Re: [PATCH] libselinux: clean up process file

Also, there are some memory leaks in there; run it under valgrind, e.g. valgrind --leak-check=full matchpathcon /etc >>> >>> OK I'll run that test. > > I cant reproduce: bad send... Can you send your valgrind output? Are you sure its not there prior to my patch? The only heap alloc

Re: [PATCH v3 0/9] SELinux support for Infiniband RDMA

On 9/6/2016 3:02 PM, Jason Gunthorpe wrote: > On Thu, Sep 01, 2016 at 02:06:46PM -0400, Paul Moore wrote: > >> Jason and/or Daniel, I think it would be helpful if you could explain >> both the InifiniBand and IP based approaches for those of us who know >> SELinux, but not necessarily the RDMA and

Re: [PATCH] libselinux: clean up process file

On Tue, Sep 6, 2016 at 1:22 PM, Stephen Smalley wrote: > On 09/06/2016 04:06 PM, William Roberts wrote: >> On Sep 6, 2016 13:01, "Stephen Smalley" > > wrote: >>> >>> On 09/06/2016 11:51 AM, william.c.robe...@intel.com >>

Re: [PATCH 0/3] Make libsepol tests pass again

On 08/27/2016 05:21 AM, Nicolas Iooss wrote: > Hello, > > A few months ago I saw that "make -C libsepol test" succeeded even > though it displayed what looked like a failure: > > ./libsepol-tests > CUnit - A unit testing framework for C - Version 2.1-3 >

[PATCH] genhomedircon: remove hardcoded refpolicy strings

Removes the "system_u" and "s0" string literals from refpolicy and replaces the seuser and range in each homedir, uid, and username context specification for every user. Signed-off-by: Gary Tierney --- libsemanage/src/genhomedircon.c | 79

[PATCH] remove system_u and s0 hardcoded strings

This patch removes the search and replacement for "system_u" and "s0" by instead looking for a valid context and replacing the user and MLS/MCS range where appropriate. This allows using genhomedircon with alternative policies that don't name the system seuser "system_u" or declare users in a CIL

Re: [PATCH] libsepol: Produce more meaningful error messages for conflicting type rules

Hello. I received no feedback on this. I still believe it is a very useful patch, because at the moment it is very hard to track down the error from the error message. Guido On Sat, 27/08/2016 at 14.44 +0200, Guido Trentalancia wrote: > Produce more meaningful error messages when conflicting

[PATCH] libselinux: clean up process file

From: William Roberts The current process_file() code will open the file twice on the case of a binary file, correct this. The general flow through process_file() was a bit difficult to read, streamline the routine to be more readable. Detailed statistics of before

Re: [PATCH] libsepol: Produce more meaningful error messages for conflicting type rules

On 09/06/2016 10:20 AM, Guido Trentalancia wrote: Hello. I received no feedback on this. I still believe it is a very useful patch, because at the moment it is very hard to track down the error from the error message. Guido On Sat, 27/08/2016 at 14.44 +0200, Guido Trentalancia wrote:

Re: [PATCH] [RFC] nodups_specs: speedup

On 08/29/2016 12:22 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > I noticed, via gprof, that the time spent in nodups_specs() > accounts for 100% of the label_open() call. > > It seems as though the N^2 comparison using strcmp is very > slow. >

Re: [PATCH] libselinux: clean up process file

On 09/06/2016 11:51 AM, william.c.robe...@intel.com wrote: > From: William Roberts > > The current process_file() code will open the file > twice on the case of a binary file, correct this. > > The general flow through process_file() was a bit > difficult to read,

Re: [PATCH] libselinux: clean up process file

On Sep 6, 2016 13:01, "Stephen Smalley" wrote: > > On 09/06/2016 11:51 AM, william.c.robe...@intel.com wrote: > > From: William Roberts > > > > The current process_file() code will open the file > > twice on the case of a binary file, correct

Re: [PATCH] [RFC] nodups_specs: speedup

On Sep 6, 2016 11:58, "Stephen Smalley" wrote: > > On 08/29/2016 12:22 PM, william.c.robe...@intel.com wrote: > > From: William Roberts > > > > I noticed, via gprof, that the time spent in nodups_specs() > > accounts for 100% of the label_open()

Re: [PATCH] libselinux: clean up process file

On 09/06/2016 04:06 PM, William Roberts wrote: > On Sep 6, 2016 13:01, "Stephen Smalley" > wrote: >> >> On 09/06/2016 11:51 AM, william.c.robe...@intel.com > wrote: >> > From: William Roberts

Re: [PATCH] genhomedircon: remove hardcoded refpolicy strings

On Tue, Sep 06, 2016 at 03:13:17PM -0400, Stephen Smalley wrote: On 09/06/2016 09:48 AM, Gary Tierney wrote: Removes the "system_u" and "s0" string literals from refpolicy and replaces the seuser and range in each homedir, uid, and username context specification for every user. Signed-off-by:

Re: [PATCH] genhomedircon: remove hardcoded refpolicy strings

On 09/06/2016 09:48 AM, Gary Tierney wrote: > Removes the "system_u" and "s0" string literals from refpolicy and > replaces the seuser and range in each homedir, uid, and username context > specification for every user. > > Signed-off-by: Gary Tierney > --- >

Re: [PATCH] libselinux: clean up process file

On Tue, Sep 6, 2016 at 1:43 PM, William Roberts wrote: > > > Also, there are some memory leaks in there; run it under valgrind, e.g. > valgrind --leak-check=full matchpathcon /etc OK I'll run that test. >> >> I cant reproduce: > bad send... Can you

[PATCH v2] libselinux: clean up process file

From: William Roberts The current process_file() code will open the file twice on the case of a binary file, correct this. The general flow through process_file() was a bit difficult to read, streamline the routine to be more readable. Detailed statistics of before