Stephen Smalley wrote:
> On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote:
> > This patch is a preparation for getting rid of task_create hook
> > because
> > task_create hook
>
> task_alloc hook?
Oops, copy error. Yes, I meant task_alloc hook.
>
> > which can do what task_create hook
This patch is a preparation for getting rid of task_create hook because
task_create hook which can do what task_create hook can do was revived.
Creating a new thread is unlikely prohibited by security policy, for
fork()/execve()/exit() is fundamental of how processes are managed in
Unix. If a
On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote:
> This patch is a preparation for getting rid of task_create hook
> because
> task_create hook
task_alloc hook?
> which can do what task_create hook can do was revived.
>
> Creating a new thread is unlikely prohibited by security policy,
On 03/26/2017 10:35 AM, Alan Jenkins wrote:
E.g. `fixfiles restore -v /usr` - before:
Warning: Skipping the following R/O filesystems:
/sys/fs/cgroup
Progress and Verbose mutually exclusive
usage: /sbin/restorecon [-iFnprRv0] [-e excludedir] pathname...
usage: /sbin/restorecon [-iFnprRv0] [-e
On 03/26/2017 12:22 PM, Alan Jenkins wrote:
I suggested that if you run a command for its informational output (by
passing `-v`), you don't expect it to be prefixed with the program name.
Prefixing is used for error messages, so you can tell where your shell
script blew up :). If a script is
On 03/25/2017 09:48 AM, Nicolas Iooss wrote:
When list_init() fails to allocate a list with calloc(), it calls
list_destroy() with l = NULL. This functions starts by dereferencing
its argument ("(*list)->head"), which does not work well when it is
NULL.
This bug can be fixed by returning
On Tue, Mar 28, 2017 at 7:28 PM, James Carter wrote:
> CIL does not allow type or role sets in certain rules (such as allow
> rules). It does, however, allow sets in typeattributeset and
> roleattributeset statements. Because of this, when module_to_cil
> translates a
When pipe() fails in semanage_pipe_data(), this function closes all file
descriptors in variables output_fd, err_fd and input_fd even when they
have not been initialized. Fix this by initializing the file descriptors
to -1.
This issue has been found using clang's static analyzer.
Signed-off-by:
In cond_expr_to_cil() when stack_init() fails, stack is set to
NULL and the execution flow jumps to label "exit". This triggers a call
to stack_pop(stack) which dereferences a NULL pointer in "if (stack->pos
== -1)".
This issue has been found using clang's static analyzer.
Signed-off-by: Nicolas
When load_booleans() calls process_boolean() to parse a boolean
definition, process_boolean() returns a successful value when it fails
to use strtok_r() (e.g. when there is no "=" in the parsed line). This
leads load_booleans() to use uninitialized name and/or val when setting
the boolean into the
CIL does not allow type or role sets in certain rules (such as allow
rules). It does, however, allow sets in typeattributeset and
roleattributeset statements. Because of this, when module_to_cil
translates a policy into CIL, it creates a new attribute for each
set that it encounters. But often the
On 03/22/2017 03:01 PM, James Carter wrote:
Add hexadecimal support for Xen ioportcon statements which was
left out of commit c408c70.
Signed-off-by: James Carter
This has been applied.
Jim
---
libsepol/cil/src/cil_build_ast.c | 6 +++---
1 file changed, 3
On 03/24/2017 10:27 AM, Nikola Forró wrote:
Signed-off-by: Nikola Forró
Applied.
Thanks,
Jim
---
mcstrans/man/man8/mcstransd.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mcstrans/man/man8/mcstransd.8 b/mcstrans/man/man8/mcstransd.8
index
13 matches
Mail list logo