date:20180416

Re: [PATCH] security: selinux: Change return type to vm_fault_t

2018-04-16 Thread Paul Moore

On Sat, Apr 14, 2018 at 11:32 AM, Souptick Joarder  wrote:
> Use new return type vm_fault_t for fault handler
> in struct vm_operations_struct.
>
> Signed-off-by: Souptick Joarder 
> Reviewed-by: Matthew Wilcox 
> ---
>  security/selinux/selinuxfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Merged, thanks.

> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 00eed84..dfc31c6 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -418,7 +418,7 @@ static ssize_t sel_read_policy(struct file *filp, char 
> __user *buf,
> return ret;
>  }
>
> -static int sel_mmap_policy_fault(struct vm_fault *vmf)
> +static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
>  {
> struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
> unsigned long offset;
> --
> 1.9.1

-- 
paul moore
www.paul-moore.com

SELinux next branch rebased to v4.17-rc1

2018-04-16 Thread Paul Moore

A quick heads-up that selinux/next has been rebased on top of Linus'
latest and greatest.  No need to rebase patches that you've already
sent to the list, but please use selinux/next (or v4.17-rc1) for any
new work.

Thanks.

-- 
paul moore
www.paul-moore.com

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

2018-04-16 Thread Steve Grubb

On Monday, April 16, 2018 10:11:01 AM EDT Richard Guy Briggs wrote:
> On 2018-04-16 09:26, Ondrej Mosnacek wrote:
> > 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
> > > There were two formats of the audit MAC_STATUS record, one of which was
> > > more standard than the other.  One listed enforcing status changes and
> > > the other listed enabled status changes with a non-standard label.  In
> > > addition, the record was missing information about which LSM was
> > > responsible and the operation's completion status.  While this record
> > > is
> > > only issued on success, the parser expects the res= field to be
> > > present.
> > > 
> > > old enforcing/permissive:
> > > type=MAC_STATUS msg=audit(1523312831.378:24514): enforcing=0
> > > old_enforcing=1 auid=0 ses=1 old enable/disable:
> > > type=MAC_STATUS msg=audit(1523312831.378:24514): selinux=0 auid=0 ses=1
> > > 
> > > List both sets of status and old values and add the lsm= field and the
> > > res= field.
> > > 
> > > Here is the new format:
> > > type=MAC_STATUS msg=audit(1523293828.657:891): enforcing=0
> > > old_enforcing=1 auid=0 ses=1 enabled=1 old-enabled=1 lsm=selinux res=1
> > > 
> > > This record already accompanied a SYSCALL record.
> > > 
> > > See: https://github.com/linux-audit/audit-kernel/issues/46
> > > Signed-off-by: Richard Guy Briggs 
> > > ---
> > > 
> > >  security/selinux/selinuxfs.c | 11 +++
> > >  1 file changed, 7 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/security/selinux/selinuxfs.c
> > > b/security/selinux/selinuxfs.c
> > > index 00eed84..00b21b2 100644
> > > --- a/security/selinux/selinuxfs.c
> > > +++ b/security/selinux/selinuxfs.c
> > > @@ -145,10 +145,11 @@ static ssize_t sel_write_enforce(struct file
> > > *file, const char __user *buf,> > 
> > > if (length)
> > > 
> > > goto out;
> > > 
> > > audit_log(current->audit_context, GFP_KERNEL,
> > > AUDIT_MAC_STATUS,
> > > 
> > > -   "enforcing=%d old_enforcing=%d auid=%u ses=%u",
> > > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> > > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
> > 
> > This is just a tiny nit but why does "old_enforcing" use an underscore
> > and "old-enabled" a dash? Shouldn't the style be consistent across
> > fields?

Well, we have this thing called the field dictionary:

https://github.com/linux-audit/audit-documentation/blob/master/specs/fields/
field-dictionary.csv

If a field exists, we should reuse it and follow the exact formatting for the 
value side. In this case, old_enforcing is in the dictionary. So, it should 
be used.

> Yes, but my understanding is a preference for underscore, and not to
> change existing field names.
> 
> Steve?

When you are gluing 2 words together, I prefer a dash. But, in this case we 
alreday have precedent that the field name exists, so we should reuse it.

-Steve

> > Just my two cents...
> 
> These details are worth noticing, thank you.
> 
> > > new_value, selinux_enforcing,
> > > from_kuid(_user_ns,
> > > audit_get_loginuid(current)),
> > > 
> > > -   audit_get_sessionid(current));
> > > +   audit_get_sessionid(current), selinux_enabled,
> > > selinux_enabled);> > 
> > > selinux_enforcing = new_value;
> > > if (selinux_enforcing)
> > > 
> > > avc_ss_reset(0);
> > > 
> > > @@ -272,9 +273,11 @@ static ssize_t sel_write_disable(struct file
> > > *file, const char __user *buf,> > 
> > > if (length)
> > > 
> > > goto out;
> > > 
> > > audit_log(current->audit_context, GFP_KERNEL,
> > > AUDIT_MAC_STATUS,
> > > 
> > > -   "selinux=0 auid=%u ses=%u",
> > > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> > > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
> > > +   selinux_enforcing, selinux_enforcing,
> > 
> > ^ also here
> > 
> > > from_kuid(_user_ns,
> > > audit_get_loginuid(current)),
> > > 
> > > -   audit_get_sessionid(current));
> > > +   audit_get_sessionid(current), 0, 1);
> > > 
> > > }
> > > 
> > > length = count;
> > 
> > Ondrej Mosnacek 
> 
> - RGB
> 
> --
> Richard Guy Briggs 
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635
> 
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 5/5] libselinux: remove unused variable usercon

2018-04-16 Thread jwcart2


On 04/16/2018 11:30 AM, William Roberts wrote:

On Mon, Apr 16, 2018 at 5:34 AM, Stephen Smalley  wrote:

On 04/13/2018 08:40 PM, William Roberts wrote:

In general this series looks fine.

However, checkpatch.pl is complaining about DOS line endings in your patches:

For example:
ERROR: DOS line endings
#325: FILE: libselinux/src/label_file.h:281:
+^I^Iint alloc_stems = data->alloc_stems * 2 + 16;^M$


If needed, dos2unix can be used to strip them. However, I think git am takes 
care of this for you.



FYI your patches are staged here:
https://github.com/SELinuxProject/selinux/pull/93

If no one nacks them, ill merge latter this week. Thanks.



These patches look good to me.

Thanks,
Jim







On Fri, Apr 13, 2018 at 1:34 PM, Nicolas Iooss  wrote:

In getconlist.c, main() does not use usercon. Remove this variable.

Signed-off-by: Nicolas Iooss 
---
  libselinux/utils/getconlist.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
index abfe2c742bfb..5ac0ca85075c 100644
--- a/libselinux/utils/getconlist.c
+++ b/libselinux/utils/getconlist.c
@@ -19,7 +19,7 @@ static __attribute__ ((__noreturn__)) void usage(const char 
*name, const char *d

  int main(int argc, char **argv)
  {
-   char **list, *usercon = NULL, *cur_context = NULL;
+   char **list, *cur_context = NULL;
 char *user = NULL, *level = NULL;
 int ret, i, opt;

@@ -69,7 +69,6 @@ int main(int argc, char **argv)
 freeconary(list);
 }

-   free(usercon);
 free(level);

 return 0;
--
2.17.0












--
James Carter 
National Security Agency

Re: [PATCH 5/5] libselinux: remove unused variable usercon

2018-04-16 Thread William Roberts

On Mon, Apr 16, 2018 at 5:34 AM, Stephen Smalley  wrote:
> On 04/13/2018 08:40 PM, William Roberts wrote:
>> In general this series looks fine.
>>
>> However, checkpatch.pl is complaining about DOS line endings in your patches:
>>
>> For example:
>> ERROR: DOS line endings
>> #325: FILE: libselinux/src/label_file.h:281:
>> +^I^Iint alloc_stems = data->alloc_stems * 2 + 16;^M$
>
> If needed, dos2unix can be used to strip them. However, I think git am takes 
> care of this for you.
>

FYI your patches are staged here:
https://github.com/SELinuxProject/selinux/pull/93

If no one nacks them, ill merge latter this week. Thanks.

>>
>>
>>
>>
>>
>> On Fri, Apr 13, 2018 at 1:34 PM, Nicolas Iooss  wrote:
>>> In getconlist.c, main() does not use usercon. Remove this variable.
>>>
>>> Signed-off-by: Nicolas Iooss 
>>> ---
>>>  libselinux/utils/getconlist.c | 3 +--
>>>  1 file changed, 1 insertion(+), 2 deletions(-)
>>>
>>> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
>>> index abfe2c742bfb..5ac0ca85075c 100644
>>> --- a/libselinux/utils/getconlist.c
>>> +++ b/libselinux/utils/getconlist.c
>>> @@ -19,7 +19,7 @@ static __attribute__ ((__noreturn__)) void usage(const 
>>> char *name, const char *d
>>>
>>>  int main(int argc, char **argv)
>>>  {
>>> -   char **list, *usercon = NULL, *cur_context = NULL;
>>> +   char **list, *cur_context = NULL;
>>> char *user = NULL, *level = NULL;
>>> int ret, i, opt;
>>>
>>> @@ -69,7 +69,6 @@ int main(int argc, char **argv)
>>> freeconary(list);
>>> }
>>>
>>> -   free(usercon);
>>> free(level);
>>>
>>> return 0;
>>> --
>>> 2.17.0
>>>
>>>
>>
>

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

2018-04-16 Thread Ondrej Mosnacek

2018-04-16 16:11 GMT+02:00 Richard Guy Briggs :
> On 2018-04-16 09:26, Ondrej Mosnacek wrote:
>> 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
>> > There were two formats of the audit MAC_STATUS record, one of which was 
>> > more
>> > standard than the other.  One listed enforcing status changes and the
>> > other listed enabled status changes with a non-standard label.  In
>> > addition, the record was missing information about which LSM was
>> > responsible and the operation's completion status.  While this record is
>> > only issued on success, the parser expects the res= field to be present.
>> >
>> > old enforcing/permissive:
>> > type=MAC_STATUS msg=audit(1523312831.378:24514): enforcing=0 
>> > old_enforcing=1 auid=0 ses=1
>> > old enable/disable:
>> > type=MAC_STATUS msg=audit(1523312831.378:24514): selinux=0 auid=0 ses=1
>> >
>> > List both sets of status and old values and add the lsm= field and the
>> > res= field.
>> >
>> > Here is the new format:
>> > type=MAC_STATUS msg=audit(1523293828.657:891): enforcing=0 old_enforcing=1 
>> > auid=0 ses=1 enabled=1 old-enabled=1 lsm=selinux res=1
>> >
>> > This record already accompanied a SYSCALL record.
>> >
>> > See: https://github.com/linux-audit/audit-kernel/issues/46
>> > Signed-off-by: Richard Guy Briggs 
>> > ---
>> >  security/selinux/selinuxfs.c | 11 +++
>> >  1 file changed, 7 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
>> > index 00eed84..00b21b2 100644
>> > --- a/security/selinux/selinuxfs.c
>> > +++ b/security/selinux/selinuxfs.c
>> > @@ -145,10 +145,11 @@ static ssize_t sel_write_enforce(struct file *file, 
>> > const char __user *buf,
>> > if (length)
>> > goto out;
>> > audit_log(current->audit_context, GFP_KERNEL, 
>> > AUDIT_MAC_STATUS,
>> > -   "enforcing=%d old_enforcing=%d auid=%u ses=%u",
>> > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>> > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
>>
>> This is just a tiny nit but why does "old_enforcing" use an underscore
>> and "old-enabled" a dash? Shouldn't the style be consistent across
>> fields?
>
> Yes, but my understanding is a preference for underscore, and not to
> change existing field names.

Ah, I just noticed that the field is already used elsewhere in the
code, so it makes sense to keep it the same. I thought at first that
it is just a typo.

>
> Steve?
>
>> Just my two cents...
>
> These details are worth noticing, thank you.
>
>> > new_value, selinux_enforcing,
>> > from_kuid(_user_ns, 
>> > audit_get_loginuid(current)),
>> > -   audit_get_sessionid(current));
>> > +   audit_get_sessionid(current), selinux_enabled, 
>> > selinux_enabled);
>> > selinux_enforcing = new_value;
>> > if (selinux_enforcing)
>> > avc_ss_reset(0);
>> > @@ -272,9 +273,11 @@ static ssize_t sel_write_disable(struct file *file, 
>> > const char __user *buf,
>> > if (length)
>> > goto out;
>> > audit_log(current->audit_context, GFP_KERNEL, 
>> > AUDIT_MAC_STATUS,
>> > -   "selinux=0 auid=%u ses=%u",
>> > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>> > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
>> > +   selinux_enforcing, selinux_enforcing,
>>
>> ^ also here
>>
>> > from_kuid(_user_ns, 
>> > audit_get_loginuid(current)),
>> > -   audit_get_sessionid(current));
>> > +   audit_get_sessionid(current), 0, 1);
>> > }
>> >
>> > length = count;
>>
>> Ondrej Mosnacek 
>
> - RGB
>
> --
> Richard Guy Briggs 
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635

-- 
Ondrej Mosnacek 
Associate Software Engineer, Security Technologies
Red Hat, Inc.

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

2018-04-16 Thread Richard Guy Briggs

On 2018-04-16 09:26, Ondrej Mosnacek wrote:
> 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
> > There were two formats of the audit MAC_STATUS record, one of which was more
> > standard than the other.  One listed enforcing status changes and the
> > other listed enabled status changes with a non-standard label.  In
> > addition, the record was missing information about which LSM was
> > responsible and the operation's completion status.  While this record is
> > only issued on success, the parser expects the res= field to be present.
> >
> > old enforcing/permissive:
> > type=MAC_STATUS msg=audit(1523312831.378:24514): enforcing=0 
> > old_enforcing=1 auid=0 ses=1
> > old enable/disable:
> > type=MAC_STATUS msg=audit(1523312831.378:24514): selinux=0 auid=0 ses=1
> >
> > List both sets of status and old values and add the lsm= field and the
> > res= field.
> >
> > Here is the new format:
> > type=MAC_STATUS msg=audit(1523293828.657:891): enforcing=0 old_enforcing=1 
> > auid=0 ses=1 enabled=1 old-enabled=1 lsm=selinux res=1
> >
> > This record already accompanied a SYSCALL record.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/46
> > Signed-off-by: Richard Guy Briggs 
> > ---
> >  security/selinux/selinuxfs.c | 11 +++
> >  1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> > index 00eed84..00b21b2 100644
> > --- a/security/selinux/selinuxfs.c
> > +++ b/security/selinux/selinuxfs.c
> > @@ -145,10 +145,11 @@ static ssize_t sel_write_enforce(struct file *file, 
> > const char __user *buf,
> > if (length)
> > goto out;
> > audit_log(current->audit_context, GFP_KERNEL, 
> > AUDIT_MAC_STATUS,
> > -   "enforcing=%d old_enforcing=%d auid=%u ses=%u",
> > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
> 
> This is just a tiny nit but why does "old_enforcing" use an underscore
> and "old-enabled" a dash? Shouldn't the style be consistent across
> fields?

Yes, but my understanding is a preference for underscore, and not to
change existing field names.

Steve?

> Just my two cents...

These details are worth noticing, thank you.

> > new_value, selinux_enforcing,
> > from_kuid(_user_ns, 
> > audit_get_loginuid(current)),
> > -   audit_get_sessionid(current));
> > +   audit_get_sessionid(current), selinux_enabled, 
> > selinux_enabled);
> > selinux_enforcing = new_value;
> > if (selinux_enforcing)
> > avc_ss_reset(0);
> > @@ -272,9 +273,11 @@ static ssize_t sel_write_disable(struct file *file, 
> > const char __user *buf,
> > if (length)
> > goto out;
> > audit_log(current->audit_context, GFP_KERNEL, 
> > AUDIT_MAC_STATUS,
> > -   "selinux=0 auid=%u ses=%u",
> > +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> > +   " enabled=%d old-enabled=%d lsm=selinux res=1",
> > +   selinux_enforcing, selinux_enforcing,
> 
> ^ also here
> 
> > from_kuid(_user_ns, 
> > audit_get_loginuid(current)),
> > -   audit_get_sessionid(current));
> > +   audit_get_sessionid(current), 0, 1);
> > }
> >
> > length = count;
> 
> Ondrej Mosnacek 

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

[PATCH] security: selinux: Change return type to vm_fault_t

2018-04-16 Thread Souptick Joarder

Use new return type vm_fault_t for fault handler
in struct vm_operations_struct.

Signed-off-by: Souptick Joarder 
Reviewed-by: Matthew Wilcox 
---
 security/selinux/selinuxfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 00eed84..dfc31c6 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -418,7 +418,7 @@ static ssize_t sel_read_policy(struct file *filp, char 
__user *buf,
return ret;
 }

-static int sel_mmap_policy_fault(struct vm_fault *vmf)
+static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
 {
struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
unsigned long offset;
--
1.9.1

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

2018-04-16 Thread Ondrej Mosnacek

2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
> There were two formats of the audit MAC_STATUS record, one of which was more
> standard than the other.  One listed enforcing status changes and the
> other listed enabled status changes with a non-standard label.  In
> addition, the record was missing information about which LSM was
> responsible and the operation's completion status.  While this record is
> only issued on success, the parser expects the res= field to be present.
>
> old enforcing/permissive:
> type=MAC_STATUS msg=audit(1523312831.378:24514): enforcing=0 old_enforcing=1 
> auid=0 ses=1
> old enable/disable:
> type=MAC_STATUS msg=audit(1523312831.378:24514): selinux=0 auid=0 ses=1
>
> List both sets of status and old values and add the lsm= field and the
> res= field.
>
> Here is the new format:
> type=MAC_STATUS msg=audit(1523293828.657:891): enforcing=0 old_enforcing=1 
> auid=0 ses=1 enabled=1 old-enabled=1 lsm=selinux res=1
>
> This record already accompanied a SYSCALL record.
>
> See: https://github.com/linux-audit/audit-kernel/issues/46
> Signed-off-by: Richard Guy Briggs 
> ---
>  security/selinux/selinuxfs.c | 11 +++
>  1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 00eed84..00b21b2 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -145,10 +145,11 @@ static ssize_t sel_write_enforce(struct file *file, 
> const char __user *buf,
> if (length)
> goto out;
> audit_log(current->audit_context, GFP_KERNEL, 
> AUDIT_MAC_STATUS,
> -   "enforcing=%d old_enforcing=%d auid=%u ses=%u",
> +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> +   " enabled=%d old-enabled=%d lsm=selinux res=1",

This is just a tiny nit but why does "old_enforcing" use an underscore
and "old-enabled" a dash? Shouldn't the style be consistent across
fields?

Just my two cents...

> new_value, selinux_enforcing,
> from_kuid(_user_ns, audit_get_loginuid(current)),
> -   audit_get_sessionid(current));
> +   audit_get_sessionid(current), selinux_enabled, 
> selinux_enabled);
> selinux_enforcing = new_value;
> if (selinux_enforcing)
> avc_ss_reset(0);
> @@ -272,9 +273,11 @@ static ssize_t sel_write_disable(struct file *file, 
> const char __user *buf,
> if (length)
> goto out;
> audit_log(current->audit_context, GFP_KERNEL, 
> AUDIT_MAC_STATUS,
> -   "selinux=0 auid=%u ses=%u",
> +   "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> +   " enabled=%d old-enabled=%d lsm=selinux res=1",
> +   selinux_enforcing, selinux_enforcing,

^ also here

> from_kuid(_user_ns, audit_get_loginuid(current)),
> -   audit_get_sessionid(current));
> +   audit_get_sessionid(current), 0, 1);
> }
>
> length = count;
> --
> 1.8.3.1
>
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

-- 
Ondrej Mosnacek 
Associate Software Engineer, Security Technologies
Red Hat, Inc.

Re: [PATCH 5/5] libselinux: remove unused variable usercon

2018-04-16 Thread Stephen Smalley

On 04/13/2018 08:40 PM, William Roberts wrote:
> In general this series looks fine.
> 
> However, checkpatch.pl is complaining about DOS line endings in your patches:
> 
> For example:
> ERROR: DOS line endings
> #325: FILE: libselinux/src/label_file.h:281:
> +^I^Iint alloc_stems = data->alloc_stems * 2 + 16;^M$

If needed, dos2unix can be used to strip them. However, I think git am takes 
care of this for you.

> 
> 
> 
> 
> 
> On Fri, Apr 13, 2018 at 1:34 PM, Nicolas Iooss  wrote:
>> In getconlist.c, main() does not use usercon. Remove this variable.
>>
>> Signed-off-by: Nicolas Iooss 
>> ---
>>  libselinux/utils/getconlist.c | 3 +--
>>  1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
>> index abfe2c742bfb..5ac0ca85075c 100644
>> --- a/libselinux/utils/getconlist.c
>> +++ b/libselinux/utils/getconlist.c
>> @@ -19,7 +19,7 @@ static __attribute__ ((__noreturn__)) void usage(const 
>> char *name, const char *d
>>
>>  int main(int argc, char **argv)
>>  {
>> -   char **list, *usercon = NULL, *cur_context = NULL;
>> +   char **list, *cur_context = NULL;
>> char *user = NULL, *level = NULL;
>> int ret, i, opt;
>>
>> @@ -69,7 +69,6 @@ int main(int argc, char **argv)
>> freeconary(list);
>> }
>>
>> -   free(usercon);
>> free(level);
>>
>> return 0;
>> --
>> 2.17.0
>>
>>
>

Re: [PATCH] security: selinux: Change return type to vm_fault_t

SELinux next branch rebased to v4.17-rc1

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

Re: [PATCH 5/5] libselinux: remove unused variable usercon

Re: [PATCH 5/5] libselinux: remove unused variable usercon

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

[PATCH] security: selinux: Change return type to vm_fault_t

Re: [PATCH ghak46 V1] audit: normalize MAC_STATUS record

Re: [PATCH 5/5] libselinux: remove unused variable usercon

10 matches

Site Navigation

Mail list logo

Footer information