Re: ANN: SELinux userspace 2.8-rc1 release candidate

2018-04-25 Thread Stephen Smalley
On 04/25/2018 10:11 AM, Yuli Khodorkovskiy wrote: > On Fri, Apr 20, 2018 at 10:09 AM, Stephen Smalley wrote: >> On 04/20/2018 09:31 AM, Petr Lautrbach wrote: >>> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote: On 04/20/2018 08:31 AM, Petr Lautrbach wrote:

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

2018-04-25 Thread Stephen Smalley
On 04/24/2018 11:22 AM, David Howells wrote: > Stephen Smalley wrote: > >> Neither fsopen() nor fscontext_fs_write() appear to perform any kind of >> up-front permission checking (DAC or MAC), although some security hooks may >> be ultimately called to allocate structures,

Re: ANN: SELinux userspace 2.8-rc1 release candidate

2018-04-25 Thread Yuli Khodorkovskiy
On Fri, Apr 20, 2018 at 10:09 AM, Stephen Smalley wrote: > On 04/20/2018 09:31 AM, Petr Lautrbach wrote: >> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote: >>> On 04/20/2018 08:31 AM, Petr Lautrbach wrote: On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen

Re: [PATCH] Revert "libselinux: verify file_contexts when using restorecon"

2018-04-25 Thread William Roberts
On Mon, Apr 23, 2018 at 9:55 AM, William Roberts wrote: > On Fri, Apr 20, 2018 at 7:17 AM, Stephen Smalley wrote: >> This reverts commit 814631d3aebaa041073a42c677c1ed62ce7830d5. >> As reported by Petr Lautrbach, this commit changed the behavior >>

Re: [PATCH 2/2] sestatus: free process and file contexts which are checked

2018-04-25 Thread William Roberts
Merged: https://github.com/SELinuxProject/selinux/pull/94 On Mon, Apr 23, 2018 at 9:54 AM, William Roberts wrote: > On Sun, Apr 22, 2018 at 12:21 PM, Nicolas Iooss wrote: >> clang's static analyzer reports a potential memory leak because the >>

Re: [PATCH 1/1] libsemanage: always check append_arg return value

2018-04-25 Thread William Roberts
Merged: https://github.com/SELinuxProject/selinux/pull/94 On Mon, Apr 23, 2018 at 9:50 AM, William Roberts wrote: > On Sun, Apr 22, 2018 at 12:30 PM, Nicolas Iooss wrote: >> When split_args() calls append_arg(), the returned value needs to be >>

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

2018-04-25 Thread David Miller
From: James Morris Date: Thu, 26 Apr 2018 04:44:38 +1000 (AEST) > On Mon, 23 Apr 2018, David Herrmann wrote: > >> This patch series tries to close this gap and makes both behave the >> same. A new LSM-hook is added which allows LSMs to cache the correct >> peer information on

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

2018-04-25 Thread Paul Moore
On Wed, Apr 25, 2018 at 2:44 PM, James Morris wrote: > On Mon, 23 Apr 2018, David Herrmann wrote: >> This patch series tries to close this gap and makes both behave the >> same. A new LSM-hook is added which allows LSMs to cache the correct >> peer information on newly created

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

2018-04-25 Thread James Morris
On Mon, 23 Apr 2018, David Herrmann wrote: > This patch series tries to close this gap and makes both behave the > same. A new LSM-hook is added which allows LSMs to cache the correct > peer information on newly created socket-pairs. Looks okay to me. Once it's respun with the Smack backend and

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

2018-04-25 Thread James Morris
On Wed, 25 Apr 2018, Paul Moore wrote: > On Wed, Apr 25, 2018 at 2:44 PM, James Morris wrote: > > On Mon, 23 Apr 2018, David Herrmann wrote: > >> This patch series tries to close this gap and makes both behave the > >> same. A new LSM-hook is added which allows LSMs to cache