Re: [PATCH 0/2] SELinux Netlabel updates
On Tuesday 17 July 2007 8:24:55 pm Linus Torvalds wrote: > On Tue, 17 Jul 2007, James Morris wrote: > > These are updated Netlabel/SELinux changes from Paul, reworked so that > > they don't break userspace. Michal says they work for him. Please apply > > for 2.6.23. > > They don't work AT ALL for me: > > security/selinux/ss/sidtab.o: In function `netlbl_enabled': > sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' > security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here > > Tssk. > > That dummy "netlbl_enabled()" should be "static inline", methinks. > > Also, that file has two blocks after each other of > > #ifdef CONFIG_NETLABEL > .. > #else > .. > #endif > > #ifdef CONFIG_NETLABEL > .. > #else > .. > #endif > > which might as well be cleaned up at the same time (and might have avoided > this bug, since then the people involved would have seen the _correct_ > example in the first version) Oh my. I'll fix this and get another version out to James and Michal tomorrow morning; I have to spend the rest of the night smacking myself in the forehead. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
On Wed, 18 Jul 2007, Michal Piotrowski wrote:
>
> Once again I tested both patches, build log shows only this
You clearly didn't test them with CONFIG_NETLABEL set to off, or you have
a buggy compiler.
You had
int netlbl_enabled(void)
{
return 0;
}
in a header file.
Now think for a moment what happens when that header file gets included
multiple times from different C files?
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
Linus Torvalds pisze: > > On Tue, 17 Jul 2007, James Morris wrote: >> These are updated Netlabel/SELinux changes from Paul, reworked so that >> they don't break userspace. Michal says they work for him. Please apply >> for 2.6.23. > > They don't work AT ALL for me: > > security/selinux/ss/sidtab.o: In function `netlbl_enabled': > sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' > security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here > > Tssk. Once again I tested both patches, build log shows only this Root device is (8, 1) Setup is 10264 bytes (padded to 10752 bytes). System is 2040 kB WARNING: vmlinux(.text+0xc1001183): Section mismatch: reference to .init.text:start_kernel (between 'is386' and 'check_x87') WARNING: vmlinux(.text+0xc126dafb): Section mismatch: reference to .init.text: (between 'rest_init' and 'kthreadd_setup') WARNING: vmlinux(.text+0xc1271a3b): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a48): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a54): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a60): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc126dc11): Section mismatch: reference to .init.text:__alloc_bootmem_node (between 'alloc_node_mem_ map' and 'zone_wait_table_init') WARNING: vmlinux(.text+0xc126dc9b): Section mismatch: reference to .init.text:__alloc_bootmem_node (between 'zone_wait_table _init' and '__sched_text_start') WARNING: vmlinux(.text+0xc1272252): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') gcc --version gcc (GCC) 4.1.2 20070502 (Red Hat 4.1.2-12) > > That dummy "netlbl_enabled()" should be "static inline", methinks. > > Also, that file has two blocks after each other of > > #ifdef CONFIG_NETLABEL > .. > #else > .. > #endif > > #ifdef CONFIG_NETLABEL > .. > #else > .. > #endif > > which might as well be cleaned up at the same time (and might have avoided > this bug, since then the people involved would have seen the _correct_ > example in the first version) > > Please fix up and ask me to pull again. Preferably by actually fixing up > the commit itself, so that we don't unnecessarily have revisions that > don't even compile and thus potentially screw up git-bisect attempts. > > Linus > Regards, Michal -- LOG http://www.stardust.webpages.pl/log/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
On Tue, 17 Jul 2007, James Morris wrote: > > These are updated Netlabel/SELinux changes from Paul, reworked so that > they don't break userspace. Michal says they work for him. Please apply > for 2.6.23. They don't work AT ALL for me: security/selinux/ss/sidtab.o: In function `netlbl_enabled': sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here Tssk. That dummy "netlbl_enabled()" should be "static inline", methinks. Also, that file has two blocks after each other of #ifdef CONFIG_NETLABEL .. #else .. #endif #ifdef CONFIG_NETLABEL .. #else .. #endif which might as well be cleaned up at the same time (and might have avoided this bug, since then the people involved would have seen the _correct_ example in the first version) Please fix up and ask me to pull again. Preferably by actually fixing up the commit itself, so that we don't unnecessarily have revisions that don't even compile and thus potentially screw up git-bisect attempts. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/2] SELinux Netlabel updates
Hi Linus, These are updated Netlabel/SELinux changes from Paul, reworked so that they don't break userspace. Michal says they work for him. Please apply for 2.6.23. The following changes since commit 489de30259e667d7bc47da9da44a0270b050cd97: Linus Torvalds (1): Merge branch 'merge' of git://git.kernel.org/.../paulus/powerpc are found in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-linus Paul Moore (2): SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel include/net/netlabel.h |6 +++ net/netlabel/netlabel_cipso_v4.c |5 +++ net/netlabel/netlabel_kapi.c | 21 net/netlabel/netlabel_mgmt.c | 65 ++ net/netlabel/netlabel_mgmt.h |5 +++ security/selinux/hooks.c | 21 ++-- security/selinux/netlabel.c | 49 7 files changed, 141 insertions(+), 31 deletions(-) -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/2] SELinux Netlabel updates
Hi Linus, These are updated Netlabel/SELinux changes from Paul, reworked so that they don't break userspace. Michal says they work for him. Please apply for 2.6.23. The following changes since commit 489de30259e667d7bc47da9da44a0270b050cd97: Linus Torvalds (1): Merge branch 'merge' of git://git.kernel.org/.../paulus/powerpc are found in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-linus Paul Moore (2): SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel include/net/netlabel.h |6 +++ net/netlabel/netlabel_cipso_v4.c |5 +++ net/netlabel/netlabel_kapi.c | 21 net/netlabel/netlabel_mgmt.c | 65 ++ net/netlabel/netlabel_mgmt.h |5 +++ security/selinux/hooks.c | 21 ++-- security/selinux/netlabel.c | 49 7 files changed, 141 insertions(+), 31 deletions(-) -- James Morris [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
On Tue, 17 Jul 2007, James Morris wrote: These are updated Netlabel/SELinux changes from Paul, reworked so that they don't break userspace. Michal says they work for him. Please apply for 2.6.23. They don't work AT ALL for me: security/selinux/ss/sidtab.o: In function `netlbl_enabled': sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here Tssk. That dummy netlbl_enabled() should be static inline, methinks. Also, that net/netlabel.h file has two blocks after each other of #ifdef CONFIG_NETLABEL .. #else .. #endif #ifdef CONFIG_NETLABEL .. #else .. #endif which might as well be cleaned up at the same time (and might have avoided this bug, since then the people involved would have seen the _correct_ example in the first version) Please fix up and ask me to pull again. Preferably by actually fixing up the commit itself, so that we don't unnecessarily have revisions that don't even compile and thus potentially screw up git-bisect attempts. Linus - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
Linus Torvalds pisze: On Tue, 17 Jul 2007, James Morris wrote: These are updated Netlabel/SELinux changes from Paul, reworked so that they don't break userspace. Michal says they work for him. Please apply for 2.6.23. They don't work AT ALL for me: security/selinux/ss/sidtab.o: In function `netlbl_enabled': sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here Tssk. Once again I tested both patches, build log shows only this Root device is (8, 1) Setup is 10264 bytes (padded to 10752 bytes). System is 2040 kB WARNING: vmlinux(.text+0xc1001183): Section mismatch: reference to .init.text:start_kernel (between 'is386' and 'check_x87') WARNING: vmlinux(.text+0xc126dafb): Section mismatch: reference to .init.text: (between 'rest_init' and 'kthreadd_setup') WARNING: vmlinux(.text+0xc1271a3b): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a48): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a54): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc1271a60): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') WARNING: vmlinux(.text+0xc126dc11): Section mismatch: reference to .init.text:__alloc_bootmem_node (between 'alloc_node_mem_ map' and 'zone_wait_table_init') WARNING: vmlinux(.text+0xc126dc9b): Section mismatch: reference to .init.text:__alloc_bootmem_node (between 'zone_wait_table _init' and '__sched_text_start') WARNING: vmlinux(.text+0xc1272252): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext') gcc --version gcc (GCC) 4.1.2 20070502 (Red Hat 4.1.2-12) That dummy netlbl_enabled() should be static inline, methinks. Also, that net/netlabel.h file has two blocks after each other of #ifdef CONFIG_NETLABEL .. #else .. #endif #ifdef CONFIG_NETLABEL .. #else .. #endif which might as well be cleaned up at the same time (and might have avoided this bug, since then the people involved would have seen the _correct_ example in the first version) Please fix up and ask me to pull again. Preferably by actually fixing up the commit itself, so that we don't unnecessarily have revisions that don't even compile and thus potentially screw up git-bisect attempts. Linus Regards, Michal -- LOG http://www.stardust.webpages.pl/log/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
On Wed, 18 Jul 2007, Michal Piotrowski wrote:
Once again I tested both patches, build log shows only this
You clearly didn't test them with CONFIG_NETLABEL set to off, or you have
a buggy compiler.
You had
int netlbl_enabled(void)
{
return 0;
}
in a header file.
Now think for a moment what happens when that header file gets included
multiple times from different C files?
Linus
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/2] SELinux Netlabel updates
On Tuesday 17 July 2007 8:24:55 pm Linus Torvalds wrote: On Tue, 17 Jul 2007, James Morris wrote: These are updated Netlabel/SELinux changes from Paul, reworked so that they don't break userspace. Michal says they work for him. Please apply for 2.6.23. They don't work AT ALL for me: security/selinux/ss/sidtab.o: In function `netlbl_enabled': sidtab.c:(.text+0x0): multiple definition of `netlbl_enabled' security/selinux/ss/ebitmap.o:ebitmap.c:(.text+0x0): first defined here Tssk. That dummy netlbl_enabled() should be static inline, methinks. Also, that net/netlabel.h file has two blocks after each other of #ifdef CONFIG_NETLABEL .. #else .. #endif #ifdef CONFIG_NETLABEL .. #else .. #endif which might as well be cleaned up at the same time (and might have avoided this bug, since then the people involved would have seen the _correct_ example in the first version) Oh my. I'll fix this and get another version out to James and Michal tomorrow morning; I have to spend the rest of the night smacking myself in the forehead. -- paul moore linux security @ hp - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
