[RFC PATCH] selinux: fix double free in selinux_parse_opts_str()

From: Paul Moore This patch is based on a discussion generated by an earlier patch from Tetsuo Handa: * https://marc.info/?t=14903565931=1=2 The double free problem involves the mnt_opts field of the security_mnt_opts struct, selinux_parse_opts_str() frees the memory

Re: [PATCH] net/ipv6: Fix CALIPSO causing GPF with datagram support

From: Richard Haines Date: Mon, 5 Jun 2017 16:44:40 +0100 > When using CALIPSO with IPPROTO_UDP it is possible to trigger a GPF as the > IP header may have moved. > > Also update the payload length after adding the CALIPSO option. > > Signed-off-by: Richard

Re: [PATCH v2] libsepol: Expand attributes with TYPE_FLAGS_EXPAND_ATTR_TRUE set

On 05/10/2017 04:25 PM, James Carter wrote: Commit 1089665e31a647a5f0ba2eabe8ac6232b384bed9 (Add attribute expansion options) adds an expandattribute rule to the policy.conf language which sets a type_datum flag. Currently the flag is used only when writing out CIL policy from a policy.conf.

Re: [PATCH] security: selinux: use kmem_cache for ebitmap

On Mon, Jun 5, 2017 at 5:10 AM, Junil Lee wrote: > The allocated size for each ebitmap_node is 192byte by kzalloc(). > Then, ebitmap_node size is fixed, so it's possible to use only 144byte > for each object by kmem_cache_zalloc(). > It can reduce some dynamic allocation

Re: [PATCH v3] security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior

On Mon, Jun 5, 2017 at 11:45 AM, Scott Mayhew wrote: > When an NFSv4 client performs a mount operation, it first mounts the > NFSv4 root and then does path walk to the exported path and performs a > submount on that, cloning the security mount options from the root's >

Re: [PATCH v2 2/2] selinux-testsuite: Infiniband endport tests

On 6/5/2017 5:13 PM, Paul Moore wrote: > On Tue, May 30, 2017 at 1:52 PM, Stephen Smalley wrote: >> On Tue, 2017-05-30 at 17:40 +, Daniel Jurgens wrote: >>> On 5/30/2017 12:05 PM, Stephen Smalley wrote: On Tue, 2017-05-30 at 19:34 +0300, Dan Jurgens wrote: > From:

Re: [PATCH v3] security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior

On Mon, Jun 05, 2017 at 05:21:55PM -0400, Paul Moore wrote: > On Mon, Jun 5, 2017 at 11:45 AM, Scott Mayhew wrote: > > When an NFSv4 client performs a mount operation, it first mounts the > > NFSv4 root and then does path walk to the exported path and performs a > > submount