On Tue, Oct 23, 2018 at 10:29 AM William Roberts
wrote:
>
> On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek wrote:
> >
> > The kernel checks if the port is in the range 1-255 when loading an
> > ibenportcon rule. Add the same check to libsepol.
> >
> >
On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek
> ---
>
On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek
> ---
>
On Fri, Oct 19, 2018 at 7:28 AM Stephen Smalley wrote:
>
> On 10/18/2018 03:47 AM, Ondrej Mosnacek wrote:
> > Do the LE conversions before doing the Infiniband-related range checks.
> > The incorrect checks are otherwise causing a failure to load any policy
> > with an ibendportcon rule on BE
break;
> + }
> case OCON_IBENDPORT:
> rc = next_entry(buf, fp, sizeof(uint32_t) *
> 2);
> if (rc < 0)
> --
> 2.17.2
>
Acked-by: William Roberts william.c.robe...@intel.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
On Thu, Oct 18, 2018 at 5:57 AM Ondrej Mosnacek wrote:
>
> Do the LE conversions before doing the Infiniband-related range checks.
> The incorrect checks are otherwise causing a failure to load any policy
> with an ibendportcon rule on BE systems. This can be reproduced by
> running (on e.g.
On Wed, Oct 17, 2018 at 7:19 AM Ondrej Mosnacek wrote:
>
> Do the LE conversions before doing the Infiniband-related range checks.
> The incorrect checks are otherwise causing a failure to load any policy
> with an ibendportcon rule on BE systems. This can be reproduced by
> running (on e.g.
On Wed, Oct 17, 2018 at 2:21 PM Stephen Smalley wrote:
>
> On 10/17/2018 05:18 PM, Paul Moore wrote:
> > On Wed, Oct 17, 2018 at 12:07 PM William Roberts
> > wrote:
> >> On Wed, Oct 17, 2018 at 7:48 AM Ondrej Mosnacek
> >> wrote:
> >>>
> &g
On Wed, Oct 17, 2018 at 7:48 AM Ondrej Mosnacek wrote:
>
> We need to convert from little-endian before dong range checks on the
> ibpkey port numbers, otherwise we would be checking a wrong value.
>
> Fixes: 9fbb3112769a ("libsepol: Add ibpkey ocontext handling")
> Signed-off-by: Ondrej Mosnacek
On Wed, Oct 17, 2018 at 8:30 AM Stephen Smalley wrote:
>
> On 10/17/2018 10:46 AM, Ondrej Mosnacek wrote:
> > We need to convert from little-endian before dong range checks on the
> > ibpkey port numbers, otherwise we would be checking a wrong value.
> >
> > Fixes: 9fbb3112769a ("libsepol: Add
On Wed, Oct 17, 2018 at 7:48 AM Ondrej Mosnacek wrote:
>
> We need to convert from little-endian before dong range checks on the
> ibpkey port numbers, otherwise we would be checking a wrong value.
>
> Fixes: 9fbb3112769a ("libsepol: Add ibpkey ocontext handling")
> Signed-off-by: Ondrej Mosnacek
I'm really not that familiar with the Python code to review this at
the moment, perhaps Nicolas is?
On Tue, Oct 16, 2018 at 1:27 AM Vit Mojzis wrote:
>
> Sepolicy and semanage do not work with aliases properly (aliases are
> mostly treated as invalid types). Fix this by determining corresponding
merged:
https://github.com/SELinuxProject/selinux/pull/104
On Thu, Oct 11, 2018 at 4:58 PM William Roberts
wrote:
>
> On Thu, Oct 11, 2018 at 5:37 AM James Carter wrote:
> >
> > [Resending because I originally only sent these to the new list]
> >
> > - Remo
Weird Gmail removed my text box for plain text mode in Gmail,
re-sending since it got
filtered out of the mailing list.
On Mon, Oct 8, 2018 at 9:09 AM William Roberts wrote:
>
> Yuli,
> If you respin this with just import error looks like its a go.
> Bill
>
> On Fri, Oct 5
Yuli,
If you respin this with just import error looks like its a go.
Bill
On Fri, Oct 5, 2018 at 12:53 PM Chris PeBenito wrote:
> On 10/05/2018 10:32 AM, Jason Zaman wrote:
> > On Fri, Oct 05, 2018 at 07:13:23AM -0700, William Roberts wrote:
> >> On Thu, Oct 4, 201
On Thu, Oct 4, 2018 at 12:46 PM Yuli Khodorkovskiy <
yuli.khodorkovs...@crunchydata.com> wrote:
> The python module import error in semanage_migrate_store was misleading.
> Before, it would print that the module is not installed, even though
> it is in fact on the system.
>
> Now the python
On Wed, Sep 26, 2018 at 8:12 AM Stephen Smalley wrote:
> The kernel only supports seclabel if it is >= 2.6.30 _and_
> SELinux is enabled, since seclabel is generated by SELinux
> based partly on policy (e.g. is the filesystem type configured in policy
> with a labeling behavior that supports
Both patches were applied:
https://github.com/SELinuxProject/selinux/pull/100
On Mon, Sep 24, 2018 at 11:55 AM William Roberts
wrote:
> ack
>
> On Mon, Sep 24, 2018 at 11:12 AM Nick Kralevich via Selinux <
> selinux@tycho.nsa.gov> wrote:
>
>> Signed-off-by: Nick Kra
ack
On Mon, Sep 24, 2018 at 11:12 AM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Fix a situation where the secilc command line tool could return success
> even though the compilation failed.
>
> $ secilc /dev/null -o /dev/null -f /dev/null
> Failure reading file: /dev/null
>
ack
On Mon, Sep 24, 2018 at 11:12 AM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Signed-off-by: Nick Kralevich
> ---
> libsepol/include/sepol/errcodes.h | 2 +-
> secilc/secilc.c | 14 +++---
> 2 files changed, 8 insertions(+), 8 deletions(-)
>
>
On Fri, Sep 21, 2018 at 5:12 PM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Fix a situation where the secilc command line tool could return success
> even though the compilation failed.
>
> $ secilc /dev/null -o /dev/null -f /dev/null
> Failure reading file: /dev/null
> $
merged: https://github.com/SELinuxProject/selinux/pull/99
On Wed, Sep 19, 2018 at 12:13 PM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Reduce noise when calling the checkpolicy command line. In Android, this
> creates unnecessary build noise which we'd like to avoid.
>
>
On Wed, Sep 19, 2018 at 12:36 PM Stephen Smalley wrote:
> On 09/19/2018 03:21 PM, William Roberts wrote:
> > Some people might be checking this output since it's been there so long,
> > -s would be a good way to go.
> >
> > Alternatively, a way to bring back this infor
Some people might be checking this output since it's been there so long,
-s would be a good way to go.
Alternatively, a way to bring back this information via a verbose option -V
could
be considered.
Either way, a simple logging mechanism analogous to
LOGV/LOGW/LOGE could be useful, I wonder
ack
On Wed, Sep 5, 2018 at 2:53 PM Nicolas Iooss wrote:
> Currently, in:
>
> # semanage ibendport --help
> usage: semanage ibendport [-h] [-n] [-N] [-s STORE] [ --add -t TYPE
> -z IBDEV_NAME -r RANGE ( port ) | --delete -z IBDEV_NAME -r RANGE(
> port ) | --deleteall | --extract
Ack on these as well
On Sun, Aug 19, 2018 at 11:49 AM, Nicolas Iooss
wrote:
> Python does not need to end a statement with a semicolon. Doing this
> gets reported by linters such as flake8 ("E703 statement ends with a
> semicolon").
>
> Remove such semicolons in the code and enable this warning
On Sun, Aug 19, 2018 at 1:53 AM, Nicolas Iooss
wrote:
> On Sat, Aug 18, 2018 at 8:43 PM William Roberts
> wrote:
> >
> > Im assuming with your attention on the python side of the house we're
> going to see a lot of
> > formatting change patches heading the mai
On Mon, Aug 6, 2018 at 1:26 PM, Nicolas Iooss wrote:
> On Mon, Aug 6, 2018 at 5:05 PM, William Roberts
> wrote:
> >
> > On Sat, Aug 4, 2018 at 12:47 PM, Nicolas Iooss
> > wrote:
> >>
> >> Hi,
> >>
> >> I have been working on a scr
On Sat, Aug 4, 2018 at 12:47 PM, Nicolas Iooss
wrote:
> Hi,
>
> I have been working on a script which uses flake8 to discover issues in
> Python code. This led me to discover several issues which are fixed by
> these patches. Distribution maintainers might be interested in
> backporting some of
On Mon, Jul 2, 2018 at 11:38 AM, Nicolas Iooss wrote:
> On Sun, Jul 1, 2018 at 10:51 PM, William Roberts
> wrote:
>> I see lots of repeating blocks, would it make more sense to goto an
>> error label and free them then return -1?
>
> Both trans_context() and untrans_co
On Sun, Jul 1, 2018 at 7:59 AM, Nicolas Iooss wrote:
> write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
> it fails to write the PID to it. Close the file before returning.
>
> Signed-off-by: Nicolas Iooss
> ---
> restorecond/restorecond.c | 1 +
> 1 file changed, 1
On Sun, Jul 1, 2018 at 7:56 AM, Nicolas Iooss wrote:
> refpolicy moved from github.com/TresysTechnology to
> github.com/SELinuxProject. It is still used in sepolgen tests (they
> build modules using Makefile.devel and build.conf) so update the
> location of the repository.
>
> Signed-off-by:
ack
On Sat, May 26, 2018 at 11:42 AM, Nicolas Iooss wrote:
> va_copy()'s manpage [1] states:
>
> Each invocation of va_copy() must be matched by a corresponding
> invocation of va_end() in the same function.
>
> create_str_helper() is using va_copy() without va_end(). Add the missing
>
On Tue, May 8, 2018 at 7:32 AM, Stephen Smalley wrote:
> Verify that the final path does not exceed the size of the
> buffer before copying. This can only occur if an alternate
> path for the policy root and/or the policy store root has been
> specified and if the resulting
Merged: https://github.com/SELinuxProject/selinux/pull/94
On Mon, Apr 23, 2018 at 9:50 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Sun, Apr 22, 2018 at 12:30 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
>> When split_args() calls append_arg(), the
Merged: https://github.com/SELinuxProject/selinux/pull/94
On Mon, Apr 23, 2018 at 9:54 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Sun, Apr 22, 2018 at 12:21 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
>> clang's static analyzer reports a potentia
On Mon, Apr 23, 2018 at 9:55 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Fri, Apr 20, 2018 at 7:17 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> This reverts commit 814631d3aebaa041073a42c677c1ed62ce7830d5.
>> As reported by Petr Lautrbach, this
On Sun, Apr 22, 2018 at 12:21 PM, Nicolas Iooss wrote:
> clang's static analyzer reports a potential memory leak because the
> buffers allocated in pc and fc are not freed in main(), in sestatus.c.
> Free these buffers properly.
>
> Signed-off-by: Nicolas Iooss
On Mon, Apr 16, 2018 at 5:34 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 04/13/2018 08:40 PM, William Roberts wrote:
>> In general this series looks fine.
>>
>> However, checkpatch.pl is complaining about DOS line endings in your patches:
>>
>>
In general this series looks fine.
However, checkpatch.pl is complaining about DOS line endings in your patches:
For example:
ERROR: DOS line endings
#325: FILE: libselinux/src/label_file.h:281:
+^I^Iint alloc_stems = data->alloc_stems * 2 + 16;^M$
On Fri, Apr 13, 2018 at 1:34 PM, Nicolas
On Fri, Mar 30, 2018 at 11:59 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Thu, Mar 29, 2018 at 5:16 PM, Yuli Khodorkovskiy <ykh...@gmail.com> wrote:
>> In permissive, if a bad label is written to a file_context file,
>> restorecon will not verify t
On Thu, Mar 29, 2018 at 5:16 PM, Yuli Khodorkovskiy wrote:
> In permissive, if a bad label is written to a file_context file,
> restorecon will not verify the label before succesfully applying the
> context. These patches fix validation of labels during restorecon
> while not
On Thu, Mar 29, 2018 at 5:37 AM, Stephen Smalley wrote:
> On 03/28/2018 11:40 PM, Yuli Khodorkovskiy wrote:
>> In permissive mode, calling restorecon with a bad label in file_contexts
>> does not verify the label's existence in the loaded policy. This
>> results in any label
On Wed, Mar 28, 2018 at 8:40 PM, Yuli Khodorkovskiy wrote:
> In permissive, if a bad label is written to a file_context file,
> restorecon will not verify the label before succesfully applying the
> context. These patches fix validation of labels during restorecon
> while not
On Mon, Mar 19, 2018 at 8:19 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Mon, Mar 19, 2018 at 7:46 AM, Vit Mojzis <vmoj...@redhat.com> wrote:
>> Fix sizeof calculation in array iteration introduced by commit
>> 6bb8282c4cf66e93daa9684dbe9c75bb6b1e09a7
>
;
>> This change deals with this scenario by resolving the value of the
>> corresponding expandtypeattribute to false. The rationale behind this
>> override is that true is used for reduce run-time lookups, while
>> false is used for tests which must pass.
>>
>> Si
On Thu, Mar 15, 2018 at 8:16 PM, Tri Vo wrote:
> This commit resolves conflicts in values of expandattribute statements
> in policy language and expandtypeattribute in CIL.
>
> For example, these statements resolve to false in policy language:
> expandattribute hal_audio true;
merged:
https://github.com/SELinuxProject/selinux/pull/85
On Thu, Mar 15, 2018 at 11:31 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Thu, Mar 15, 2018 at 11:01 AM, jwcart2 <jwca...@tycho.nsa.gov> wrote:
>> On 03/08/2018 03:19 PM, Stephen Smalley
p.in
>> +++ b/libsepol/src/libsepol.map.in
>> @@ -56,4 +56,6 @@ LIBSEPOL_1.1 {
>> sepol_module_policydb_to_cil;
>> sepol_kernel_policydb_to_cil;
>> sepol_kernel_policydb_to_conf;
>> + sepol_polcap_getnum;
>> + sepol_polcap_getname;
>> } LIBSEPOL_1.0;
>>
Acked-by: William Roberts <william.c.robe...@intel.com>
On Wed, Mar 14, 2018 at 3:17 PM, Tri Vo wrote:
> When Android combines multiple .cil files from system.img and vendor.img
> it's possible to have conflicting expandattribute statements, e.g.
> expandattribute hal_audio true;
> expandattribute hal_audio false;
Isn't this the
On Wed, Feb 28, 2018 at 11:39 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 02/28/2018 02:26 PM, William Roberts wrote:
>> So peeking through the code base, I see:
>>
>> int semanage_direct_is_managed(semanage_handle_t * sh)
>> {
>> if (semanage_c
On Wed, Feb 28, 2018 at 9:44 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Wed, Feb 28, 2018 at 4:12 AM, Vit Mojzis <vmoj...@redhat.com> wrote:
>> Resolves: rhbz#1337199
>>
>> Signed-off-by: Vit Mojzis <vmoj...@redhat.com>
>> ---
>&
On Wed, Feb 28, 2018 at 10:26 AM, Stephen Smalley wrote:
> On 02/28/2018 05:15 AM, Vit Mojzis wrote:
>> F_OK access checks only work properly as long as all directories along
>> the path are accessible to real user running the program.
>> Replace F_OK access checks by testing
ormer and test case and
the same could be said for semanage_store_access_check
I think this is a good time to roll in patch 4 and drop everything
relying on semanage_store_access_check.
Thoughts?
On Wed, Feb 28, 2018 at 11:07 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Wed, Feb 2
On Wed, Feb 28, 2018 at 2:15 AM, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs. Remove redundant access() checks
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
>
> Signed-off-by: Vit
On Wed, Feb 28, 2018 at 10:43 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 02/28/2018 01:24 PM, William Roberts wrote:
>> Where is patch 2/2, I have yet to see it?
>>
>> Did something get screwy and is it: [PATCH] libsemanage: Improve
>> warning for insta
Where is patch 2/2, I have yet to see it?
Did something get screwy and is it: [PATCH] libsemanage: Improve
warning for installing disabled module
On Wed, Feb 28, 2018 at 9:50 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Wed, Feb 28, 2018 at 2:15 AM, Vit Mojzis <vmoj..
On Wed, Feb 28, 2018 at 2:15 AM, Vit Mojzis wrote:
> F_OK access checks only work properly as long as all directories along
> the path are accessible to real user running the program.
> Replace F_OK access checks by testing return value of open, write, etc.
>
> Fixes:
On Wed, Feb 28, 2018 at 2:15 AM, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access(,F_OK) (i.e. tests for file existence) by stat().
> And access(,R_OK) by fopen(,"r")
>
> Fixes:
On Wed, Feb 28, 2018 at 4:12 AM, Vit Mojzis wrote:
> Resolves: rhbz#1337199
>
> Signed-off-by: Vit Mojzis
> ---
> libsemanage/src/direct_api.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/direct_api.c
On Mon, Feb 12, 2018 at 5:58 PM, Lee Stubbs wrote:
> Based on the semanage-port documentation, I believe the semanage ports type
> bash autocompletion may be missing a '-'. Please see the attached patch file
This isn't how we take patches on the list, please use git
On Thu, Feb 8, 2018 at 8:51 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On Thu, 2018-02-08 at 08:34 -0800, William Roberts wrote:
>> On Thu, Feb 8, 2018 at 7:47 AM, Stephen Smalley <s...@tycho.nsa.gov>
>> wrote:
>> > On Thu, 2018-02-08 at 10:20 -0500, Pa
On Thu, Feb 8, 2018 at 7:20 AM, Paul Moore <p...@paul-moore.com> wrote:
> On Wed, Feb 7, 2018 at 6:46 PM, <william.c.robe...@intel.com> wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> Commit:
>> 73ff5fc selinux: cache sidtab_contex
Thanks, applied: https://github.com/SELinuxProject/selinux/pull/76
On Thu, Jan 25, 2018 at 10:49 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On Thu, 2018-01-25 at 10:22 -0800, William Roberts wrote:
>> On Wed, Jan 24, 2018 at 1:42 AM, Richard Haines
>> <richard
On Wed, Jan 24, 2018 at 1:42 AM, Richard Haines
wrote:
> Allow the tmp build files to be kept for debugging when a policy
> build fails.
>
> Signed-off-by: Richard Haines
> ---
> V2 Changes:
> Remove the retain-tmp flag and just
On Mon, Jan 22, 2018 at 8:38 AM, Richard Haines
wrote:
> Allow the tmp build files to be kept for debugging when a policy
> build fails.
>
> Signed-off-by: Richard Haines
> ---
> V2 Changes:
> Remove the retain-tmp flag and just
Richard, are you going to respin this?
On Tue, Jan 16, 2018 at 9:35 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Tue, Jan 16, 2018 at 8:00 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On Tue, 2018-01-16 at 07:47 -0800, William Roberts wrote:
>>> O
On Tue, Jan 16, 2018 at 8:00 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On Tue, 2018-01-16 at 07:47 -0800, William Roberts wrote:
>> On Mon, Jan 15, 2018 at 9:32 AM, Stephen Smalley
>> <stephen.smal...@gmail.com> wrote:
>> > On Jan 14, 2018 10:36 AM
On Mon, Jan 15, 2018 at 9:32 AM, Stephen Smalley
wrote:
> On Jan 14, 2018 10:36 AM, "Richard Haines"
> wrote:
>
> Add new option to semanage.conf that allows the tmp build files
> to be kept for debugging when building policy.
>
>
>
On Mon, Jan 15, 2018 at 8:39 AM, Richard Haines
<richard_c_hai...@btinternet.com> wrote:
> On Mon, 2018-01-15 at 07:46 -0800, William Roberts wrote:
>> On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines
>> <richard_c_hai...@btinternet.com> wrote:
>> > Add new
On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines
wrote:
> Add new option to semanage.conf that allows the tmp build files
> to be kept for debugging when building policy.
How do people know where the tmp files are, does something print it out or is it
documented
On Wed, Jan 10, 2018 at 6:12 AM, Richard Haines
wrote:
> The selabel_media(5) man page incorrectly stated that the
> removable_context(5) would be read if an selabel_lookup(3)
> failed. Correct the man pages that fixes [1].
>
> [1]
On Wed, Jan 10, 2018 at 6:12 AM, Richard Haines
wrote:
> The selabel_media(5) man page incorrectly stated that the
> removable_context(5) would be read if an selabel_lookup(3)
> failed. Correct the man pages that fixes [1].
>
> [1]
On Fri, Dec 1, 2017 at 1:31 PM, Paul Moore wrote:
> From: Paul Moore
>
> The syzbot/syzkaller automated tests found a problem in
> security_context_to_sid_core() during early boot (before we load the
> SELinux policy) where we could potentially feed
Thanks. Applied: https://github.com/SELinuxProject/selinux/pull/71
On Wed, Nov 22, 2017 at 7:09 AM, Jan Zarsky wrote:
> Function dbase_llist_iterate iterates over records and checks return
> value of iterate function. According to a manpage semanage_iterate(3),
> handler can
On Mon, Nov 27, 2017 at 2:01 AM, Jan Zarsky wrote:
> Function dbase_llist_iterate() iterates over records and checks return
> value of iterate function. According to a manpage semanage_iterate(3),
> handler can return value 1 for early exit. dbase_llist_iterate()
> currently
On Wed, Nov 22, 2017 at 7:09 AM, Jan Zarsky wrote:
> Function dbase_llist_iterate iterates over records and checks return
> value of iterate function. According to a manpage semanage_iterate(3),
> handler can return value 1 for early exit. dbase_llist_iterate
> currently
On Tue, Oct 24, 2017 at 2:39 PM, Nicolas Iooss wrote:
> Some Travis-CI builds failed because of issues when downloading
> refpolicy files for sepolgen tests. Use curl's option --retry to make
> the downloads work when the networking issues are only transient.
>
>
On Oct 24, 2017 13:05, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
On Tue, 2017-10-24 at 09:26 -0700, William Roberts wrote:
> Error 52, which if it lines up with what I am reading is
> CURLE_GOT_NOTHING
> https://curl.haxx.se/libcurl/c/libcurl-errors.html
>
> Tha
Wed, 2017-10-18 at 19:30 -0700, William Roberts wrote:
>> On Tue, Oct 17, 2017 at 12:50 PM, Stephen Smalley <s...@tycho.nsa.gov>
>> wrote:
>> > On Tue, 2017-10-17 at 11:49 -0700, William Roberts wrote:
>> > > On Sun, Oct 15, 2017 at 5:10 AM, Nicolas Ioo
On Mon, Oct 23, 2017 at 9:12 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Mon, Oct 23, 2017 at 8:57 AM, Dan Cashman <dcash...@android.com> wrote:
>> On 10/20/2017 09:09 AM, William Roberts wrote:
>>>
>>> On Thu, Oct 19, 2017 at 3:12 PM, Nicolas
On Mon, Oct 23, 2017 at 8:57 AM, Dan Cashman <dcash...@android.com> wrote:
> On 10/20/2017 09:09 AM, William Roberts wrote:
>>
>> On Thu, Oct 19, 2017 at 3:12 PM, Nicolas Iooss <nicolas.io...@m4x.org>
>> wrote:
>>>
>>> On Thu, Oct 19, 2017 at 9:46
On Thu, Oct 19, 2017 at 3:12 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
> On Thu, Oct 19, 2017 at 9:46 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On Thu, 2017-10-19 at 14:27 -0400, Stephen Smalley wrote:
>>> On Thu, 2017-10-19 at 09:25 -0700, William Ro
On Fri, Oct 20, 2017 at 7:54 AM, Jeffrey Vander Stoep via Selinux
wrote:
> Please hold off on submission. We're discussing if this is really necessary.
Yeah I'd like to hear about what issues the current longest match
logic was causing
in the commit message.
>
> On Thu,
On Thu, Oct 19, 2017 at 9:25 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Thu, Oct 19, 2017 at 7:26 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On Tue, 2017-10-17 at 09:33 -0700, Daniel Cashman wrote:
>>> From: Dan Cashman <dcash...@goog
On Thu, Oct 19, 2017 at 7:26 AM, Stephen Smalley wrote:
> On Tue, 2017-10-17 at 09:33 -0700, Daniel Cashman wrote:
>> From: Dan Cashman
>>
>> The file_contexts labeling backend, specified in label_file.c,
>> currently assumes
>> that only one path will be
On Tue, Oct 17, 2017 at 12:50 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On Tue, 2017-10-17 at 11:49 -0700, William Roberts wrote:
>> On Sun, Oct 15, 2017 at 5:10 AM, Nicolas Iooss <nicolas.io...@m4x.org
>> > wrote:
>> > On Fri, Oct 13, 2017 at 1:50 A
On Sun, Oct 15, 2017 at 5:10 AM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
> On Fri, Oct 13, 2017 at 1:50 AM, William Roberts
> <bill.c.robe...@gmail.com> wrote:
>> On Thu, Oct 12, 2017 at 1:48 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On
I see a travis.yml file, recently modified by Nicolas, but I failed to
find the Travis CI instance on travis.org, where is it?
We should likely have it running on commits to the repo and PRs so we
can have some independent way of verifying that our run of the tests
was compromised by some env
Applied: https://github.com/SELinuxProject/selinux/pull/65
On Tue, Oct 3, 2017 at 7:21 AM, Stephen Smalley wrote:
> As discussed in https://github.com/SELinuxProject/selinux/issues/64,
> semodule_deps has apparently been broken for a very long time for
> binary modules and is
On Tue, Oct 3, 2017 at 7:21 AM, Stephen Smalley wrote:
> As discussed in https://github.com/SELinuxProject/selinux/issues/64,
> semodule_deps has apparently been broken for a very long time for
> binary modules and is completely irrelevant for CIL modules. If there
> are any
On Mon, Oct 2, 2017 at 2:54 PM, David Graziano
wrote:
> I'm trying to find a way of labeling specific files/directories in
> sysfs that do not exist at boot time. I'm running an embedded SELinux
> enabled system (4.1 series kernel) where at boot there is an
On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis <vmoj...@redhat.com> wrote:
>
>
> On 27.9.2017 19:04, William Roberts wrote:
>>
>> 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmoj...@redhat.com>:
>>>
>>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id
2017-09-27 1:16 GMT-07:00 Vit Mojzis :
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4
> libsemanage/src/direct_api.c| 6 ++
> libsemanage/src/fcontexts_policy.c
On Mon, Sep 18, 2017 at 3:59 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Mon, Sep 18, 2017 at 2:32 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
>>
>> On a system without any file context customizations, "sepolicy gui"
>> fails to load b
On Mon, Sep 18, 2017 at 2:32 PM, Nicolas Iooss wrote:
>
> On a system without any file context customizations, "sepolicy gui"
> fails to load because it tries to read a non-existent file:
>
> FileNotFoundError: [Errno 2] No such file or directory:
>
On Mon, Sep 11, 2017 at 11:04 AM, Daniel Cashman
wrote:
> From: Dan Cashman
>
> The file_contexts labeling backend, specified in label_file.c, currently
> assumes
> that only one path will be specified as an option to selabel_open(). The
> split
> of
icy on first
>> machine without renaming directory? Thank you.
>
> The check for non-ASCII characters was introduced by the following
> commit:
>
> commit 2981e0ba3a869d12ed6f376581277847421db2e7
> Author: William Roberts <william.c.robe...@intel.com>
> Date: Tue
On Wed, May 17, 2017 at 11:30 AM, Stephen Smalley wrote:
> On Thu, 2017-05-18 at 02:09 +0900, Sebastien Buisson wrote:
>> Add policybrief field to struct policydb. It holds a brief info
>> of the policydb, made of colon separated name and value pairs
>> that give information
On Wed, May 17, 2017 at 10:00 AM, Sebastien Buisson
<sbuisson@gmail.com> wrote:
> 2017-05-17 18:04 GMT+02:00 William Roberts <bill.c.robe...@gmail.com>:
>> I'm assuming in the Lustre code you're going to call security_policy_brief(),
>> how would the caller know h
1 - 100 of 233 matches
Mail list logo