#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
-@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = {
- .getprocattr = apparmor_getprocattr,
- .setprocattr = apparmor_setprocattr,
-
-+ .socket_create = apparmor_socket_create,
-+ .socket_bind = apparmor_socket_bind,
-+ .socket_connect = apparmor_socket_connect,
-+ .socket_listen = apparmor_socket_listen,
-+ .socket_accept = apparmor_socket_accept,
-+ .socket_sendmsg = apparmor_socket_sendmsg,
-+ .socket_recvmsg = apparmor_socket_recvmsg,
-+ .socket_getsockname = apparmor_socket_getsockname,
-+ .socket_getpeername = apparmor_socket_getpeername,
-+ .socket_getsockopt = apparmor_socket_getsockopt,
-+ .socket_setsockopt = apparmor_socket_setsockopt,
-+ .socket_shutdown = apparmor_socket_shutdown,
-+
- .cred_alloc_blank = apparmor_cred_alloc_blank,
- .cred_free = apparmor_cred_free,
- .cred_prepare = apparmor_cred_prepare,
-@@ -949,4 +950,102 @@ static int apparmor_task_setrlimit(struct task_struct *task,
+@@ -610,5 +611,103 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
+}
+
- security_initcall(apparmor_init);
-
+ static int apparmor_task_setrlimit(struct task_struct *task,
+ unsigned int resource, struct rlimit *new_rlim)
+@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = {
+ .getprocattr = apparmor_getprocattr,
+ .setprocattr = apparmor_setprocattr,
+
++ .socket_create = apparmor_socket_create,
++ .socket_bind = apparmor_socket_bind,
++ .socket_connect = apparmor_socket_connect,
++ .socket_listen = apparmor_socket_listen,
++ .socket_accept = apparmor_socket_accept,
++ .socket_sendmsg = apparmor_socket_sendmsg,
++ .socket_recvmsg = apparmor_socket_recvmsg,
++ .socket_getsockname = apparmor_socket_getsockname,
++ .socket_getpeername = apparmor_socket_getpeername,
++ .socket_getsockopt = apparmor_socket_getsockopt,
++ .socket_setsockopt = apparmor_socket_setsockopt,
++ .socket_shutdown = apparmor_socket_shutdown,
++
+ .cred_alloc_blank = apparmor_cred_alloc_blank,
+ .cred_free = apparmor_cred_free,
+ .cred_prepare = apparmor_cred_prepare,
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
new file mode 100644
index 0000000..1765901
#endif
#ifdef CONFIG_SYSFS
+--- linux-3.0/fs/aufs/f_op_sp.c~ 2011-08-24 14:41:55.000000000 +0200
++++ linux-3.0/fs/aufs/f_op_sp.c 2011-08-24 14:54:22.072544774 +0200
+@@ -108,7 +108,7 @@
+ static int aufs_open_sp(struct inode *inode, struct file *file);
+ static struct au_sp_fop {
+ int done;
+- struct file_operations fop; /* not 'const' */
++ file_operations_no_const fop; /* not 'const' */
+ spinlock_t spin;
+ } au_sp_fop[AuSp_Last] = {
+ [AuSp_FIFO] = {
+@@ -161,7 +161,9 @@ static void au_init_fop_sp(struct file *
+ h_file = au_hf_top(file);
+ spin_lock(&p->spin);
+ if (!p->done) {
+- p->fop = *h_file->f_op;
++ pax_open_kernel();
++ memcpy((void *)&p->fop, h_file->f_op, sizeof(p->fop));
+ p->fop.owner = THIS_MODULE;
++ pax_close_kernel();
+ if (p->fop.aio_read)
+ p->fop.aio_read = aufs_aio_read_sp;