--- trunk/1.8.x/ccs-patch/README.ccs	2010/10/07 07:14:01	4049
+++ trunk/1.8.x/ccs-patch/README.ccs	2010/10/28 05:37:26	4096
@@ -2441,7 +2441,30 @@
       permissions (e.g. allow_env PATH if symlink.target="/"), it triggered
       NULL pointer dereference.
 
-Fix 2010/10/05
+Fix 2010/10/28
+
+    @ Fix umount() pathname calculation.
+
+      "mount --bind /path/to/file1 /path/to/file2" is legal.
+      Therefore, "umount /path/to/file2" is also legal.
+      Do not automatically append trailing '/' if pathname to be unmounted
+      does not end with '/'.
+
+    @ Add preserve KABI compatibility option. (2.6 kernels only)
+
+      TOMOYO needs "struct ccs_domain_info *" and "u32" for each
+      "struct task_struct". But embedding these variables into
+      "struct task_struct" breaks KABI for prebuilt kernel modules (which
+      means that you will need to rebuild prebuilt kernel modules).
+
+      Since KABI is commonly used (compared to 5 years ago), asking users to
+      rebuild kernel modules which are not included in kernel package is no
+      longer preferable. Therefore, I added a new option that keeps
+      "struct task_struct" unmodified in order to keep KABI.
+
+      Note that you have to use ccs-patch-2.6.\*.diff which patches
+      kernel/fork.c in order to use this option. Otherwise, TOMOYO will leak
+      memory whenever "struct task_struct" is released.
 
     @ Change directives.
 
@@ -2480,19 +2503,6 @@
       when you have to disable access control for recv() operation due to
       application breakage by discarding incoming datagram.
 
-    @ Wait for next connection/datagram if current connection/datagram was
-      discarded.
-
-      Regarding "network inet stream accept", "network inet dgram recv",
-      "network inet raw recv" directives, I modified to wait for next
-      connection/datagram if current connection/datagram was discarded.
-      LSM hooks for these directives are currently missing because this
-      behavior may break applications. If you found applications broken by
-      this behavior, you can set CONFIG::network::inet_stream_accept and/or
-      CONFIG::network::inet_dgram_recv and/or CONFIG::network::inet_raw_recv
-      to mode=disabled in order to only disable filtering for incoming
-      connection/datagram.
-
     @ Add Unix domain socket restriction support.
 
       Until now, it was possible to restrict only inet domain sockets (i.e.