Re: [PATCH] Correctly detect unknown classes in sepol_string_to_security_class

Joshua Brindle wrote: Bail before running off the end of the class index This one correctly goes all the way to the end of the classes index, the last version did not. Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a Signed-off-by: Joshua Brindle ---

[PATCH] Correctly detect unknown classes in sepol_string_to_security_class

Bail before running off the end of the class index Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a Signed-off-by: Joshua Brindle --- libsepol/src/services.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/src/services.c

[PATCH 1/2] Modify audit2why analyze function to use loaded policy

Class and perms should come from the policy being used for analysis, not the system policy so use sepol_ interfaces Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561 Signed-off-by: Joshua Brindle --- libselinux/src/audit2why.c | 8 1 file changed, 4

[PATCH 2/2] Correctly detect unknown classes in sepol_string_to_security_class

Bail before running off the end of the class index Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a Signed-off-by: Joshua Brindle --- libsepol/src/services.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/src/services.c

Re: [RFC 1/2] selinux: Stop looking up dentries from inodes

On 06/01/2016 05:46 PM, Andreas Gruenbacher wrote: > On Wed, Jun 1, 2016 at 3:44 PM, Stephen Smalley wrote: >> On 05/31/2016 11:22 AM, Andreas Gruenbacher wrote: >>> With that fixed, could you possibly put this change to test? >> >> Falls over during boot in

Re: [PATCH] Modify audit2why analyze function to use loaded policy

Joshua Brindle wrote: Class and perms should come from the policy being used for analysis, not the system policy so use sepol_ interfaces Hrm, this solved my original problem which was that I was getting the wrong answer back from audit2why (classes in my policy that weren't in the system

Re: Possible problem with e6afc8ac ("udp: remove headers from UDP packets before queueing")

From: Eric Dumazet Date: Thu, 02 Jun 2016 19:58:26 -0700 > Arg, I totally messed up the patch title :( I noticed it was odd, but it's not a big deal. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to

Re: Possible problem with e6afc8ac ("udp: remove headers from UDP packets before queueing")

From: Eric Dumazet Date: Thu, 02 Jun 2016 14:52:43 -0700 > From: Eric Dumazet > > Paul Moore tracked a regression caused by a recent commit, which > mistakenly assumed that sk_filter() could be avoided if socket > had no current BPF filter. > > The

Re: Possible problem with e6afc8ac ("udp: remove headers from UDP packets before queueing")

From: Eric Dumazet Paul Moore tracked a regression caused by a recent commit, which mistakenly assumed that sk_filter() could be avoided if socket had no current BPF filter. The intent was to avoid udp_lib_checksum_complete() overhead. But sk_filter() also checks

Re: Possible problem with e6afc8ac ("udp: remove headers from UDP packets before queueing")

On Thu, 2016-06-02 at 17:36 -0400, Paul Moore wrote: > On Wed, Jun 1, 2016 at 4:44 PM, Stephen Smalley wrote: > > On 06/01/2016 03:18 PM, Eric Dumazet wrote: > >> On Wed, 2016-06-01 at 15:01 -0400, Paul Moore wrote: > >>> Hello, > >>> > >>> I'm currently trying to debug a