} + +static int lids_inode_link(struct dentry *old_dentry, struct inode *inode, + struct dentry *new_dentry) +{ + int rc = 0; + + if (lids_secondary_ops) + rc = lids_secondary_ops->inode_link(old_dentry, inode, + new_dentry); + + return rc; +} + +static int lids_inode_unlink(struct inode *inode, struct dentry *dentry) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, inode->i_ino, inode->i_sb->s_dev, + dentry->d_iname, "unlink"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_symlink(struct inode *inode, struct dentry *dentry, const char *name) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, inode->i_ino, inode->i_sb->s_dev, + dentry->d_iname, "symlink"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_mkdir(struct inode *inode, struct dentry *dentry, int mask) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, inode->i_ino, inode->i_sb->s_dev, + dentry->d_iname, "mkdir"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_rmdir(struct inode *inode, struct dentry *dentry) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, inode->i_ino, inode->i_sb->s_dev, + dentry->d_iname, "rmdir"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_mknod(struct inode *inode, struct dentry *dentry, + int major, dev_t minor) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, inode->i_ino, inode->i_sb->s_dev, + dentry->d_iname, "mknod"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_rename(struct inode *old_inode, + struct dentry *old_dentry, + struct inode *new_inode, struct dentry *new_dentry) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(old_dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, old_inode->i_ino, + old_inode->i_sb->s_dev, old_dentry->d_iname, + "rename to"); + return LIDS_ERROR(-EPERM); + } + if (lids_check_base(new_dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, new_inode->i_ino, + new_inode->i_sb->s_dev, new_dentry->d_iname, + "rename from"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_readlink(struct dentry *dentry) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_READONLY)) { + lids_alert(LIDS_WRITE, dentry->d_inode->i_ino, + dentry->d_inode->i_sb->s_dev, + dentry->d_iname, "readlink"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) +{ + int rc = 0; + + if (lids_secondary_ops) + rc = lids_secondary_ops->inode_follow_link(dentry, nameidata); + + if (rc) + return rc; + + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_READONLY)) { + + lids_alert(LIDS_WRITE, dentry->d_inode->i_ino, + dentry->d_inode->i_sb->s_dev, + dentry->d_iname, "followlink_readonly"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_permission(struct inode *inode, int mask) +{ + struct list_head *head, *next, *tmp; + int error = 0; + struct dentry *d; + + if (!(lids_load && lids_local_load)) + return 0; + + /* we will not due with other type */ + + spin_lock(&dcache_lock); + head = &inode->i_dentry; + next = inode->i_dentry.next; + + while (next != head) { + tmp = next; + next = tmp->next; + d = list_entry(tmp, struct dentry, d_alias); + + spin_unlock(&dcache_lock); + + if ((mask & MAY_APPEND)) { + error = lids_check_base(d, LIDS_APPEND); + if (error) { + lids_alert(LIDS_APPEND, inode->i_ino, + inode->i_sb->s_dev, d->d_iname, + "open"); + error = LIDS_ERROR(-EPERM); + } + } else if ((mask & MAY_WRITE)) { + error = lids_check_base(d, LIDS_WRITE); + if (error) { + lids_alert(LIDS_WRITE, inode->i_ino, + inode->i_sb->s_dev, d->d_iname, + "open"); + error = LIDS_ERROR(-EPERM); + } + } else { + error = lids_check_base(d, LIDS_READONLY); + if (error) { + lids_alert(LIDS_READONLY, inode->i_ino, + inode->i_sb->s_dev, d->d_iname, + "open"); + error = LIDS_ERROR(-ENOENT); + } + + } + spin_lock(&dcache_lock); + } + spin_unlock(&dcache_lock); + return error; +} + +static int lids_inode_setattr(struct dentry *dentry, struct iattr *iattr) +{ + if (lids_load && lids_local_load) { + if (lids_check_base(dentry, LIDS_WRITE)) { + lids_alert(LIDS_WRITE, dentry->d_inode->i_ino, + dentry->d_inode->i_sb->s_dev, + dentry->d_iname, "setattr"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_inode_setxattr(struct dentry *dentry, const char *name, + const void *value, size_t size, int flags) +{ + if (!strcmp(name, XATTR_NAME_LIDS)) { + if (lids_load && lids_local_load) { + lids_security_alert(" setxattr denied for %s\n", name); + return -EPERM; + } + } + return 0; +} + +static int lids_inode_getxattr(struct dentry *dentry, const char *name) +{ + if (!strcmp(name, XATTR_NAME_LIDS)) { + if (lids_load && lids_local_load) { + lids_security_alert(" getxattr denied for %s\n", name); + return -EPERM; + } + /* recal the task */ + } + return 0; +} + +static int lids_inode_removexattr(struct dentry *dentry, const char *name) +{ + if (!strcmp(name, XATTR_NAME_LIDS)) { + if (lids_load && lids_local_load) { + lids_security_alert(" removexattr denied for %s\n", + name); + return -EPERM; + } + } + return 0; +} + +static void lids_d_instantiate(struct dentry *dentry, struct inode *inode) +{ + return; +} + +static int lids_file_permission(struct file *file, int mask) +{ + if (lids_load && lids_local_load) { + struct inode *inode = file->f_path.dentry->d_inode; + + if (inode && S_ISBLK(inode->i_mode) && + lids_check_capable(current_cred(), CAP_SYS_RAWIO, 1)) { + if (mask & MAY_WRITE) { + lids_security_alert("CAP_SYS_RAWIO violation: " + "Attempt to write to raw device %d:%d", + MAJOR(inode->i_sb->s_dev), + MINOR(inode->i_sb->s_dev)); + } else { + lids_security_alert("CAP_SYS_RAWIO violation: " + "Attempt to read from raw device %d:%d", + MAJOR(inode->i_sb->s_dev), + MINOR(inode->i_sb->s_dev)); + } + return LIDS_ERROR(-EPERM); + } +#ifdef CONFIG_LIDS_TDE + lids_tde_policy(&(file->f_path), current); +#endif + } + return 0; +} + +static int lids_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) +{ + const struct lids_task_acl *old_task_acl; + struct lids_task_acl *task_acl; + + old_task_acl = old->security; + + task_acl = kmemdup(old_task_acl, sizeof(struct lids_task_acl), gfp); + if (!task_acl) + return -ENOMEM; + + new->security = task_acl; + new->cap_bset.cap[0] = lids_cap_bset; + + if (lids_load && lids_local_load) { + if (lids_fork_task(new, old)) + return -EPERM; + } + + return 0; +} + +static void lids_cred_free(struct cred *cred) +{ + if (lids_load && lids_local_load) { + struct lids_task_acl *task_acl; + + task_acl = cred->security; + + cred->security = NULL; + kfree(task_acl); + } +} + +static void lids_cred_commit(struct cred *new, const struct cred *old) +{ + if (lids_load && lids_local_load) { + struct lids_task_acl *old_task_acl = old->security; + struct lids_task_acl *new_task_acl = new->security; + + if (old_task_acl != NULL) { + if (old_task_acl -> s_acl != NULL) { + new_task_acl->s_acl = old_task_acl->s_acl; + } + } + } +} + +static void lids_task_free_security(struct task_struct *p) +{ + if (lids_load && lids_local_load) { + struct lids_task_acl *task_acl; + struct cred *cred; + + task_acl = p->cred->security; + task_lock(p); + cred = p->cred; + cred->security = NULL; + task_unlock(p); + + lids_free_task_acl(task_acl); + } + return; +} + +static int lids_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid) +{ + if (lids_load && lids_local_load && p->cred->security) { + if (lids_check_task_kill(p, info, sig)) + return -EPERM; + } + return 0; +} + +#ifdef CONFIG_SECURITY_NETWORK + +static int lids_socket_create(int family, int type, int protocol, int kern) +{ + if (kern) + return 0; + if (lids_load && lids_local_load && family == AF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_CREATE) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_CREATE, + "LIDS_SOCKET_CREATE", "create socket"); + return LIDS_ERROR(-EPERM); + } + if (type == SOCK_DGRAM) { + if (lids_ext_capable(current, LIDS_SOCKET_CREATE_UDP) < + 0) { + lids_alert(LIDS_SOCKET, -1, + LIDS_SOCKET_CREATE_UDP, + "LIDS_SOCKET_CREATE_UDP", + "create udp socket"); + return LIDS_ERROR(-EPERM); + } + } else if (type == SOCK_STREAM) { + if (lids_ext_capable(current, LIDS_SOCKET_CREATE_TCP) < + 0) { + lids_alert(LIDS_SOCKET, -1, + LIDS_SOCKET_CREATE_TCP, + "LIDS_SOCKET_CREATE_TCP", + "create tcp socket"); + return LIDS_ERROR(-EPERM); + } + } + } + return 0; +} + +static int lids_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) +{ +#ifdef CONFIG_LIDS_NF_MARK + struct lids_task_acl *task_acl; + struct lids_subject_acl *s_acl; + struct xt_mark_target_info *markinfo; + if (lids_load && lids_local_load && family == AF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_NF_MARK) < 0) { + struct inode *inode = SOCK_INODE(sock); + if (inode) { + task_acl = current_cred()->security; + s_acl = task_acl->s_acl; + markinfo = kmalloc(sizeof(struct xt_mark_target_info), GFP_KERNEL); + markinfo->mark = s_acl->mark; + /* FIXME, need lock?? */ + inode->i_security = markinfo; + LIDS_DBG("DEV: [%d %d] Mark socket as %d \n", + current->pid, current->real_parent->pid, + markinfo->mark); + } + } + } +#endif + return 0; +} + +static int lids_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) +{ + struct sockaddr_in *addr = (struct sockaddr_in *) address; + struct lids_task_acl *current_task_acl = current_cred()->security; + char str[32]; + + if (lids_load && lids_local_load && address + && address->sa_family == AF_INET) { + if (current_task_acl) { + if (lids_sandboxed(current_cred(), current_task_acl) && + (lids_check_capable(current_cred(), CAP_NET_BIND_SERVICE, 1) || + !lids_bind_checker(ntohs(addr->sin_port)))) { + lids_security_alert("Attempt to bind %u.%u.%u.%u:%d", + NIPQUAD(addr->sin_addr), + ntohs(addr->sin_port)); + return -EPERM; + } + } + + if (lids_ext_capable(current, LIDS_SOCKET_BIND) < 0 || + lids_bind_checker(ntohs(addr->sin_port)) < 0 +) { + snprintf(str, 32, "bind %u.%u.%u.%u:%d", + NIPQUAD(addr->sin_addr), + ntohs(addr->sin_port)); + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_BIND, + "LIDS_SOCKET_BIND", str); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) +{ + struct sockaddr_in *addr = (struct sockaddr_in *) address; + char str[32]; + + struct lids_task_acl *current_task_acl; + current_task_acl = current_cred()->security; + + if (lids_load && lids_local_load + && address && address->sa_family == AF_INET) { + if (current_task_acl) { + if (lids_sandboxed(current_cred(), current_task_acl) && + (lids_check_capable(current_cred(), CAP_NET_BROADCAST, 1) || + !lids_broadcast_port(ntohs(addr->sin_port)))) { + lids_security_alert("Attempt to connect %u.%u.%u.%u:%d", + NIPQUAD(addr->sin_addr), + ntohs(addr->sin_port)); + return -EPERM; + } + } + + if (lids_ext_capable(current, LIDS_SOCKET_CONNECT) < 0) { + snprintf(str, 32, "connect %u.%u.%u.%u:%d", + NIPQUAD(addr->sin_addr), + ntohs(addr->sin_port)); + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_CONNECT, + "LIDS_SOCKET_CONNECT", str); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_listen(struct socket *sock, int backlog) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_LISTEN) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_LISTEN, + "LIDS_SOCKET_LISTEN", "listen"); + return LIDS_ERROR(-EPERM); + } + } + + return 0; +} + +static int lids_socket_accept(struct socket *sock, struct socket *newsock) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_ACCEPT) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_ACCEPT, + "LIDS_SOCKET_ACCEPT", "accept"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET + && sk->sk_type == SOCK_DGRAM) { + if (lids_ext_capable(current, LIDS_SOCKET_SENDMSG) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_SENDMSG, + "LIDS_SOCKET_SENDMSG", "sendmsg"); + return LIDS_ERROR(-EPERM); + } + } + + return 0; +} + +static int lids_socket_recvmsg(struct socket *sock, struct msghdr *msg, + int size, int flags) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET + && sk->sk_type == SOCK_DGRAM) { + if (lids_ext_capable(current, LIDS_SOCKET_RECVMSG) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_RECVMSG, + "LIDS_SOCKET_RECVMSG", "recvmsg"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_getsockname(struct socket *sock) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_GETSOCKNAME) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_GETSOCKNAME, + "LIDS_SOCKET_GETSOCKNAME", "getsockname"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_getpeername(struct socket *sock) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_GETPEERNAME) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_GETPEERNAME, + "LIDS_SOCKET_GETPEERNAME", "getpeername"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_setsockopt(struct socket *sock, int level, int optname) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_SETSOCKOPT) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_SETSOCKOPT, + "LIDS_SOCKET_SETSOCKOPT", "setsockopt"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_getsockopt(struct socket *sock, int level, int optname) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_GETSOCKOPT) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_GETSOCKOPT, + "LIDS_SOCKET_GETSOCKOPT", "getsockopt"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} + +static int lids_socket_shutdown(struct socket *sock, int how) +{ + struct sock *sk = sock->sk; + + if (lids_load && lids_local_load && sk->sk_family == PF_INET) { + if (lids_ext_capable(current, LIDS_SOCKET_SHUTDOWN) < 0) { + lids_alert(LIDS_SOCKET, -1, LIDS_SOCKET_SHUTDOWN, + "LIDS_SOCKET_SHUTDOWN", "shutdown socket"); + return LIDS_ERROR(-EPERM); + } + } + return 0; +} +#endif /* CONFIG_SECURITY_NETWORK */ + +static int lids_netlink_send(struct sock *sk, struct sk_buff *skb) +{ + NETLINK_CB(skb).eff_cap = current_cred()->cap_effective; + return 0; +} + +static int lids_netlink_recv(struct sk_buff *skb, int cap) +{ + if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) + return -EPERM; + return 0; +} + +struct security_operations lids_security_ops = { + .name = "lids", + .ptrace_may_access = lids_ptrace_may_access, + .ptrace_traceme = lids_ptrace_traceme, + .capable = lids_capable, + .capget = lids_capget, + + .bprm_set_creds = lids_bprm_set_creds, + + .sb_post_remount = lids_sb_post_remount, + .sb_kern_mount = lids_sb_kern_mount, + .sb_mount = lids_sb_mount, + + .inode_free_security = lids_inode_free_security, + + .inode_link = lids_inode_link, + .inode_unlink = lids_inode_unlink, + .inode_symlink = lids_inode_symlink, + .inode_mkdir = lids_inode_mkdir, + .inode_rmdir = lids_inode_rmdir, + .inode_mknod = lids_inode_mknod, + .inode_rename = lids_inode_rename, + .inode_readlink = lids_inode_readlink, + .inode_follow_link = lids_inode_follow_link, + .inode_permission = lids_inode_permission, + .inode_setattr = lids_inode_setattr, + .inode_setxattr = lids_inode_setxattr, + .inode_getxattr = lids_inode_getxattr, + .inode_removexattr = lids_inode_removexattr, + + + .file_mmap = lids_file_mmap, + .file_free_security = lids_file_free_security, + + .d_instantiate = lids_d_instantiate, + .file_permission = lids_file_permission, + + .netlink_send = lids_netlink_send, + .netlink_recv = lids_netlink_recv, + + .task_kill = lids_task_kill, + + .cred_prepare = lids_cred_prepare, + .cred_free = lids_cred_free, + .cred_commit = lids_cred_commit, + +/* use common cap */ +#ifdef CONFIG_SECURITY_NETWORK + .socket_create = lids_socket_create, + .socket_post_create = lids_socket_post_create, + .socket_bind = lids_socket_bind, + .socket_connect = lids_socket_connect, + .socket_listen = lids_socket_listen, + .socket_accept = lids_socket_accept, + .socket_sendmsg = lids_socket_sendmsg, + .socket_recvmsg = lids_socket_recvmsg, + .socket_getsockname = lids_socket_getsockname, + .socket_getpeername = lids_socket_getpeername, + .socket_getsockopt = lids_socket_getsockopt, + .socket_setsockopt = lids_socket_setsockopt, + .socket_shutdown = lids_socket_shutdown, +#endif + +}; + +extern void setup_lids_module(void); + +static void __exit +lids_lsm_exit(void) +{ + struct task_struct *p; + + lids_load = 0; + + lids_sysctl_reset(); + rcu_read_lock(); + for_each_process(p) { + lids_task_free_security(p); + } + rcu_read_unlock(); + printk(KERN_INFO "LIDS: Successful exit\n"); +} + +static void lids_cred_init_security(void) +{ + struct cred *cred = (struct cred *) current_cred(); + struct lids_task_acl *task_acl; + + task_acl = kmalloc(sizeof (struct lids_task_acl), GFP_KERNEL); + + if (!task_acl) + printk(KERN_INFO "LIDS: kmalloc error \n"); + + task_acl->magic = LIDS_MAGIC; + task_acl->cred = cred; + task_acl->s_acl = NULL; + + INIT_LIST_HEAD(&task_acl->list); + spin_lock_init(&task_acl->t_lock); + + cred->security = task_acl; +} + +static int __init +lids_lsm_init(void) +{ + + printk(KERN_NOTICE "LIDS: Initializing...\n"); + + lids_init_setup = 0; + /* register ourselves with the security framework */ + if (register_security(&lids_security_ops)) { + printk(KERN_INFO "Failure registering LIDS with the kernel\n"); + return -EINVAL; + } + + lids_cred_init_security(); + + return 0; +} + +/* for passing parameter */ +__setup("lids=", lids_load_setup); +security_initcall(lids_lsm_init); +module_exit(lids_lsm_exit); + +MODULE_AUTHOR("LIDS Team"); +MODULE_DESCRIPTION("LIDS Module"); +MODULE_LICENSE("GPL"); diff -Nru linux-2.6.31.3.org/security/lids/.lids_lsm.o.cmd linux-2.6.31.3/security/lids/.lids_lsm.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_lsm.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_lsm.o.cmd 2009-09-20 11:57:06.000000000 -0400 @@ -0,0 +1,759 @@ +cmd_security/lids/lids_lsm.o := gcc -Wp,-MD,security/lids/.lids_lsm.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_lsm)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_lsm.o security/lids/lids_lsm.c + +deps_security/lids/lids_lsm.o := \ + security/lids/lids_lsm.c \ + $(wildcard include/config/security/file/capabilities.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/security/network.h) \ + $(wildcard include/config/lids/nf/mark.h) \ + include/linux/module.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/tracepoints.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/event/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/constructors.h) \ + $(wildcard include/config/sysfs.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/numa.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + include/linux/kmod.h \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + include/linux/tracepoint.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/trace/define_trace.h \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/security.h \ + $(wildcard include/config/security.h) \ + $(wildcard include/config/security/path.h) \ + $(wildcard include/config/security/network/xfrm.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/securityfs.h) \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/rculist.h \ + include/linux/path.h \ + include/linux/radix-tree.h \ + include/linux/prio_tree.h \ + include/linux/pid.h \ + include/linux/capability.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/binfmts.h \ + $(wildcard include/config/mmu.h) \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/sem.h \ + $(wildcard include/config/sysvipc.h) \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/shm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmparam.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmbuf.h \ + include/linux/mm.h \ + $(wildcard include/config/sysctl.h) \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/rbtree.h \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mm/owner.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/msg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msgbuf.h \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + include/linux/key.h \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/xfrm.h \ + include/net/flow.h \ + include/linux/in6.h \ + include/linux/skbuff.h \ + $(wildcard include/config/nf/conntrack.h) \ + $(wildcard include/config/bridge/netfilter.h) \ + $(wildcard include/config/has/dma.h) \ + $(wildcard include/config/xfrm.h) \ + $(wildcard include/config/net/sched.h) \ + $(wildcard include/config/net/cls/act.h) \ + $(wildcard include/config/ipv6/ndisc/nodetype.h) \ + $(wildcard include/config/mac80211.h) \ + $(wildcard include/config/net/dma.h) \ + $(wildcard include/config/network/secmark.h) \ + include/linux/kmemcheck.h \ + include/linux/net.h \ + include/linux/socket.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/socket.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sockios.h \ + include/linux/sockios.h \ + include/linux/random.h \ + include/linux/irqnr.h \ + include/linux/textsearch.h \ + include/net/checksum.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/checksum.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/checksum_32.h \ + include/linux/dmaengine.h \ + $(wildcard include/config/dma/engine.h) \ + $(wildcard include/config/async/tx/dma.h) \ + include/linux/device.h \ + $(wildcard include/config/debug/devres.h) \ + include/linux/ioport.h \ + include/linux/klist.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/device.h \ + $(wildcard include/config/dmar.h) \ + include/linux/pm_wakeup.h \ + $(wildcard include/config/pm.h) \ + include/linux/dma-mapping.h \ + $(wildcard include/config/have/dma/attrs.h) \ + include/linux/dma-attrs.h \ + include/linux/bug.h \ + include/linux/scatterlist.h \ + $(wildcard include/config/debug/sg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/scatterlist.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_32.h \ + include/asm-generic/iomap.h \ + include/linux/vmalloc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/dma-mapping.h \ + include/linux/dma-debug.h \ + $(wildcard include/config/dma/api/debug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swiotlb.h \ + $(wildcard include/config/swiotlb.h) \ + include/linux/swiotlb.h \ + include/asm-generic/dma-coherent.h \ + $(wildcard include/config/have/generic/dma/coherent.h) \ + include/asm-generic/dma-mapping-common.h \ + include/linux/netlink.h \ + include/linux/ip.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + include/net/sock.h \ + $(wildcard include/config/net/ns.h) \ + include/linux/list_nulls.h \ + include/linux/netdevice.h \ + $(wildcard include/config/dcb.h) \ + $(wildcard include/config/wlan/80211.h) \ + $(wildcard include/config/ax25.h) \ + $(wildcard include/config/mac80211/mesh.h) \ + $(wildcard include/config/tr.h) \ + $(wildcard include/config/net/ipip.h) \ + $(wildcard include/config/net/ipgre.h) \ + $(wildcard include/config/ipv6/sit.h) \ + $(wildcard include/config/ipv6/tunnel.h) \ + $(wildcard include/config/netpoll.h) \ + $(wildcard include/config/net/poll/controller.h) \ + $(wildcard include/config/fcoe.h) \ + $(wildcard include/config/wireless/ext.h) \ + $(wildcard include/config/net/dsa.h) \ + $(wildcard include/config/net/dsa/tag/dsa.h) \ + $(wildcard include/config/net/dsa/tag/trailer.h) \ + $(wildcard include/config/netpoll/trap.h) \ + include/linux/if.h \ + include/linux/hdlc/ioctl.h \ + include/linux/if_ether.h \ + include/linux/if_packet.h \ + include/linux/ethtool.h \ + include/net/net_namespace.h \ + $(wildcard include/config/ipv6.h) \ + $(wildcard include/config/ip/dccp.h) \ + $(wildcard include/config/netfilter.h) \ + $(wildcard include/config/net.h) \ + include/net/netns/core.h \ + include/net/netns/mib.h \ + $(wildcard include/config/xfrm/statistics.h) \ + include/net/snmp.h \ + include/linux/snmp.h \ + include/net/netns/unix.h \ + include/net/netns/packet.h \ + include/net/netns/ipv4.h \ + $(wildcard include/config/ip/multiple/tables.h) \ + $(wildcard include/config/ip/mroute.h) \ + $(wildcard include/config/ip/pimsm/v1.h) \ + $(wildcard include/config/ip/pimsm/v2.h) \ + include/net/inet_frag.h \ + include/net/netns/ipv6.h \ + $(wildcard include/config/ipv6/multiple/tables.h) \ + $(wildcard include/config/ipv6/mroute.h) \ + $(wildcard include/config/ipv6/pimsm/v2.h) \ + include/net/netns/dccp.h \ + include/net/netns/x_tables.h \ + include/linux/netfilter.h \ + $(wildcard include/config/netfilter/debug.h) \ + $(wildcard include/config/nf/nat/needed.h) \ + include/linux/in.h \ + include/linux/proc_fs.h \ + $(wildcard include/config/proc/devicetree.h) \ + $(wildcard include/config/proc/kcore.h) \ + include/linux/magic.h \ + include/net/netns/xfrm.h \ + include/linux/seq_file_net.h \ + include/linux/seq_file.h \ + include/net/dsa.h \ + include/linux/interrupt.h \ + $(wildcard include/config/generic/irq/probe.h) \ + $(wildcard include/config/debug/shirq.h) \ + include/linux/irqreturn.h \ + include/linux/hardirq.h \ + $(wildcard include/config/virt/cpu/accounting.h) \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/ftrace_irq.h \ + $(wildcard include/config/ftrace/nmi/enter.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/hardirq.h \ + $(wildcard include/config/x86/mce.h) \ + $(wildcard include/config/x86/mce/threshold.h) \ + include/linux/irq.h \ + $(wildcard include/config/irq/per/cpu.h) \ + $(wildcard include/config/irq/release/method.h) \ + $(wildcard include/config/intr/remap.h) \ + $(wildcard include/config/generic/pending/irq.h) \ + $(wildcard include/config/numa/irq/desc.h) \ + $(wildcard include/config/generic/hardirqs/no//do/irq.h) \ + $(wildcard include/config/cpumasks/offstack.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_regs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/hw_irq.h \ + include/linux/profile.h \ + $(wildcard include/config/profiling.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sections.h \ + include/asm-generic/sections.h \ + include/linux/filter.h \ + include/linux/rculist_nulls.h \ + include/linux/poll.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/poll.h \ + include/asm-generic/poll.h \ + include/net/dst.h \ + $(wildcard include/config/net/cls/route.h) \ + include/linux/rtnetlink.h \ + include/linux/if_link.h \ + include/linux/if_addr.h \ + include/linux/neighbour.h \ + include/net/neighbour.h \ + include/net/rtnetlink.h \ + include/net/netlink.h \ + include/linux/mount.h \ + include/linux/namei.h \ + include/linux/audit.h \ + $(wildcard include/config/change.h) \ + include/linux/posix-timers.h \ + +security/lids/lids_lsm.o: $(deps_security/lids/lids_lsm.o) + +$(deps_security/lids/lids_lsm.o): diff -Nru linux-2.6.31.3.org/security/lids/.lids.o.cmd linux-2.6.31.3/security/lids/.lids.o.cmd --- linux-2.6.31.3.org/security/lids/.lids.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids.o.cmd 2009-09-20 11:57:13.000000000 -0400 @@ -0,0 +1 @@ +cmd_security/lids/lids.o := ld -m elf_i386 -r -o security/lids/lids.o security/lids/lids_lsm.o security/lids/lids_acl.o security/lids/lids_cap.o security/lids/lids_sysctl.o security/lids/lids_init.o security/lids/lids_logs.o security/lids/lids_utils.o security/lids/lids_tpe.o security/lids/lids_tde.o diff -Nru linux-2.6.31.3.org/security/lids/lids_socket.c linux-2.6.31.3/security/lids/lids_socket.c --- linux-2.6.31.3.org/security/lids/lids_socket.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_socket.c 2009-01-17 10:32:52.000000000 -0500 @@ -0,0 +1,33 @@ +/* + * LIDS Socket functions + * + * Copyright (C) 2002,2003 Huagang Xie + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int lids_socket_perm(struct task_struct *tsk, int type) +{ + struct lids_sys_acl *tsk_sys_acl = tsk->security; + + if (tsk_sys_acl && test_bit(type, &(tsk_sys_acl->socket))) + return -EPERM; + + return 0; +} diff -Nru linux-2.6.31.3.org/security/lids/lids_sysctl.c linux-2.6.31.3/security/lids/lids_sysctl.c --- linux-2.6.31.3.org/security/lids/lids_sysctl.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_sysctl.c 2009-10-09 11:46:33.000000000 -0400 @@ -0,0 +1,430 @@ +/* + * LIDS sysctl functions + * + * Copyright (C) 2002 Huagang Xie + * Copyright (C) 2002 Philippe Biondi + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +extern int lids_init(void); +static struct dentry *lids_dentry; + +static int lids_proc_locks_read(struct file *filp, void __user *buffer, size_t size, loff_t *ppos); +static int lids_proc_locks_write(struct file *filp, void __user *buffer, size_t size, loff_t *ppos); + +struct lids_s_inode lidsadm; +static struct timer_list fail_timer; + +/*********************************************************************** + *********************************************************************** + * + * Now, the sysctl procedures + * + *********************************************************************** + ***********************************************************************/ + +/*********************************************************************** + * + * What is needed to lock init children + * + */ + +int lids_last_pid; + +int +lids_sysctl_init(void) +{ + printk(KERN_NOTICE "LIDS: Initializing sysctl\n"); + int error = create_lidsfs(); + printk(KERN_NOTICE "LIDS: creating lidsfs\n"); + return error; +} + +void +lids_sysctl_reset(void) +{ + remove_lidsfs(); + return; +} + +static int +lids_load_conf(void) +{ + int old_lids_local_on; + int old_lids_local_pid; + int error; + struct cred *cred = current->cred; + struct cred *p_cred = current->real_parent->cred; + + old_lids_local_on = lids_local_on; + old_lids_local_pid = lids_local_pid; + if (lids_load && lids_local_load) { + LIDS_DBG + ("Let's give lidsadm (pid %i) the right to read the conf\n", + current->pid); + lids_local_pid = current->pid; + lids_local_on = 0; + } + + error = lids_init(); + + if (error) + return -1; + + /* cap_bset=locks.cap_bset; */ + cred->cap_bset = lids_cap_val; + p_cred->cap_bset = lids_cap_val; + lids_cap_bset = lids_cap_val.cap[0]; + + printk(KERN_INFO "LIDS: Attaching ACLs to Processes\n"); + + lids_setup_task_acl(lids_state); + + printk(KERN_INFO "LIDS: GLOBAL and %s state Config. files loaded\n", + lids_state_name[lids_state - 1]); + + if (lids_state <= LIDS_STATE_SHUTDOWN) { + printk(KERN_INFO "LIDS: Switching to %s state\n", + lids_state_name[lids_state - 1]); + } else { + printk(KERN_INFO "LIDS: Invalid State %d\n", lids_state); + } + + lids_local_pid = old_lids_local_pid; + lids_local_on = old_lids_local_on; + + return 0; +} + +/*********************************************************************** + * + * The one which process flags changes + * + * return value: + * + * 0 successful + * -1 failed + * + */ + +static int +lids_process_flags(lids_flags_t flags) +{ + int error = 0; + + lids_process_switch(); + +#ifdef CONFIG_LIDS_TPE + if (lids_tpe != (lids_flag_raised(flags, LIDS_FLAGS_TPE_ON) != 0)) { + /* if TPE mode change request */ + lids_tpe = (lids_flag_raised(flags, LIDS_FLAGS_TPE_ON) != 0); + lids_security_alert("LIDS TPE mode %s", + lids_tpe ? "on" : "off"); + if (lids_tpe) + lids_flag_raise(lids_flags, LIDS_FLAGS_TPE_ON); + else + lids_flag_lower(lids_flags, LIDS_FLAGS_TPE_ON); + } +#else + if (lids_flag_raised(flags, LIDS_FLAGS_TPE_ON)) { + lids_security_alert("Attempt to switch TPE mode on " + "(feature disabled)"); + return -1; + } +#endif + + /* if the kernel is sealed, enter "POSTBOOT" */ + if (lids_first_time) { + lids_state = LIDS_STATE_POSTBOOT; + struct lids_task_acl *task_acl = current->cred->security; + struct lids_task_acl *p_task_acl = current->real_parent->cred->security; + + error = lids_load_conf(); + if (!error) { + lids_flag_raise(lids_flags, LIDS_FLAGS_POSTBOOT); + lids_flag_lower(lids_flags, LIDS_FLAGS_INIT); + } + return error; + } + + if (lids_acl_discovery != + (lids_flag_raised(flags, LIDS_FLAGS_ACL_DISCOVERY_ON) != 0)) { + /* if ACL_DISCOVERY mode change request */ + lids_acl_discovery = + (lids_flag_raised(flags, LIDS_FLAGS_ACL_DISCOVERY_ON) != 0); + lids_security_alert("LIDS acl discovery mode %s", + lids_acl_discovery ? "on" : "off"); + if (lids_acl_discovery) + lids_flag_raise(lids_flags, + LIDS_FLAGS_ACL_DISCOVERY_ON); + else + lids_flag_lower(lids_flags, + LIDS_FLAGS_ACL_DISCOVERY_ON); + } + + /* if the flags raised as shutdown, change the state */ + if (lids_flag_raised(flags, LIDS_FLAGS_SHUTDOWN) + && (lids_state != LIDS_STATE_SHUTDOWN)) { + lids_state = LIDS_STATE_SHUTDOWN; + error = lids_load_conf(); + if (!error) + lids_flag_raise(lids_flags, LIDS_FLAGS_SHUTDOWN); + } else if (lids_flag_raised(flags, LIDS_FLAGS_RELOAD_CONF)) { + /* Config file reload */ + if (lids_load && !lids_local_on && lids_local_load) { + printk(KERN_WARNING + "Can't reload config files if an LFS is opened and we are not in\n"); + } else { + error = lids_load_conf(); + } + } + + return error; +} + +/* sha 256 routine */ + +static int +lids_sha256(char *passwd, int len, char *result) +{ + struct scatterlist sg; + struct hash_desc lids_hash_desc = { + .tfm = NULL, + .flags = 0 + }; + + lids_hash_desc.tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); + if (lids_hash_desc.tfm == NULL) { + printk(KERN_INFO "failed to load transform for sha256"); + return -1; + } + + + + memset(result, 0, LIDS_PW_LEN * 2); + +/* + sg.page = virt_to_page(passwd); + sg.offset = offset_in_page(passwd); + sg.length = len; +*/ + + sg_init_one(&sg, passwd, len); + + crypto_hash_init(&lids_hash_desc); + crypto_hash_update(&lids_hash_desc, &sg, len); + crypto_hash_final(&lids_hash_desc, result); + + crypto_free_hash(lids_hash_desc.tfm); + return 0; +} + +/*********************************************************************** + * + * The one which set/get security features + * + */ + +static int number_failed; +static int wait_after_fail; + +/* called by timer */ +static void +reenable_sysctl(unsigned long user_data) +{ + number_failed = 0; + wait_after_fail = 0; +} + +static int +lids_proc_locks_read(struct file *filp, void __user *buffer, + size_t size, loff_t *ppos) +{ + lids_locks_t locks; + struct dentry *dentry; + struct tty_struct *tty = current->signal->tty; + + /* first: check the terminal and the program which access the sysctl */ + if (lids_check_tty(tty)) { + lids_security_alert + ("Attempt to %s locks sysctl (unauthorized terminal)", "read"); + return -EPERM; + } + + dentry = lids_get_task_dentry(current, current->cred); + if (dentry == NULL || (dentry->d_inode->i_ino != lidsadm.ino) || + MAJOR(dentry->d_inode->i_sb->s_dev) != lidsadm.dev.major || + MINOR(dentry->d_inode->i_sb->s_dev) != lidsadm.dev.minor) { + lids_security_alert + ("Attempt to %s locks sysctl (unauthorised program)", "read"); + return -EPERM; + } + /* second: check wether it is not a timeout period after two many failed attempts */ + + if (wait_after_fail) { + lids_security_alert("Attempt to %s locks sysctl during timeout", "read"); + return -EPERM; + } + + if (copy_from_user(&locks, buffer, sizeof(lids_locks_t))) { + return -EFAULT; + } + + locks.cap_bset.cap[0] = lids_cap_bset; + locks.flags = lids_flags; + + LIDS_DBG("Sending caps=%#0x flags=%#0x\n", locks.cap_bset, + locks.flags); + if (size < sizeof(lids_locks_t)) + return -EINVAL; + if (copy_to_user(buffer, &locks, sizeof(lids_locks_t))) + return 0; +} + +static int +lids_proc_locks_write(struct file *filp, void __user *buffer, + size_t size, loff_t *ppos) +{ + lids_locks_t locks; + struct dentry *dentry; + struct tty_struct *tty = current->signal->tty; + + /* first: check the terminal and the program which access the sysctl */ + + if (lids_check_tty(tty)) { + lids_security_alert + ("Attempt to %s locks sysctl (unauthorized terminal)", "write"); + return -EPERM; + } + + dentry = lids_get_task_dentry(current, current->cred); + if (dentry == NULL || (dentry->d_inode->i_ino != lidsadm.ino) || + MAJOR(dentry->d_inode->i_sb->s_dev) != lidsadm.dev.major || + MINOR(dentry->d_inode->i_sb->s_dev) != lidsadm.dev.minor) { + lids_security_alert + ("Attempt to %s locks sysctl (unauthorised program)", "write"); + return -EPERM; + } + /* second: check wether it is not a timeout period after two many failed attempts */ + + if (wait_after_fail) { + lids_security_alert("Attempt to %s locks sysctl during timeout", "write"); + return -EPERM; + } + + /* Third : check what is submitted (size, magics, passwd) */ + if (size != sizeof(lids_locks_t)) { + lids_security_alert + ("Attempt to feed locks sysctl with garbage"); + return -EINVAL; + } + if (copy_from_user(&locks, buffer, sizeof(lids_locks_t))) + return -EFAULT; + if ((locks.magic1 != LIDS_MAGIC_1) + || (locks.magic2 != LIDS_MAGIC_2) + || (locks.magic3 != LIDS_MAGIC_3) + || (locks.magic4 != LIDS_MAGIC_4)) { + memset((char *) locks.passwd, '\0', sizeof(passwd_t)); + lids_security_alert + ("Attempt to feed locks sysctl bad magic numbers"); + return -EINVAL; + } + lids_process_password(); + return 0; +} + + +static struct file_operations lidsfs_control_ops = { + .read = &lids_proc_locks_read, + .write = &lids_proc_locks_write, +}; + +static void lidsfs_remove(const char *name) +{ + struct dentry *dentry; + + dentry = lookup_one_len(name, lids_dentry, strlen(name)); + if (!IS_ERR(dentry)) { + securityfs_remove(dentry); + dput(dentry); + } +} + +static int lidsfs_create(const char *name, int mask, struct file_operations *fops) +{ + struct dentry *dentry; + + dentry = securityfs_create_file(name, S_IFREG | mask, lids_dentry, + NULL, fops); + + return IS_ERR(dentry) ? PTR_ERR(dentry) : 0; +} + +int create_lidsfs(void) +{ + int error; + printk(KERN_INFO "LIDS: LIDS creating securityfs...\n"); + if (lids_dentry) { + printk(KERN_INFO "LIDS: LIDS securityfs already exists\n"); + return -EEXIST; + } + + lids_dentry = securityfs_create_dir("lids", NULL); + if (IS_ERR(lids_dentry)) { + error = PTR_ERR(lids_dentry); + lids_dentry = NULL; + goto error; + } + error = lidsfs_create("locks", 0600, &lidsfs_control_ops); + if (error) + goto error; + + return error; + +error: + remove_lidsfs(); + printk(KERN_INFO "LIDS: Error creating LIDS securityfs\n"); + return error; +} + +void remove_lidsfs(void) +{ + if (lids_dentry) { + lidsfs_remove("locks"); + securityfs_remove(lids_dentry); + lids_dentry = NULL; + } +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_sysctl.o.cmd linux-2.6.31.3/security/lids/.lids_sysctl.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_sysctl.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_sysctl.o.cmd 2009-09-20 11:57:09.000000000 -0400 @@ -0,0 +1,615 @@ +cmd_security/lids/lids_sysctl.o := gcc -Wp,-MD,security/lids/.lids_sysctl.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_sysctl)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_sysctl.o security/lids/lids_sysctl.c + +deps_security/lids/lids_sysctl.o := \ + security/lids/lids_sysctl.c \ + $(wildcard include/config/lids/tpe.h) \ + include/linux/module.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/tracepoints.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/event/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/constructors.h) \ + $(wildcard include/config/sysfs.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/numa.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + include/linux/kmod.h \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + include/linux/tracepoint.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/trace/define_trace.h \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/prio_tree.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/path.h \ + include/linux/pid.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rculist.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + $(wildcard include/config/security.h) \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/security.h \ + $(wildcard include/config/security/path.h) \ + $(wildcard include/config/security/network.h) \ + $(wildcard include/config/security/network/xfrm.h) \ + $(wildcard include/config/securityfs.h) \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/radix-tree.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/binfmts.h \ + include/linux/shm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmparam.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/shmbuf.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/msg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msgbuf.h \ + include/linux/xfrm.h \ + include/net/flow.h \ + include/linux/in6.h \ + include/linux/mman.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mman.h \ + include/asm-generic/mman-common.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/file.h \ + include/linux/uaccess.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + include/linux/scatterlist.h \ + $(wildcard include/config/debug/sg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/scatterlist.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_32.h \ + include/asm-generic/iomap.h \ + include/linux/vmalloc.h \ + include/linux/crypto.h \ + include/linux/highmem.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cacheflush.h \ + $(wildcard include/config/debug/rodata.h) \ + $(wildcard include/config/debug/rodata/test.h) \ + include/linux/namei.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + security/lids/include/linux/lids_sysctl.h \ + $(wildcard include/config/lids/allow/lfs.h) \ + +security/lids/lids_sysctl.o: $(deps_security/lids/lids_sysctl.o) + +$(deps_security/lids/lids_sysctl.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_tde.c linux-2.6.31.3/security/lids/lids_tde.c --- linux-2.6.31.3.org/security/lids/lids_tde.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_tde.c 2009-10-09 11:47:17.000000000 -0400 @@ -0,0 +1,268 @@ +/* + * LIDS - Trusted Domain Enforcement + * + * Author: Yusuf Wilajati Purna + * + * Copyright 2004 Yusuf Wilajati Purna + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; version 2 of the License. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +struct lids_s_inode lidsdevtty; + +int +lids_sandboxed(const struct cred *cred, struct lids_task_acl *task_acl) +{ + if (!cred) + return 0; + if (!task_acl) + return 0; + + if (!(task_acl->s_acl)) + return 0; + + if (task_acl == NULL) + return 0; + + if (task_acl->s_acl == NULL) + return 0; + + if (task_acl->s_acl->ext_cap == NULL) + return 0; + + if (!(task_acl->s_acl->ext_cap)) + return 0; + + if (!(lids_cap_raised(task_acl->s_acl->ext_cap, LIDS_SANDBOX))) + return 0; + + return 1; +} + +/* +int +lids_trusted_domain(struct task_struct *task) +{ + int trusted = 0; + + if (task->pid == 1) { + trusted = 1; + goto out; + } + + struct lids_task_acl *task_acl = task->cred->security; + + if (task_acl || task_acl->s_acl) + trusted = 1; +out: + return trusted; +} +*/ + +void +lids_tde_policy(struct path *path, struct task_struct *task) +{ + + struct lids_task_acl *task_acl = task->cred->security; + struct lids_subject_acl *task_s_acl = NULL; + int retval = 0; + + if (task_acl) { + task_s_acl = task_acl->s_acl; + } + + if (!(lids_load && lids_local_load)) + goto out; + + if (path == NULL) + goto out; + + if (!(path)) + goto out; + + /* + * Ignore a process reading info from /proc/xxx. + * Is it OK? + */ + if (!(path->dentry)) + goto out; + + if (path->dentry->d_inode && + (MAJOR(path->dentry->d_inode->i_sb->s_dev) == 0)) { + goto out; + } + + /* + * A non-sandboxed process whose LIDS_CAP_PROTECTED is a special process. + * Ignore the process. + */ + + if (task_s_acl) { + if (!lids_sandboxed(task->cred, task_acl) && lids_cap_raised(task_s_acl->ext_cap, LIDS_CAP_PROTECTED)) + goto out; + } + + if (!task_s_acl) + goto out; + + /* For the time being, ignore init (pid: 1) */ + if (task->pid == 1) + goto out; + + /* Ignore TDE in BOOT state with ACL_DISCOVERY mode */ + if (lids_acl_discovery) { + if (lids_state == LIDS_STATE_BOOT) + goto out; + } + + retval = lids_protected(path->dentry, LIDS_APPEND); + if (!retval && + (task_acl->s_acl->sys_cap.cap[0] || task_acl->s_acl)) { + char *filebuf, *pathname; + __u32 ext_cap; + + filebuf = (char *) __get_free_page(GFP_KERNEL); + if (filebuf != NULL) + pathname = lids_find_fullpathname(path, + filebuf, + PAGE_SIZE); + else + pathname = (char *) path->dentry->d_name.name; + + lids_security_alert("Enforce TDE policy! " + "Read unprotected input %s ", + pathname); + + if (lids_acl_discovery) { + printk(KERN_INFO + "LIDS_ACL_DISCOVERY:[state %d]" + "%d:%d::%d:0:%ld:%d:%s:0-0\n", + lids_state, 0, 0, LIDS_READONLY, + path->dentry->d_inode->i_ino, + path->dentry->d_inode->i_sb->s_dev, + pathname); + goto out1; + } + + /* + * if the process is sandboxed just initialize the caps + * with the safe LIDS sandbox caps value set. + */ + if (lids_sandboxed(task->cred, task_acl)) { + task_lock(task); + task_acl->s_acl->sys_cap.cap[0] = + task_acl->s_acl->sys_cap.cap[0] & + CAP_LIDS_SANDBOX_SAFE_SET; + task_unlock(task); + goto out1; + } + + if ((ext_cap = task_acl->s_acl->ext_cap)) { + lids_clear_lids_task_acl(task_acl); + task_acl->s_acl->ext_cap = ext_cap; + } else { + task_lock(task); + task_acl->s_acl->sys_cap.cap[0] = 0x0UL; + task_acl->s_acl = NULL; + task_unlock(task); + lids_free_subject_acl(task_acl->s_acl); + } +out1: + free_page((unsigned long) filebuf); + } +out: + return; +} + +int +lids_read_dev_tty(void) +{ + int error = 0; + struct dentry *dentry; + struct nameidata nd; + + lidsdevtty.ino = 0; + lidsdevtty.dev.major = 0; + lidsdevtty.dev.minor = 0; + + error = path_lookup(LIDS_DEV_TTY_PATH, LOOKUP_FOLLOW, &nd); + if (error) { + LIDS_DBG("PID=%d: path_lookup for %s failed\n", current->pid, + LIDS_DEV_TTY_PATH); + goto out; + } + + dentry = nd.path.dentry; + + if (IS_ERR(dentry) || !dentry) { + LIDS_DBG("PID=%d: %s not found\n", current->pid, + LIDS_DEV_TTY_PATH); + error = PTR_ERR(dentry); + goto out1; + } + + if (!dentry->d_inode || !dentry->d_inode->i_sb->s_dev || + !dentry->d_inode->i_ino) { + LIDS_DBG("PID=%d: no entry for %s\n", current->pid, + LIDS_DEV_TTY_PATH); + error = -ENOENT; + goto out1; + } + + lidsdevtty.ino = dentry->d_inode->i_ino; + lidsdevtty.dev.major = MAJOR(dentry->d_inode->i_sb->s_dev); + lidsdevtty.dev.major = MINOR(dentry->d_inode->i_sb->s_dev); + + LIDS_DBG("PID=%d: %s (dev %d:%d inode %ld)\n", + current->pid, LIDS_DEV_TTY_PATH, + MAJOR(dentry->d_inode->i_sb->s_dev), + MINOR(dentry->d_inode->i_sb->s_dev), + dentry->d_inode->i_ino); +out1: + dput(nd.path.dentry); + mntput_no_expire(nd.path.mnt); +out: + return error; +} + +int +lids_dev_tty(struct dentry *base) +{ + int retval = 0; + + if (!base || !base->d_inode) + return retval; + + if ((base->d_inode->i_ino == lidsdevtty.ino) && + (MAJOR(base->d_inode->i_sb->s_dev) == lidsdevtty.dev.major) && + (MINOR(base->d_inode->i_sb->s_dev) == lidsdevtty.dev.minor)) + retval = 1; + + return retval; +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_tde.o.cmd linux-2.6.31.3/security/lids/.lids_tde.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_tde.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_tde.o.cmd 2009-09-20 11:57:13.000000000 -0400 @@ -0,0 +1,566 @@ +cmd_security/lids/lids_tde.o := gcc -Wp,-MD,security/lids/.lids_tde.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_tde)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_tde.o security/lids/lids_tde.c + +deps_security/lids/lids_tde.o := \ + security/lids/lids_tde.c \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/sysfs.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/security.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/preempt.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/linkage.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/32.h) \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/wait.h \ + $(wildcard include/config/lockdep.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/numa.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/rculist.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/seqlock.h \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + include/linux/path.h \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/math64.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/radix-tree.h \ + include/linux/prio_tree.h \ + include/linux/pid.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/sysctl.h \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/linux/tracepoint.h \ + $(wildcard include/config/tracepoints.h) \ + include/trace/define_trace.h \ + $(wildcard include/config/event/tracing.h) \ + include/linux/kmalloc_sizes.h \ + include/linux/tty.h \ + $(wildcard include/config/audit.h) \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + include/linux/workqueue.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/jiffies.h \ + include/linux/timex.h \ + $(wildcard include/config/no/hz.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/binfmts.h \ + $(wildcard include/config/mmu.h) \ + include/linux/securebits.h \ + include/asm-generic/siginfo.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + include/linux/module.h \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/constructors.h) \ + include/linux/kmod.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/proc_fs.h \ + $(wildcard include/config/proc/devicetree.h) \ + $(wildcard include/config/proc/kcore.h) \ + include/linux/magic.h \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/mount.h \ + include/linux/namei.h \ + +security/lids/lids_tde.o: $(deps_security/lids/lids_tde.o) + +$(deps_security/lids/lids_tde.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_tpe.c linux-2.6.31.3/security/lids/lids_tpe.c --- linux-2.6.31.3.org/security/lids/lids_tpe.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_tpe.c 2009-08-29 14:12:16.000000000 -0400 @@ -0,0 +1,266 @@ +/* + * LIDS - Trusted Path Execution (TPE) + * + * Author: Yusuf Wilajati Purna + * + * Copyright 2001-2004 Sony Corporation. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; version 2 of the License. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include + +#include +#include + +#define MODNAME_MAX 256 + +/* + * Switch TPE mode off as the + * initial state. + */ +int lids_tpe; + +int +lids_exec_tpe_permission(struct linux_binprm *bprm) +{ + int error = 0; + struct dentry *dentry; + + if (current->real_parent->pid == 0) + return 0; + + if (!bprm || !bprm->file) + return 0; + + if (!(lids_load && lids_local_load)) + return 0; + + if (!lids_tpe) + return 0; + + dentry = dget(bprm->file->f_path.dentry); + + /* Check if binary is protected */ + + if (!lids_protected(dentry, LIDS_APPEND)) { + char *buffer = NULL, *pathname; + + buffer = (char *) __get_free_page(GFP_KERNEL); + if (buffer != NULL) { + pathname = lids_find_fullpathname(&bprm->file->f_path, + buffer, + PAGE_SIZE); + } else { + pathname = (char *) dentry->d_name.name; + } + + lids_security_alert("TPE violation! " + "Attempt to exec unprotected program " + "%s (dev %d:%d inode %ld)", + pathname, + MAJOR(dentry->d_inode->i_sb->s_dev), + MINOR(dentry->d_inode->i_sb->s_dev), + dentry->d_inode->i_ino); + if (lids_acl_discovery) + printk(KERN_INFO + "LIDS_ACL_DISCOVERY:[state %d]" + "%d:%d::%d:0:%ld:%d:%s:0-0\n", + lids_state, 0, 0, LIDS_READONLY, + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev, + pathname); + else + error = -EACCES; + + free_page((unsigned long) buffer); + } + dput(dentry); + return error; +} + +int +lids_mmap_tpe_permission(struct file *file, unsigned long prot, + unsigned long flags) +{ + int error = 0; + struct dentry *dentry; + + if (!(lids_load && lids_local_load)) + return 0; + + if (!lids_tpe) + return 0; + + if (!file) + return 0; + + if (!(prot & PROT_EXEC)) + return 0; + + dentry = dget(file->f_path.dentry); + + /* Check if the mmap'ed file is protected */ + + if (!lids_protected(dentry, LIDS_APPEND)) { + char *buffer = NULL, *pathname; + + buffer = (char *) __get_free_page(GFP_KERNEL); + if (buffer != NULL) { + pathname = lids_find_fullpathname(&file->f_path, buffer, + PAGE_SIZE); + } else { + pathname = (char *) dentry->d_name.name; + } + + lids_security_alert("TPE violation! " + "Attempt to mmap %s (dev %d:%d inode %ld)", + pathname, + MAJOR(dentry->d_inode->i_sb->s_dev), + MINOR(dentry->d_inode->i_sb->s_dev), + dentry->d_inode->i_ino); + if (lids_acl_discovery) + printk(KERN_INFO + "LIDS_ACL_DISCOVERY:[state %d]" + "%d:%d::%d:0:%ld:%d:%s:0-0\n", + lids_state, 0, 0, LIDS_READONLY, + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev, + pathname); + else + error = -EACCES; + + free_page((unsigned long) buffer); + } + dput(dentry); + return error; +} + +int +lids_module_tpe_permission(struct module *mod) +{ + char *modpath, *mark, *p, *q; + int error = 0, n, namelen; + struct dentry *dentry; + const struct kernel_symbol *sym; + struct nameidata nd; + + if (!(lids_load && lids_local_load)) + return 0; + + if (!lids_tpe) + return 0; + + namelen = strlen(mod->name); + if (unlikely(namelen > MODNAME_MAX)) { + error = -EINVAL; + goto out1; + } + + mark = (char *) kmalloc(sizeof(char) * (MODNAME_MAX + 12), GFP_KERNEL); + if (mark == NULL) { + error = -ENOMEM; + goto out1; + } + sprintf(mark, "__insmod_%s_O", mod->name); + + modpath = (char *) kmalloc(sizeof(char) * (PATH_MAX + 1), GFP_KERNEL); + if (modpath == NULL) { + error = -ENOMEM; + goto out2; + } + + /* Get the module path */ + + sym = mod->syms; + for (n = 0; n < mod->num_syms; n++) { + if (strstr(sym->name, mark)) { + if (unlikely + (strlen(sym->name + 11 + namelen) > PATH_MAX)) { + error = -EINVAL; + goto out3; + } + strcpy(modpath, sym->name + 11 + namelen); + p = modpath; + q = p; + while ((p = strstr(p, mod->name))) { + q = p; + p++; + } + *(q + namelen + 2) = '\0'; + break; + } + sym++; + } + + if (unlikely(strstr(modpath, mod->name) == NULL)) { + error = -ENOENT; + goto out3; + } + + + + if (path_lookup(modpath, LOOKUP_FOLLOW, &nd)) { + error = -ENOENT; + goto out3; + } + + dentry = nd.path.dentry; + + if (IS_ERR(dentry) || !dentry) { + error = -ENOENT; + goto out4; + } + + if (!dentry->d_inode || + !dentry->d_inode->i_sb->s_dev || !dentry->d_inode->i_ino) { + error = -ENOENT; + goto out4; + } + + /* Check if the module path is protected */ + + if (!lids_protected(dentry, LIDS_APPEND)) { + lids_security_alert("TPE violation! " + "Attempt to load unprotected module %s " + "(dev %d:%d inode %ld)", + modpath, + MAJOR(dentry->d_inode->i_sb->s_dev), + MINOR(dentry->d_inode->i_sb->s_dev), + dentry->d_inode->i_ino); + if (lids_acl_discovery) + printk(KERN_INFO "LIDS_ACL_DISCOVERY:[state %d]" + "%d:%d::%d:0:%ld:%d:%s:0-0\n", + lids_state, 0, 0, LIDS_READONLY, + dentry->d_inode->i_ino, + dentry->d_inode->i_sb->s_dev, modpath); + else + error = -EPERM; + } + out4: + path_put(&nd.path); + out3: + kfree(modpath); + out2: + kfree(mark); + out1: + return error; +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_tpe.o.cmd linux-2.6.31.3/security/lids/.lids_tpe.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_tpe.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_tpe.o.cmd 2009-09-20 11:57:12.000000000 -0400 @@ -0,0 +1,584 @@ +cmd_security/lids/lids_tpe.o := gcc -Wp,-MD,security/lids/.lids_tpe.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_tpe)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_tpe.o security/lids/lids_tpe.c + +deps_security/lids/lids_tpe.o := \ + security/lids/lids_tpe.c \ + include/linux/module.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/modversions.h) \ + $(wildcard include/config/unused/symbols.h) \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/kallsyms.h) \ + $(wildcard include/config/markers.h) \ + $(wildcard include/config/tracepoints.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/event/tracing.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + $(wildcard include/config/module/unload.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/constructors.h) \ + $(wildcard include/config/sysfs.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + $(wildcard include/config/x86/32.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/numa.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/linkage.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/seqlock.h \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + $(wildcard include/config/preempt.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lockdep.h) \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/math64.h \ + include/linux/kmod.h \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/wait.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/nodemask.h \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/elf.h \ + include/linux/elf-em.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/elf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/user_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vdso.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ldt.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/moduleparam.h \ + $(wildcard include/config/alpha.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/ppc64.h) \ + include/linux/marker.h \ + include/linux/tracepoint.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/local.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/trace/define_trace.h \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/module.h \ + $(wildcard include/config/m486.h) \ + $(wildcard include/config/m586.h) \ + $(wildcard include/config/m586tsc.h) \ + $(wildcard include/config/m586mmx.h) \ + $(wildcard include/config/mcore2.h) \ + $(wildcard include/config/m686.h) \ + $(wildcard include/config/mpentiumii.h) \ + $(wildcard include/config/mpentiumiii.h) \ + $(wildcard include/config/mpentiumm.h) \ + $(wildcard include/config/mpentium4.h) \ + $(wildcard include/config/mk6.h) \ + $(wildcard include/config/mk8.h) \ + $(wildcard include/config/x86/elan.h) \ + $(wildcard include/config/mcrusoe.h) \ + $(wildcard include/config/mefficeon.h) \ + $(wildcard include/config/mwinchipc6.h) \ + $(wildcard include/config/mwinchip3d.h) \ + $(wildcard include/config/mcyrixiii.h) \ + $(wildcard include/config/mviac3/2.h) \ + $(wildcard include/config/mviac7.h) \ + $(wildcard include/config/mgeodegx1.h) \ + $(wildcard include/config/mgeode/lx.h) \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + include/linux/prio_tree.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/path.h \ + include/linux/pid.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rculist.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + $(wildcard include/config/security.h) \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/radix-tree.h \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/lids/tde.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/binfmts.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + include/linux/mman.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mman.h \ + include/asm-generic/mman-common.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/namei.h \ + +security/lids/lids_tpe.o: $(deps_security/lids/lids_tpe.o) + +$(deps_security/lids/lids_tpe.o): diff -Nru linux-2.6.31.3.org/security/lids/lids_utils.c linux-2.6.31.3/security/lids/lids_utils.c --- linux-2.6.31.3.org/security/lids/lids_utils.c 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/lids_utils.c 2009-08-22 08:04:04.000000000 -0400 @@ -0,0 +1,88 @@ +/* + * LIDS - Miscellaneous Utilities + * + * Author: Yusuf Wilajati Purna + * + * Copyright 2004 Yusuf Wilajati Purna + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; version 2 of the License. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +/** + * lids_find_fullpathname - return one of possible full pathnames of a dentry + * @dentry - dentry to report + * @buf - buffer into which the full pathname will be written + * @len - buffer length + * + * 'len' should be %PAGE_SIZE or more. + * Return ERR_PTR(-ENAMETOOLONG) if 'len' is less than the full pathname. + */ +char *lids_find_fullpathname(struct path *path, char *buf, int len) +{ + char *fullpathname; + struct dentry *sb_root = dget(path->dentry->d_sb->s_root); + struct nsproxy *n = current->nsproxy; + struct list_head *p; + struct vfsmount *mnt = NULL; + + list_for_each(p, &n->mnt_ns->list) { + mnt = list_entry(p, struct vfsmount, mnt_list); + if (mnt->mnt_root == sb_root) { + mntget(mnt); + break; + } + } + dput(sb_root); + + fullpathname = d_path(path, buf, len); + mntput(mnt); + + return fullpathname; +} diff -Nru linux-2.6.31.3.org/security/lids/.lids_utils.o.cmd linux-2.6.31.3/security/lids/.lids_utils.o.cmd --- linux-2.6.31.3.org/security/lids/.lids_utils.o.cmd 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/.lids_utils.o.cmd 2009-09-20 11:57:12.000000000 -0400 @@ -0,0 +1,558 @@ +cmd_security/lids/lids_utils.o := gcc -Wp,-MD,security/lids/.lids_utils.o.d -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.3.3/include -Iinclude -I/usr/src/linux-2.6.31-rc7/arch/x86/include -include include/linux/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -Os -m32 -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=2 -march=i386 -mtune=generic -Wa,-mtune=generic32 -ffreestanding -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -Isecurity/lids/include -D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(lids_utils)" -D"KBUILD_MODNAME=KBUILD_STR(lids)" -c -o security/lids/.tmp_lids_utils.o security/lids/lids_utils.c + +deps_security/lids/lids_utils.o := \ + security/lids/lids_utils.c \ + include/linux/fs.h \ + $(wildcard include/config/dnotify.h) \ + $(wildcard include/config/sysfs.h) \ + $(wildcard include/config/smp.h) \ + $(wildcard include/config/quota.h) \ + $(wildcard include/config/fsnotify.h) \ + $(wildcard include/config/inotify.h) \ + $(wildcard include/config/security.h) \ + $(wildcard include/config/fs/posix/acl.h) \ + $(wildcard include/config/preempt.h) \ + $(wildcard include/config/epoll.h) \ + $(wildcard include/config/debug/writecount.h) \ + $(wildcard include/config/file/locking.h) \ + $(wildcard include/config/auditsyscall.h) \ + $(wildcard include/config/block.h) \ + $(wildcard include/config/fs/xip.h) \ + $(wildcard include/config/migration.h) \ + include/linux/limits.h \ + include/linux/ioctl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctl.h \ + include/asm-generic/ioctl.h \ + include/linux/linkage.h \ + include/linux/compiler.h \ + $(wildcard include/config/trace/branch/profiling.h) \ + $(wildcard include/config/profile/all/branches.h) \ + $(wildcard include/config/enable/must/check.h) \ + $(wildcard include/config/enable/warn/deprecated.h) \ + include/linux/compiler-gcc.h \ + $(wildcard include/config/arch/supports/optimized/inlining.h) \ + $(wildcard include/config/optimize/inlining.h) \ + include/linux/compiler-gcc4.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/linkage.h \ + $(wildcard include/config/x86/32.h) \ + $(wildcard include/config/x86/64.h) \ + $(wildcard include/config/x86/alignment/16.h) \ + include/linux/stringify.h \ + include/linux/wait.h \ + $(wildcard include/config/lockdep.h) \ + include/linux/list.h \ + $(wildcard include/config/debug/list.h) \ + include/linux/stddef.h \ + include/linux/poison.h \ + include/linux/prefetch.h \ + include/linux/types.h \ + $(wildcard include/config/uid16.h) \ + $(wildcard include/config/lbdaf.h) \ + $(wildcard include/config/phys/addr/t/64bit.h) \ + $(wildcard include/config/64bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/types.h \ + $(wildcard include/config/highmem64g.h) \ + include/asm-generic/int-ll64.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitsperlong.h \ + include/asm-generic/bitsperlong.h \ + include/linux/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/posix_types_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor.h \ + $(wildcard include/config/x86/vsmp.h) \ + $(wildcard include/config/cc/stackprotector.h) \ + $(wildcard include/config/paravirt.h) \ + $(wildcard include/config/x86/debugctlmsr.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/processor-flags.h \ + $(wildcard include/config/vm86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/vm86.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace.h \ + $(wildcard include/config/x86/ptrace/bts.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ptrace-abi.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/segment.h \ + include/linux/init.h \ + $(wildcard include/config/modules.h) \ + $(wildcard include/config/hotplug.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/math_emu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sigcontext.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/current.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/percpu.h \ + $(wildcard include/config/x86/64/smp.h) \ + $(wildcard include/config/need/multiple/nodes.h) \ + include/linux/kernel.h \ + $(wildcard include/config/preempt/voluntary.h) \ + $(wildcard include/config/debug/spinlock/sleep.h) \ + $(wildcard include/config/prove/locking.h) \ + $(wildcard include/config/printk.h) \ + $(wildcard include/config/dynamic/debug.h) \ + $(wildcard include/config/ring/buffer.h) \ + $(wildcard include/config/tracing.h) \ + $(wildcard include/config/numa.h) \ + $(wildcard include/config/ftrace/mcount/record.h) \ + /usr/lib/gcc/i486-linux-gnu/4.3.3/include/stdarg.h \ + include/linux/bitops.h \ + $(wildcard include/config/generic/find/first/bit.h) \ + $(wildcard include/config/generic/find/last/bit.h) \ + $(wildcard include/config/generic/find/next/bit.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bitops.h \ + $(wildcard include/config/x86/cmov.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/alternative.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/asm.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpufeature.h \ + $(wildcard include/config/x86/invlpg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/required-features.h \ + $(wildcard include/config/x86/minimum/cpu/family.h) \ + $(wildcard include/config/math/emulation.h) \ + $(wildcard include/config/x86/pae.h) \ + $(wildcard include/config/x86/cmpxchg64.h) \ + $(wildcard include/config/x86/use/3dnow.h) \ + $(wildcard include/config/x86/p6/nop.h) \ + include/asm-generic/bitops/sched.h \ + include/asm-generic/bitops/hweight.h \ + include/asm-generic/bitops/fls64.h \ + include/asm-generic/bitops/ext2-non-atomic.h \ + include/asm-generic/bitops/le.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/byteorder.h \ + include/linux/byteorder/little_endian.h \ + include/linux/swab.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/swab.h \ + $(wildcard include/config/x86/bswap.h) \ + include/linux/byteorder/generic.h \ + include/asm-generic/bitops/minix.h \ + include/linux/log2.h \ + $(wildcard include/config/arch/has/ilog2/u32.h) \ + $(wildcard include/config/arch/has/ilog2/u64.h) \ + include/linux/typecheck.h \ + include/linux/ratelimit.h \ + include/linux/param.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/param.h \ + $(wildcard include/config/hz.h) \ + include/linux/dynamic_debug.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/bug.h \ + $(wildcard include/config/bug.h) \ + $(wildcard include/config/debug/bugverbose.h) \ + include/asm-generic/bug.h \ + $(wildcard include/config/generic/bug.h) \ + $(wildcard include/config/generic/bug/relative/pointers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/div64.h \ + include/asm-generic/percpu.h \ + $(wildcard include/config/debug/preempt.h) \ + $(wildcard include/config/have/setup/per/cpu/area.h) \ + include/linux/threads.h \ + $(wildcard include/config/nr/cpus.h) \ + $(wildcard include/config/base/small.h) \ + include/linux/percpu-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/system.h \ + $(wildcard include/config/ia32/emulation.h) \ + $(wildcard include/config/x86/32/lazy/gs.h) \ + $(wildcard include/config/x86/ppro/fence.h) \ + $(wildcard include/config/x86/oostore.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cmpxchg_32.h \ + $(wildcard include/config/x86/cmpxchg.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/nops.h \ + $(wildcard include/config/mk7.h) \ + include/linux/irqflags.h \ + $(wildcard include/config/trace/irqflags.h) \ + $(wildcard include/config/irqsoff/tracer.h) \ + $(wildcard include/config/preempt/tracer.h) \ + $(wildcard include/config/trace/irqflags/support.h) \ + $(wildcard include/config/x86.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irqflags.h \ + $(wildcard include/config/debug/lock/alloc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_types.h \ + include/linux/const.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32_types.h \ + $(wildcard include/config/highmem4g.h) \ + $(wildcard include/config/page/offset.h) \ + $(wildcard include/config/4kstacks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/page_32.h \ + $(wildcard include/config/hugetlb/page.h) \ + $(wildcard include/config/debug/virtual.h) \ + $(wildcard include/config/flatmem.h) \ + $(wildcard include/config/x86/3dnow.h) \ + include/linux/string.h \ + $(wildcard include/config/binary/printf.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/string_32.h \ + $(wildcard include/config/kmemcheck.h) \ + include/asm-generic/memory_model.h \ + $(wildcard include/config/discontigmem.h) \ + $(wildcard include/config/sparsemem/vmemmap.h) \ + $(wildcard include/config/sparsemem.h) \ + include/asm-generic/getorder.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_types.h \ + $(wildcard include/config/compat/vdso.h) \ + $(wildcard include/config/proc/fs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + $(wildcard include/config/highmem.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level_types.h \ + include/asm-generic/pgtable-nopud.h \ + include/asm-generic/pgtable-nopmd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/msr-index.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/errno.h \ + include/asm-generic/errno.h \ + include/asm-generic/errno-base.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cpumask.h \ + include/linux/cpumask.h \ + $(wildcard include/config/disable/obsolete/cpumask/functions.h) \ + $(wildcard include/config/hotplug/cpu.h) \ + $(wildcard include/config/cpumask/offstack.h) \ + $(wildcard include/config/debug/per/cpu/maps.h) \ + include/linux/bitmap.h \ + include/linux/errno.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/desc_defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ds.h \ + $(wildcard include/config/x86/ds.h) \ + include/linux/err.h \ + include/linux/personality.h \ + include/linux/cache.h \ + $(wildcard include/config/arch/has/cache/line/size.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cache.h \ + $(wildcard include/config/x86/l1/cache/shift.h) \ + include/linux/spinlock.h \ + $(wildcard include/config/debug/spinlock.h) \ + $(wildcard include/config/generic/lockbreak.h) \ + include/linux/preempt.h \ + $(wildcard include/config/preempt/notifiers.h) \ + include/linux/thread_info.h \ + $(wildcard include/config/compat.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/thread_info.h \ + $(wildcard include/config/debug/stack/usage.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ftrace.h \ + $(wildcard include/config/function/tracer.h) \ + $(wildcard include/config/dynamic/ftrace.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/atomic_32.h \ + $(wildcard include/config/m386.h) \ + include/asm-generic/atomic-long.h \ + include/linux/bottom_half.h \ + include/linux/spinlock_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock_types.h \ + include/linux/lockdep.h \ + $(wildcard include/config/lock/stat.h) \ + $(wildcard include/config/generic/hardirqs.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/spinlock.h \ + $(wildcard include/config/paravirt/spinlocks.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/rwlock.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/paravirt.h \ + $(wildcard include/config/x86/local/apic.h) \ + $(wildcard include/config/highpte.h) \ + $(wildcard include/config/paravirt/debug.h) \ + include/linux/spinlock_api_smp.h \ + include/linux/kdev_t.h \ + include/linux/dcache.h \ + include/linux/rculist.h \ + include/linux/rcupdate.h \ + $(wildcard include/config/classic/rcu.h) \ + $(wildcard include/config/tree/rcu.h) \ + $(wildcard include/config/preempt/rcu.h) \ + include/linux/seqlock.h \ + include/linux/completion.h \ + include/linux/rcuclassic.h \ + $(wildcard include/config/rcu/cpu/stall/detector.h) \ + include/linux/path.h \ + include/linux/stat.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/stat.h \ + include/linux/time.h \ + $(wildcard include/config/arch/uses/gettimeoffset.h) \ + include/linux/math64.h \ + include/linux/kobject.h \ + include/linux/sysfs.h \ + include/linux/kref.h \ + include/linux/radix-tree.h \ + include/linux/prio_tree.h \ + include/linux/pid.h \ + include/linux/mutex.h \ + $(wildcard include/config/debug/mutexes.h) \ + include/linux/capability.h \ + $(wildcard include/config/security/file/capabilities.h) \ + include/linux/semaphore.h \ + include/linux/fiemap.h \ + include/linux/quota.h \ + include/linux/rwsem.h \ + $(wildcard include/config/rwsem/generic/spinlock.h) \ + include/linux/rwsem-spinlock.h \ + include/linux/dqblk_xfs.h \ + include/linux/dqblk_v1.h \ + include/linux/dqblk_v2.h \ + include/linux/dqblk_qtree.h \ + include/linux/nfs_fs_i.h \ + include/linux/nfs.h \ + include/linux/sunrpc/msg_prot.h \ + include/linux/fcntl.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fcntl.h \ + include/asm-generic/fcntl.h \ + include/linux/mnt_namespace.h \ + include/linux/seq_file.h \ + include/linux/nodemask.h \ + include/linux/numa.h \ + $(wildcard include/config/nodes/shift.h) \ + include/linux/sched.h \ + $(wildcard include/config/sched/debug.h) \ + $(wildcard include/config/no/hz.h) \ + $(wildcard include/config/detect/softlockup.h) \ + $(wildcard include/config/detect/hung/task.h) \ + $(wildcard include/config/core/dump/default/elf/headers.h) \ + $(wildcard include/config/bsd/process/acct.h) \ + $(wildcard include/config/taskstats.h) \ + $(wildcard include/config/audit.h) \ + $(wildcard include/config/inotify/user.h) \ + $(wildcard include/config/posix/mqueue.h) \ + $(wildcard include/config/keys.h) \ + $(wildcard include/config/user/sched.h) \ + $(wildcard include/config/perf/counters.h) \ + $(wildcard include/config/schedstats.h) \ + $(wildcard include/config/task/delay/acct.h) \ + $(wildcard include/config/fair/group/sched.h) \ + $(wildcard include/config/rt/group/sched.h) \ + $(wildcard include/config/blk/dev/io/trace.h) \ + $(wildcard include/config/sysvipc.h) \ + $(wildcard include/config/rt/mutexes.h) \ + $(wildcard include/config/task/xacct.h) \ + $(wildcard include/config/cpusets.h) \ + $(wildcard include/config/cgroups.h) \ + $(wildcard include/config/futex.h) \ + $(wildcard include/config/fault/injection.h) \ + $(wildcard include/config/latencytop.h) \ + $(wildcard include/config/function/graph/tracer.h) \ + $(wildcard include/config/have/unstable/sched/clock.h) \ + $(wildcard include/config/preempt/bkl.h) \ + $(wildcard include/config/group/sched.h) \ + $(wildcard include/config/mm/owner.h) \ + include/linux/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/timex.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/tsc.h \ + $(wildcard include/config/x86/tsc.h) \ + include/linux/jiffies.h \ + include/linux/rbtree.h \ + include/linux/mm_types.h \ + $(wildcard include/config/split/ptlock/cpus.h) \ + $(wildcard include/config/want/page/debug/flags.h) \ + $(wildcard include/config/mmu.h) \ + $(wildcard include/config/mmu/notifier.h) \ + include/linux/auxvec.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/auxvec.h \ + include/linux/page-debug-flags.h \ + $(wildcard include/config/page/poisoning.h) \ + $(wildcard include/config/page/debug/something/else.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mmu.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cputime.h \ + include/asm-generic/cputime.h \ + include/linux/smp.h \ + $(wildcard include/config/use/generic/smp/helpers.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/smp.h \ + $(wildcard include/config/x86/io/apic.h) \ + $(wildcard include/config/x86/32/smp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec.h \ + $(wildcard include/config/x86/numaq.h) \ + $(wildcard include/config/mca.h) \ + $(wildcard include/config/eisa.h) \ + $(wildcard include/config/x86/mpparse.h) \ + $(wildcard include/config/acpi.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/mpspec_def.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apic.h \ + $(wildcard include/config/x86/x2apic.h) \ + include/linux/delay.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/delay.h \ + include/linux/pm.h \ + $(wildcard include/config/pm/sleep.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/apicdef.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/fixmap.h \ + $(wildcard include/config/x86/visws/apic.h) \ + $(wildcard include/config/x86/f00f/bug.h) \ + $(wildcard include/config/x86/cyclone/timer.h) \ + $(wildcard include/config/pci/mmconfig.h) \ + $(wildcard include/config/provide/ohci1394/dma/init.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/acpi.h \ + $(wildcard include/config/acpi/numa.h) \ + include/acpi/pdc_intel.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/numa_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/kmap_types.h \ + $(wildcard include/config/debug/highmem.h) \ + include/asm-generic/kmap_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/io_apic.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/irq_vectors.h \ + $(wildcard include/config/sparse/irq.h) \ + include/linux/sem.h \ + include/linux/ipc.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ipcbuf.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/sembuf.h \ + include/linux/signal.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/signal.h \ + include/asm-generic/signal-defs.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/siginfo.h \ + include/asm-generic/siginfo.h \ + include/linux/percpu.h \ + $(wildcard include/config/have/dynamic/per/cpu/area.h) \ + $(wildcard include/config/debug/kmemleak.h) \ + include/linux/slab.h \ + $(wildcard include/config/slab/debug.h) \ + $(wildcard include/config/debug/objects.h) \ + $(wildcard include/config/slub.h) \ + $(wildcard include/config/slob.h) \ + $(wildcard include/config/debug/slab.h) \ + include/linux/gfp.h \ + $(wildcard include/config/zone/dma.h) \ + $(wildcard include/config/zone/dma32.h) \ + $(wildcard include/config/debug/vm.h) \ + include/linux/mmzone.h \ + $(wildcard include/config/force/max/zoneorder.h) \ + $(wildcard include/config/memory/hotplug.h) \ + $(wildcard include/config/arch/populates/node/map.h) \ + $(wildcard include/config/flat/node/mem/map.h) \ + $(wildcard include/config/cgroup/mem/res/ctlr.h) \ + $(wildcard include/config/have/memory/present.h) \ + $(wildcard include/config/need/node/memmap/size.h) \ + $(wildcard include/config/have/arch/early/pfn/to/nid.h) \ + $(wildcard include/config/sparsemem/extreme.h) \ + $(wildcard include/config/nodes/span/other/nodes.h) \ + $(wildcard include/config/holes/in/zone.h) \ + $(wildcard include/config/arch/has/holes/memorymodel.h) \ + include/linux/pageblock-flags.h \ + $(wildcard include/config/hugetlb/page/size/variable.h) \ + include/linux/bounds.h \ + include/linux/memory_hotplug.h \ + $(wildcard include/config/have/arch/nodedata/extension.h) \ + $(wildcard include/config/memory/hotremove.h) \ + include/linux/notifier.h \ + include/linux/srcu.h \ + include/linux/topology.h \ + $(wildcard include/config/sched/smt.h) \ + $(wildcard include/config/sched/mc.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/topology.h \ + $(wildcard include/config/x86/ht.h) \ + $(wildcard include/config/x86/64/acpi/numa.h) \ + include/asm-generic/topology.h \ + include/linux/mmdebug.h \ + include/linux/slab_def.h \ + $(wildcard include/config/kmemtrace.h) \ + include/linux/kmemtrace.h \ + include/trace/events/kmem.h \ + include/linux/tracepoint.h \ + $(wildcard include/config/tracepoints.h) \ + include/trace/define_trace.h \ + $(wildcard include/config/event/tracing.h) \ + include/linux/kmalloc_sizes.h \ + include/linux/pfn.h \ + include/linux/proportions.h \ + include/linux/percpu_counter.h \ + include/linux/seccomp.h \ + $(wildcard include/config/seccomp.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/seccomp_32.h \ + include/linux/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unistd_32.h \ + include/linux/rtmutex.h \ + $(wildcard include/config/debug/rt/mutexes.h) \ + include/linux/plist.h \ + $(wildcard include/config/debug/pi/list.h) \ + include/linux/resource.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/resource.h \ + include/asm-generic/resource.h \ + include/linux/timer.h \ + $(wildcard include/config/timer/stats.h) \ + $(wildcard include/config/debug/objects/timers.h) \ + include/linux/ktime.h \ + $(wildcard include/config/ktime/scalar.h) \ + include/linux/debugobjects.h \ + $(wildcard include/config/debug/objects/free.h) \ + include/linux/hrtimer.h \ + $(wildcard include/config/high/res/timers.h) \ + include/linux/task_io_accounting.h \ + $(wildcard include/config/task/io/accounting.h) \ + include/linux/latencytop.h \ + include/linux/cred.h \ + include/linux/key.h \ + $(wildcard include/config/sysctl.h) \ + include/linux/sysctl.h \ + include/linux/aio.h \ + $(wildcard include/config/aio.h) \ + include/linux/workqueue.h \ + include/linux/aio_abi.h \ + include/linux/uio.h \ + include/linux/mm.h \ + $(wildcard include/config/stack/growsup.h) \ + $(wildcard include/config/swap.h) \ + $(wildcard include/config/shmem.h) \ + $(wildcard include/config/ia64.h) \ + $(wildcard include/config/debug/pagealloc.h) \ + $(wildcard include/config/hibernation.h) \ + include/linux/debug_locks.h \ + $(wildcard include/config/debug/locking/api/selftests.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable_32_types.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/pgtable-2level.h \ + include/asm-generic/pgtable.h \ + include/linux/page-flags.h \ + $(wildcard include/config/pageflags/extended.h) \ + $(wildcard include/config/have/mlocked/page/bit.h) \ + $(wildcard include/config/ia64/uncached/allocator.h) \ + $(wildcard include/config/s390.h) \ + include/linux/vmstat.h \ + $(wildcard include/config/vm/event/counters.h) \ + include/linux/proc_fs.h \ + $(wildcard include/config/proc/devicetree.h) \ + $(wildcard include/config/proc/kcore.h) \ + include/linux/magic.h \ + include/linux/smp_lock.h \ + $(wildcard include/config/lock/kernel.h) \ + include/linux/quotaops.h \ + include/linux/uaccess.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess.h \ + $(wildcard include/config/x86/wp/works/ok.h) \ + $(wildcard include/config/x86/intel/usercopy.h) \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/uaccess_32.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/unaligned.h \ + include/linux/unaligned/access_ok.h \ + include/linux/unaligned/generic.h \ + include/linux/namei.h \ + include/linux/highmem.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/cacheflush.h \ + $(wildcard include/config/debug/rodata.h) \ + $(wildcard include/config/debug/rodata/test.h) \ + include/linux/file.h \ + include/linux/tty.h \ + include/linux/major.h \ + include/linux/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termios.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/termbits.h \ + /usr/src/linux-2.6.31-rc7/arch/x86/include/asm/ioctls.h \ + include/linux/tty_driver.h \ + $(wildcard include/config/console/poll.h) \ + include/linux/cdev.h \ + include/linux/tty_ldisc.h \ + include/linux/nsproxy.h \ + $(wildcard include/config/cgroup/ns.h) \ + include/linux/mount.h \ + security/lids/include/linux/lidsext.h \ + $(wildcard include/config/lids/debug.h) \ + $(wildcard include/config/lids/restrict/mode/switch.h) \ + $(wildcard include/config/lids/mode/switch/console.h) \ + $(wildcard include/config/lids/mode/switch/serial.h) \ + $(wildcard include/config/lids/mode/switch/pty.h) \ + $(wildcard include/config/lids/no/flood/log.h) \ + $(wildcard include/config/lids/allow/switch.h) \ + $(wildcard include/config/lids/tde.h) \ + security/lids/include/linux/lidsif.h \ + $(wildcard include/config/lids/shrink/size.h) \ + include/linux/netfilter/xt_MARK.h \ + security/lids/include/linux/lids.h \ + $(wildcard include/config/sparc32.h) \ + $(wildcard include/config/ppc.h) \ + $(wildcard include/config/mips.h) \ + $(wildcard include/config/lids/tpe.h) \ + $(wildcard include/config/cap/lids/sandbox/eff/set.h) \ + include/linux/binfmts.h \ + include/linux/securebits.h \ + security/lids/include/linux/lidsext.h \ + security/lids/include/linux/lidsif.h \ + +security/lids/lids_utils.o: $(deps_security/lids/lids_utils.o) + +$(deps_security/lids/lids_utils.o): diff -Nru linux-2.6.31.3.org/security/lids/Makefile linux-2.6.31.3/security/lids/Makefile --- linux-2.6.31.3.org/security/lids/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/Makefile 2009-01-17 10:32:52.000000000 -0500 @@ -0,0 +1,13 @@ +# +# Makefile for the LIDS code +# + +EXTRA_CFLAGS += -Isecurity/lids/include + +obj-$(CONFIG_LIDS) := lids.o + +lids-objs := lids_lsm.o lids_acl.o lids_cap.o\ + lids_sysctl.o lids_init.o \ + lids_logs.o lids_utils.o +lids-$(CONFIG_LIDS_TPE) += lids_tpe.o +lids-$(CONFIG_LIDS_TDE) += lids_tde.o diff -Nru linux-2.6.31.3.org/security/lids/Makefile.in linux-2.6.31.3/security/lids/Makefile.in --- linux-2.6.31.3.org/security/lids/Makefile.in 1969-12-31 19:00:00.000000000 -0500 +++ linux-2.6.31.3/security/lids/Makefile.in 2009-01-17 10:32:52.000000000 -0500 @@ -0,0 +1,6 @@ +# for LIDS project +KBUILD_INCLUDE_PATHS=security/lids/include + +objlink(CONFIG_LIDS lids_lsm.o lids_acl.o lids_init.o lids_cap.o lids_sysctl.o lids_logs.o lids_lsm.o ) + +select(CONFIG_LIDS lids.o) diff -Nru linux-2.6.31.3.org/security/Makefile linux-2.6.31.3/security/Makefile --- linux-2.6.31.3.org/security/Makefile 2009-10-07 17:39:51.000000000 -0400 +++ linux-2.6.31.3/security/Makefile 2009-10-08 14:54:23.000000000 -0400 @@ -6,6 +6,7 @@ subdir-$(CONFIG_SECURITY_SELINUX) += selinux subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo +subdir-$(CONFIG_LIDS) += lids # always enable default capabilities obj-y += commoncap.o min_addr.o @@ -22,6 +23,9 @@ obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o +ifeq ($(CONFIG_LIDS),y) +obj-$(CONFIG_LIDS) += lids/built-in.o +endif # Object integrity file lists subdir-$(CONFIG_IMA) += integrity/ima