On 09/29/2015 04:51 PM, William Roberts wrote:
On Tue, Sep 29, 2015 at 1:25 PM, Stephen Smalley mailto:s...@tycho.nsa.gov>> wrote:
On 09/29/2015 04:19 PM, William Roberts wrote:
So is this information only available at compile time? I see
that the
types field is
On 09/28/2015 04:00 PM, David Howells wrote:
The attached patches provide security support for unioned files where the
security involves an object-label-based LSM (such as SELinux) rather than a
path-based LSM.
[Note that a number of the bits that were in the original patch set are now
upstream
On Tue, Sep 29, 2015 at 1:25 PM, Stephen Smalley wrote:
> On 09/29/2015 04:19 PM, William Roberts wrote:
>
>> So is this information only available at compile time? I see that the
>> types field is
>> empty for both attributes and types. Perhaps my code is wrong to do
>> this, but
>> I can loop o
On 09/27/2015 11:10 AM, Geliang Tang wrote:
Fixes the following sparse warning:
security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was
not declared. Should it be static?
Signed-off-by: Geliang Tang
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1 fil
On 09/27/2015 08:06 AM, Richard Haines wrote:
The selinux_restorecon(3) man page details this function that relies
on the selabel_digest(3) function available from [1] (as not yet
part of upstream libselinux).
It has been built using the work from Android where an SHA1 hash
of the specfiles is h
On 09/29/2015 04:19 PM, William Roberts wrote:
So is this information only available at compile time? I see that the
types field is
empty for both attributes and types. Perhaps my code is wrong to do
this, but
I can loop over the ebitmap entries from the attr_type and type_attr
maps just
fine.
On Tue, Sep 29, 2015 at 12:36 PM, William Roberts
wrote:
>
> On Sep 29, 2015 12:35 PM, "Joshua Brindle"
> wrote:
> >
> > William Roberts wrote:
> >>
> >> On Sep 29, 2015 12:12 PM, "Joshua Brindle"
> >> wrote:
> >>>
> >>> William Roberts wrote:
>
> Out of curiosity, whats the purpose of
On Sep 29, 2015 12:12 PM, "Joshua Brindle"
wrote:
>
> William Roberts wrote:
>>
>> Out of curiosity, whats the purpose of the types field in the struct
>> type_datum? This seems to never have anything in it.
>>
>
> type_datum is used for both types and attributes (as designated by the
flavor field
On 09/26/2015 09:10 PM, Laurent Bigonville wrote:
Hi,
Running newrole executable compiled with LSPP_PRIV=y I get the following
error while it's trying to switch role:
Error sending audit message.
It seems that the CAP_AUDIT_WRITE capability is not set [0]. Adding this
capability to the list do
On Sep 29, 2015 12:35 PM, "Joshua Brindle"
wrote:
>
> William Roberts wrote:
>>
>> On Sep 29, 2015 12:12 PM, "Joshua Brindle"
>> wrote:
>>>
>>> William Roberts wrote:
Out of curiosity, whats the purpose of the types field in the struct
type_datum? This seems to never have anything i
William Roberts wrote:
On Sep 29, 2015 12:12 PM, "Joshua Brindle"
wrote:
William Roberts wrote:
Out of curiosity, whats the purpose of the types field in the struct
type_datum? This seems to never have anything in it.
type_datum is used for both types and attributes (as designated by the
fla
William Roberts wrote:
Out of curiosity, whats the purpose of the types field in the struct
type_datum? This seems to never have anything in it.
type_datum is used for both types and attributes (as designated by the
flavor field). In the attribute case the types field is the ebitmap of
types
On 09/20/2015 06:05 AM, Richard Haines wrote:
selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during
selabel_open(3) will return an SHA1 digest of the spec files, plus
a list of the specfiles used to calculate the digest. There is a
test utility supplied that will demonstrate the fu
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
sprintf returns the number of characters printed (excluding '\0'), so
we can use that and avoid duplicating the length computation.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 5 +
1
Out of curiosity, whats the purpose of the types field in the struct
type_datum? This seems to never have anything in it.
Also, conditional.h has a field called bool, this would seem to conflict
with stdbool.h, whats the consensus on renaming this to boolean perhaps?
On Thu, Sep 24, 2015 at 6:58
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
This is much simpler.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinu
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c550
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
security_context_to_sid() expects a const char* argument, so there's
no point in casting away the const qualifier of value.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1 file changed, 1 i
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
There seems to be a little confusion as to whether the scontext_len
parameter of security_context_to_sid() includes the nul-byte or
not. Reading security_context_to_sid_core(), it seems that the
expectation is that it does not (both the string copyi
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
A few random things I stumbled on.
While I'm pretty sure of the change in 1/5, I'm also confused, because
the doc for the reverse security_sid_to_context state that
@scontext_len is set to "the length of the string", which one would
normally interp
20 matches
Mail list logo
