Re: [PATCH] net: don't unnecessarily load kernel modules in dev_ioctl()

From: Paul Moore Date: Tue, 6 Mar 2018 17:32:47 -0500 > On Tue, Mar 6, 2018 at 5:27 PM, Paul Moore wrote: >> From: Paul Moore >> >> Starting with v4.16-rc1 we've been seeing a higher than usual number >> of requests for the kernel to

[PATCH] libsepol: Prevent freeing unitialized value in ibendport handling

Nicolas Iooss reports: In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is called to free the memory associated with tmp_key, which results in free() being called on uninitialized tmp_key->ibdev_name. This

Re: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work

On 03/06/2018 06:58 AM, Vit Mojzis wrote: > access() uses real UID instead of effective UID which causes false > negative checks in setuid programs. > Replace access(,F_OK) (i.e. tests for file existence) by stat(). > And access(,R_OK) by fopen(,"r") > > Fixes:

Re: [PATCH 1/3] libsepol: initialize tmp_key->ibdev_name if its allocation failed

On 03/05/2018 05:58 PM, Nicolas Iooss wrote: In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is called to free the memory associated with tmp_key, which results in free() being called on uninitialized

Re: [PATCH 2/3] libsepol: cil: show an error when cil_expr_to_string() fails

On 03/05/2018 05:58 PM, Nicolas Iooss wrote: cil_tree_print_expr() calls cil_expr_to_string() in order to compute a string expression into expr_str. If this function fails, expr_str is left unitialized but its value is dereferenced with: cil_log(CIL_INFO, "%s)", expr_str); Prevent such an

Re: [PATCH] net: don't unnecessarily load kernel modules in dev_ioctl()

On Tue, Mar 6, 2018 at 6:59 PM, Stephen Hemminger wrote: > On Tue, 06 Mar 2018 17:27:44 -0500 > Paul Moore wrote: >> From: Paul Moore >> >> Starting with v4.16-rc1 we've been seeing a higher than usual number >> of requests for

Re: [PATCH] net: don't unnecessarily load kernel modules in dev_ioctl()

On Tue, 06 Mar 2018 17:27:44 -0500 Paul Moore wrote: > From: Paul Moore > > Starting with v4.16-rc1 we've been seeing a higher than usual number > of requests for the kernel to load networking modules, even on events > which shouldn't trigger a module

[PATCH] python/sepolgen: fix typo in PolicyGenerator

--- python/sepolgen/src/sepolgen/policygen.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolgen/src/sepolgen/policygen.py b/python/sepolgen/src/sepolgen/policygen.py index 34c84010..ee664fb7 100644 --- a/python/sepolgen/src/sepolgen/policygen.py +++

Re: libsepol policycap names

On Wed, Mar 07, 2018 at 04:19:33PM +0800, Jason Zaman wrote: > On Mon, Mar 05, 2018 at 09:03:10AM -0500, Stephen Smalley wrote: > > On 03/02/2018 01:49 PM, Chris PeBenito wrote: > > > I've been able to make SETools dynamically link to libsepol.  However, > > > one challenge is with policycap

Re: libsepol policycap names

On Mon, Mar 05, 2018 at 09:03:10AM -0500, Stephen Smalley wrote: > On 03/02/2018 01:49 PM, Chris PeBenito wrote: > > I've been able to make SETools dynamically link to libsepol.  However, > > one challenge is with policycap names.  They're static libsepol, with > > nothing that exports them.  Can