gs/selinux-pr-20180530
for you to fetch changes up to efe3de79e0b52ca281ef6691480c8c68c82a4657:
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
(2018-05-29 20:11:19 -0400)
selinux/stable-4.17 P
On 05/30/2018 11:19 AM, Paul Moore wrote:
> On Fri, May 25, 2018 at 4:31 AM, Sachin Grover wrote:
>> Call trace:
>> [] dump_backtrace+0x0/0x428
>> [] show_stack+0x28/0x38
>> [] dump_stack+0xd4/0x124
>> [] print_address_description+0x68/0x258
>> [] kasan_report.part.2+0x228/0x2f0
>> []
Hi,
We are getting some AVC denials on the system. So, I tried to load a policy
for those denials but we are not able to create any policy.
We are getting below errors:
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context
On Mon, May 28, 2018 at 11:46 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> Fix line wrapping with limited to 80 columns
>
> Fix lintian error:
> W: selinux-utils: manpage-has-errors-from-man
> usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust
> line
On Mon, May 28, 2018 at 6:42 AM, Jason Zaman wrote:
> On Sat, May 26, 2018 at 08:42:06PM +0200, Nicolas Iooss wrote:
>> Hi,
>> As you may have noticed, I have been using clang's static analyzer for
>> a few months and submitted fixes for bugs that it found. There are also
>> many minor issues in
On Tue, Mar 20, 2018 at 1:48 PM, Richard Haines via Selinux
wrote:
> The sctp testsuite tests all new sctp SELinux functionality.
>
> Signed-off-by: Richard Haines
Now that the new SELinux userspace is out, I applied this to my test
tree and noticed two problems at the start (both easily
On Mon, May 28, 2018 at 4:30 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> Thanks to Russell Coker
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899083
>
> Signed-off-by: Laurent Bigonville
> ---
> secilc/Makefile | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git
On 05/30/2018 10:10 AM, Peter Enderborg wrote:
> Holding the preempt_disable is very bad for low latency tasks
> such as audio and therefore we need to break out the rule-set dependent
> part from this disable. By using a RCU instead of rwlock we
> have an efficient locking and less preemption
On Tue, May 29, 2018 at 9:29 AM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> ---
> restorecond/Makefile | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/restorecond/Makefile b/restorecond/Makefile
> index 25be18d4..fed65bba 100644
> ---
On Fri, May 25, 2018 at 4:31 AM, Sachin Grover wrote:
> Call trace:
> [] dump_backtrace+0x0/0x428
> [] show_stack+0x28/0x38
> [] dump_stack+0xd4/0x124
> [] print_address_description+0x68/0x258
> [] kasan_report.part.2+0x228/0x2f0
> [] kasan_report+0x5c/0x70
> []
On Wed, May 30, 2018 at 11:23 AM, Stephen Smalley wrote:
> On 05/30/2018 11:19 AM, Paul Moore wrote:
>> On Fri, May 25, 2018 at 4:31 AM, Sachin Grover
>> wrote:
>>> Call trace:
>>> [] dump_backtrace+0x0/0x428
>>> [] show_stack+0x28/0x38
>>> [] dump_stack+0xd4/0x124
>>> []
Hello,
I was planning to readd system-config-selinux in the debian package now
that it has been ported to GIR, python3 and GTK3.
But I realized that it requires root rights (via pkexec) to work.
The problem with that is that it doesn't work with wayland.
Are there any plans to decouple
This patch separtate the locks for read and write, and
to be sure that they are using the same structure the
seqno is used. If the seqno is changed from the read to
write section the function reportes an eagain error.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 143
We need a copy of sidtabs, so change the generic sidtab_clone
as from a function pointer and let it use a read rwlock while
do the clone.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 20 +---
security/selinux/ss/sidtab.c | 39
This is a preparation for moving locking to rcu type.
We move policydb, sidtab and map to this structure which
is dynamic allocated. To help out the handlig a policydb_copy
are added. It is intended to be used in atomic context within
a rcu lock, so there are help functions that do vmalloc
From: peter
As preparation for RCU the allocation need to be atomic,
there is a lot of them so they do in this patch.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/avtab.c | 8 +--
security/selinux/ss/conditional.c | 14 ++---
security/selinux/ss/ebitmap.c | 3 +-
Holding the preempt_disable is very bad for low latency tasks
such as audio and therefore we need to break out the rule-set dependent
part from this disable. By using a RCU instead of rwlock we
have an efficient locking and less preemption interference.
Selinux uses a lot of read_locks. This
To be able to preempt avc_compute we need preemptible
locks, this patch switch the rwlock reads to rcu_read_lock.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 152 +
security/selinux/ss/services.h | 2 +-
2 files changed, 79
From: Paul Moore
Fixes done by 'tools/check-syntax -f'.
Signed-off-by: Paul Moore
---
tests/binder/test_binder.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/binder/test_binder.c b/tests/binder/test_binder.c
index 0d10a58..11fa358 100644
---
From: Paul Moore
Signed-off-by: Paul Moore
---
tests/binder/test |0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 tests/binder/test
diff --git a/tests/binder/test b/tests/binder/test
old mode 100644
new mode 100755
20 matches
Mail list logo
