On Mon, 5 Mar 2018, Stephen Smalley wrote:
> Wrap the AVC state within the selinux_state structure and
> pass it explicitly to all AVC functions. The AVC private state
> is encapsulated in a selinux_avc structure that is referenced
> from the selinux_state.
>
> This change should have no effect
On Mon, 5 Mar 2018, Stephen Smalley wrote:
> Move global selinuxfs state to a per-instance structure (selinux_fs_info),
> and include a pointer to the selinux_state in this structure.
> Pass this selinux_state to all security server operations, thereby
> ensuring that each selinuxfs instance
In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name()
fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is
called to free the memory associated with tmp_key, which results in
free() being called on uninitialized tmp_key->ibdev_name.
This issue is reported by
cil_tree_print_expr() calls cil_expr_to_string() in order to compute a
string expression into expr_str. If this function fails, expr_str is
left unitialized but its value is dereferenced with:
cil_log(CIL_INFO, "%s)", expr_str);
Prevent such an issue by checking cil_expr_to_string()'s return
clang's static analyzer reports an out-of-bound array access in
semanage_user_roles() when num_roles is zero, with the following
statement:
strcpy(roles,roles_arr[0]);
When num_roles is zero, roles_arr[0] is not uninitialized and roles is
the result of malloc(0) so this strcpy is dangerous.
Wrap the AVC state within the selinux_state structure and
pass it explicitly to all AVC functions. The AVC private state
is encapsulated in a selinux_avc structure that is referenced
from the selinux_state.
This change should have no effect on SELinux behavior or
APIs (userspace or LSM).
Move global selinuxfs state to a per-instance structure (selinux_fs_info),
and include a pointer to the selinux_state in this structure.
Pass this selinux_state to all security server operations, thereby
ensuring that each selinuxfs instance presents a view of and acts
as an interface to a
On 03/02/2018 01:49 PM, Chris PeBenito wrote:
> I've been able to make SETools dynamically link to libsepol. However,
> one challenge is with policycap names. They're static libsepol, with
> nothing that exports them. Can we either:
>
> * export the sepol_polcap_getname() function, or
> * move
On Fri, Mar 02, 2018 at 07:54:34PM +, Richard Haines wrote:
> Fix the following error when running regression tests using LTP as follows:
> cd /opt/ltp/
> cat runtest/syscalls |grep connect01>runtest/connect-syscall
> ./runltp -pq -f connect-syscall
>
> Running tests...
> connect011
Fix the following error when running regression tests using LTP as follows:
cd /opt/ltp/
cat runtest/syscalls |grep connect01>runtest/connect-syscall
./runltp -pq -f connect-syscall
Running tests...
connect011 TPASS : bad file descriptor successful
connect012 TPASS : invalid
On Fri, Mar 2, 2018 at 2:54 PM, Richard Haines
wrote:
> Fix the following error when running regression tests using LTP as follows:
> cd /opt/ltp/
> cat runtest/syscalls |grep connect01>runtest/connect-syscall
> ./runltp -pq -f connect-syscall
>
> Running
11 matches
Mail list logo