Re: [PATCH] libselinux: allow link with -lfts

2017-02-21 Thread William Roberts
On Tue, Feb 21, 2017 at 10:58 AM, Natanael Copa wrote: > This makes it possible to build libselinux with the external libtfs for > systems which does not implement the non-standard fts. For example musl > libc. > > make FTS_LDFLAGS=-lfts The way this was done before for

[PATCH] libselinux: allow link with -lfts

2017-02-21 Thread Natanael Copa
This makes it possible to build libselinux with the external libtfs for systems which does not implement the non-standard fts. For example musl libc. make FTS_LDFLAGS=-lfts Signed-off-by: Natanael Copa --- libselinux/src/Makefile | 3 ++- 1 file changed, 2

Re: [PATCH] sepolgen: strip non-printable characters when parsing audit messages

2017-02-21 Thread James Carter
On 02/21/2017 09:41 AM, Vit Mojzis wrote: Strip the following characters \x1cFile Separator \x1dGroup Separator \x1eRecord Separator \x85Next Line (C1 Control Code) from audit message fields to make sure they are not evaluated as part of some identifier (eg. ausearch used insert

Re: [PATCH 1/1] libselinux, libsemanage: make PYPREFIX computation more robust

2017-02-21 Thread James Carter
On 02/19/2017 04:53 PM, Nicolas Iooss wrote: On systems where $PYTHON is python3.5 (instead of python2 or python3), pkg-config fails to find the Python package because it is named with a dash (e.g. python-3.5). Moreover the build system may have been using the pkg-config configuration files for

Re: [PATCH 2/5] libsepol/cil: destroy bitmap when __cil_permx_str_to_int() fails

2017-02-21 Thread James Carter
On 02/19/2017 05:30 AM, Nicolas Iooss wrote: When __cil_permx_to_bitmap() calls __cil_permx_str_to_int() on an invalid number, local variablt "bitmap" is left initialized when the function returns and its memory is leaked. This memory leak has been found by running clang's Address Sanitizer on

[PATCH] sepolgen: strip non-printable characters when parsing audit messages

2017-02-21 Thread Vit Mojzis
Strip the following characters \x1cFile Separator \x1dGroup Separator \x1eRecord Separator \x85Next Line (C1 Control Code) from audit message fields to make sure they are not evaluated as part of some identifier (eg. ausearch used insert \x1d into --raw output resulting in

Re: [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops

2017-02-21 Thread Tetsuo Handa
On 2017/02/19 19:04, Hoeun Ryu wrote: > It would be good that selinux hooks objects are marked as > `__ro_mostly_after_init`. They can not be simply marked as `__ro_after_init' > because they should be writable during selinux_disable procedure. > `__ro_mostly_after_init` section is temporarily

[RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops

2017-02-21 Thread Hoeun Ryu
It would be good that selinux hooks objects are marked as `__ro_mostly_after_init`. They can not be simply marked as `__ro_after_init' because they should be writable during selinux_disable procedure. `__ro_mostly_after_init` section is temporarily read-write during selinux_disable procedure via