On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell <[email protected]> wrote: > Hi all, > > On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley > <[email protected]> wrote: > > > > Fix can be found at:https://patchwork.kernel.org/patch/11724203/ > > <https://patchwork.kernel.org/patch/11724203/> > > Thanks. > > I will add that to the selinux tree merge in linux-next until it turns > up in the tree.
FYI, I just merged that patch into the selinux/next tree. commit 37ea433c66070fcef09c6d118492c36299eb72ba Author: Stephen Smalley <[email protected]> Date: Wed Aug 19 09:45:41 2020 -0400 selinux: avoid dereferencing the policy prior to initialization Certain SELinux security server functions (e.g. security_port_sid, called during bind) were not explicitly testing to see if SELinux has been initialized (i.e. initial policy loaded) and handling the no-policy-loaded case. In the past this happened to work because the policydb was statically allocated and could always be accessed, but with the recent encapsulation of policy state and conversion to dynamic allocation, we can no longer access the policy state prior to initialization. Add a test of !selinux_initialized(state) to all of the exported functions that were missing them and handle appropriately. Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...") Reported-by: Naresh Kamboju <[email protected]> Tested-by: Andy Shevchenko <[email protected]> Signed-off-by: Stephen Smalley <[email protected]> Signed-off-by: Paul Moore <[email protected]> -- paul moore www.paul-moore.com
