[PATCH 2/5] libselinux: enable linking to musl-fts

Musl libc does not include the fts(3) functions so need to link to the musl-fts library https://github.com/pullmoll/musl-fts Signed-off-by: Jason Zaman --- libselinux/src/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libselinux/src/Makefile

[PATCH 1/5] sestatus: include limits.h for PATH_MAX

compile fails on musl libc because it cant find PATH_MAX. Signed-off-by: Jason Zaman --- policycoreutils/sestatus/sestatus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c index

[PATCH 5/5] genhomedircon: sysconf can return -1 without failure

from getpwnam_r(3): "The call sysconf(_SC_GETPW_R_SIZE_MAX) returns either -1, without changing errno, or an initial suggested size for buf. (If this size is too small, the call fails with ERANGE, in which case the caller can retry with a larger buffer.)" The same can happen for

SELinux musl support

This series fixes compiling and running on musl libc. patches 1-2 are fairly trivial. patches 3-4 are a feature change on that platform since it does not support GLOB_TILDE and GLOB_BRACE. tilde is coming in musl 1.1.21 according to [1]. brace support is not documented anywhere or in the example

Re: [PATCH 00/23] LSM: Full security module stacking

On Wed, May 16, 2018 at 1:42 PM, Casey Schaufler wrote: > On 5/15/2018 2:49 PM, James Morris wrote: >> On Tue, 15 May 2018, Casey Schaufler wrote: >> >>> Both SELinux and Smack use netlbl_sock_setattr() in their >>> socket_post_create() >>> hooks to establish the CIPSO to

[GIT PULL] SELinux fixes for v4.17 (#1)

-- The following changes since commit 6b6bc6205d98796361962ee282a063f18ba8dc57: selinux: wrap AVC state (2018-03-20 16:58:17 -0400) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20180516 for you to fetch changes up

Re: [PATCH 00/23] LSM: Full security module stacking

On 5/15/2018 2:49 PM, James Morris wrote: > On Tue, 15 May 2018, Casey Schaufler wrote: > >> Both SELinux and Smack use netlbl_sock_setattr() in their >> socket_post_create() >> hooks to establish the CIPSO to use if nothing else interferes. An >> unfortunate >> artifact of the Smack "ambient

Re: ANN: SELinux userspace 2.8-rc3 release candidate

Just a quick note in case the release is soon. I have a couple patches to make everything work on Musl libc that im gonna clean them up and post in the morning. On Thu, May 10, 2018 at 11:20:01AM -0400, Stephen Smalley wrote: > A 2.8-rc3 release candidate for the SELinux userspace is now

Re: Anyone using the SELinux test suite on Fedora 28?

On 5/15/2018 2:08 PM, Paul Moore wrote: > On Tue, May 15, 2018 at 10:50 AM, Casey Schaufler > wrote: >> On 5/15/2018 5:28 AM, Stephen Smalley wrote: >>> On 05/14/2018 08:10 PM, Casey Schaufler wrote: On 5/14/2018 4:48 PM, Stephen Smalley wrote: > It's been running

Re: Re: [RFC PATCH] selinux-testsuite: check the "expand-check" setting in semanage.conf

On 05/16/2018 03:31 AM, Petr Lautrbach wrote: > On Tue, May 15, 2018 at 05:03:42PM -0400, Paul Moore wrote: >> From: Paul Moore >> >> If expand-check is non-zero in semanage.conf the policy load will likely >> fail, >> try to provide a more helpful error to users running the

[PATCH ghak81 V3 3/3] audit: collect audit task parameters

The audit-related parameters in struct task_struct should ideally be collected together and accessed through a standard audit API. Collect the existing loginuid, sessionid and audit_context together in a new struct audit_task_info called "audit" in struct task_struct. Use kmem_cache to manage

[PATCH ghak81 V3 2/3] audit: normalize loginuid read access

Recognizing that the loginuid is an internal audit value, use an access function to retrieve the audit loginuid value for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c | 24 +++-

[PATCH ghak81 V3 0/3] audit: group task params

Group the audit parameters for each task into one structure. In particular, remove the loginuid and sessionid values and the audit context pointer from the task structure, replacing them with an audit task information structure to contain them. Use access functions to access audit values. Use

[PATCH ghak81 V3 1/3] audit: use new audit_context access funciton for seccomp_actions_logged

On the rebase of the following commit on the new seccomp actions_logged function, one audit_context access was missed. commit cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5 ("audit: use inline function to get audit context") Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c | 2

Re: [PATCH v2 09/11] docs: Fix some broken references

On Wed, May 09, 2018 at 10:18:52AM -0300, Mauro Carvalho Chehab wrote: > As we move stuff around, some doc references are broken. Fix some of > them via this script: > ./scripts/documentation-file-ref-check --fix-rst > > Manually checked if the produced result is valid, removing a few >

Re: [PATCH v2 09/11] docs: Fix some broken references

Quoting Mauro Carvalho Chehab (2018-05-09 06:18:52) > As we move stuff around, some doc references are broken. Fix some of > them via this script: > ./scripts/documentation-file-ref-check --fix-rst > > Manually checked if the produced result is valid, removing a few > false-positives. >

Re: [RFC PATCH] selinux-testsuite: check the "expand-check" setting in semanage.conf

On Tue, May 15, 2018 at 05:03:42PM -0400, Paul Moore wrote: > From: Paul Moore > > If expand-check is non-zero in semanage.conf the policy load will likely fail, > try to provide a more helpful error to users running the tests. > > Signed-off-by: Paul Moore