--- zzzz-none-000/linux-2.6.19.2/net/unix/af_unix.c	2007-01-10 19:10:37.000000000 +0000
+++ davinci-8020-5505/linux-2.6.19.2/net/unix/af_unix.c	2007-07-09 11:04:04.000000000 +0000
@@ -116,6 +116,7 @@
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>
+#include <linux/grsecurity.h>
 
 int sysctl_unix_max_dgram_qlen __read_mostly = 10;
 
@@ -706,6 +707,11 @@
 		if (err)
 			goto put_fail;
 
+		if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) {
+			err = -EACCES;
+			goto put_fail;
+		}
+
 		err = -ECONNREFUSED;
 		if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
 			goto put_fail;
@@ -729,6 +735,13 @@
 		if (u) {
 			struct dentry *dentry;
 			dentry = unix_sk(u)->dentry;
+
+			if (!gr_handle_chroot_unix(u->sk_peercred.pid)) {
+				err = -EPERM;
+				sock_put(u);
+				goto fail;
+			}
+
 			if (dentry)
 				touch_atime(unix_sk(u)->mnt, dentry);
 		} else
@@ -807,9 +820,18 @@
 		 */
 		mode = S_IFSOCK |
 		       (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
+
+		if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) {
+			err = -EACCES;
+			goto out_mknod_dput;
+		}
+
 		err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
 		if (err)
 			goto out_mknod_dput;
+
+		gr_handle_create(dentry, nd.mnt);
+
 		mutex_unlock(&nd.dentry->d_inode->i_mutex);
 		dput(nd.dentry);
 		nd.dentry = dentry;
@@ -827,6 +849,10 @@
 			goto out_unlock;
 		}
 
+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
+		sk->sk_peercred.pid = current->pid;
+#endif
+
 		list = &unix_socket_table[addr->hash];
 	} else {
 		list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
@@ -1621,7 +1647,7 @@
 		if (UNIXCB(skb).fp)
 			siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
 	}
-	err = size;
+	err = (flags & MSG_TRUNC) ? skb->len : size;
 
 	scm_recv(sock, msg, siocb->scm, flags);