From: Paul Moore
This patch is based on a discussion generated by an earlier patch
from Tetsuo Handa:
* https://marc.info/?t=14903565931=1=2
The double free problem involves the mnt_opts field of the
security_mnt_opts struct, selinux_parse_opts_str() frees the memory
From: Richard Haines
Date: Mon, 5 Jun 2017 16:44:40 +0100
> When using CALIPSO with IPPROTO_UDP it is possible to trigger a GPF as the
> IP header may have moved.
>
> Also update the payload length after adding the CALIPSO option.
>
> Signed-off-by: Richard
On 05/10/2017 04:25 PM, James Carter wrote:
Commit 1089665e31a647a5f0ba2eabe8ac6232b384bed9 (Add attribute
expansion options) adds an expandattribute rule to the policy.conf
language which sets a type_datum flag. Currently the flag is used
only when writing out CIL policy from a policy.conf.
On Mon, Jun 5, 2017 at 5:10 AM, Junil Lee wrote:
> The allocated size for each ebitmap_node is 192byte by kzalloc().
> Then, ebitmap_node size is fixed, so it's possible to use only 144byte
> for each object by kmem_cache_zalloc().
> It can reduce some dynamic allocation
On Mon, Jun 5, 2017 at 11:45 AM, Scott Mayhew wrote:
> When an NFSv4 client performs a mount operation, it first mounts the
> NFSv4 root and then does path walk to the exported path and performs a
> submount on that, cloning the security mount options from the root's
>
On 6/5/2017 5:13 PM, Paul Moore wrote:
> On Tue, May 30, 2017 at 1:52 PM, Stephen Smalley wrote:
>> On Tue, 2017-05-30 at 17:40 +, Daniel Jurgens wrote:
>>> On 5/30/2017 12:05 PM, Stephen Smalley wrote:
On Tue, 2017-05-30 at 19:34 +0300, Dan Jurgens wrote:
> From:
On Mon, Jun 05, 2017 at 05:21:55PM -0400, Paul Moore wrote:
> On Mon, Jun 5, 2017 at 11:45 AM, Scott Mayhew wrote:
> > When an NFSv4 client performs a mount operation, it first mounts the
> > NFSv4 root and then does path walk to the exported path and performs a
> > submount