Re: MLS dominance check behavior on el7

2018-09-12 Thread Ted Toth
On Wed, Sep 12, 2018 at 9:36 AM Dominick Grift wrote: > On Wed, Sep 12, 2018 at 09:57:20AM -0400, Stephen Smalley wrote: > > On 09/12/2018 09:26 AM, Ted Toth wrote: > > > > > > > > > On Wed, Sep 12, 2018 at 8:04 AM Stephen Smalley > > > wrote: > > > > > > On

Re: [PATCH 3/6] selinux: convert to kvmalloc

2018-09-12 Thread Paul Moore
On Fri, Sep 7, 2018 at 1:50 PM Kent Overstreet wrote: > On Sat, Sep 08, 2018 at 02:08:03AM +0900, Tetsuo Handa wrote: > > On 2018/09/08 1:56, Kent Overstreet wrote: > > > @@ -329,8 +328,7 @@ int avtab_alloc(struct avtab *h, u32 nrules) > > > nslot = MAX_AVTAB_HASH_BUCKETS; > > >

Re: [PATCH] selinux: Add __GFP_NOWARN to allocation at str_read()

2018-09-12 Thread Paul Moore
On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa wrote: > syzbot is hitting warning at str_read() [1] because len parameter can > become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for > this case. > > [1] >

Re: MLS dominance check behavior on el7

2018-09-12 Thread Dominick Grift
On Wed, Sep 12, 2018 at 09:57:20AM -0400, Stephen Smalley wrote: > On 09/12/2018 09:26 AM, Ted Toth wrote: > > > > > > On Wed, Sep 12, 2018 at 8:04 AM Stephen Smalley > > wrote: > > > > On 09/11/2018 04:59 PM, Ted Toth wrote: > > > That's awesome and now

Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock

2018-09-12 Thread James Morris
On Tue, 11 Sep 2018, Casey Schaufler wrote: > LSM: Module stacking in support of S.A.R.A and Landlock Please help prevent RSI and shorten this to SARA. -- James Morris ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to

Re: MLS dominance check behavior on el7

2018-09-12 Thread Stephen Smalley
On 09/11/2018 04:59 PM, Ted Toth wrote: That's awesome and now it's got me thinking about other classes/permissions that we could implement. Can cil macros can be referenced in .te/.if files? Not sure I understand your question. You can't directly embed cil statements in .te/.if files.

Re: MLS dominance check behavior on el7

2018-09-12 Thread Ted Toth
On Wed, Sep 12, 2018 at 8:04 AM Stephen Smalley wrote: > On 09/11/2018 04:59 PM, Ted Toth wrote: > > That's awesome and now it's got me thinking about other > > classes/permissions that we could implement. Can cil macros can be > > referenced in .te/.if files? > > Not sure I understand your