On Fri, Sep 16, 2016 at 7:41 AM, Stephen Smalley wrote:
> On 09/16/2016 09:08 AM, Janis Danisevskis wrote:
>> This patch reestablishes the default behavior of sefcontext_compile
>> to include precompiled regular expressions in the output. If linked
>> against PCRE2 the flag
On Fri, Sep 16, 2016 at 7:30 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/15/2016 07:13 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> patch 5e15a52aaa cleans up the process_file() but introduced
&g
On Sep 16, 2016 07:06, "Jason Zaman" <ja...@perfinion.com> wrote:
>
> On Fri, Sep 16, 2016 at 06:51:25AM -0700, William Roberts wrote:
> > On Fri, Sep 16, 2016 at 6:43 AM, William Roberts
> > <bill.c.robe...@gmail.com> wrote:
> > > On Fri, Sep 16,
On Fri, Sep 16, 2016 at 6:43 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Fri, Sep 16, 2016 at 6:31 AM, Jason Zaman <ja...@perfinion.com> wrote:
>> On Fri, Sep 16, 2016 at 06:15:01AM -0700, William Roberts wrote:
>>> On Fri, Sep 16, 2016 at 6
On Fri, Sep 16, 2016 at 6:31 AM, Jason Zaman <ja...@perfinion.com> wrote:
> On Fri, Sep 16, 2016 at 06:15:01AM -0700, William Roberts wrote:
>> On Fri, Sep 16, 2016 at 6:09 AM, Janis Danisevskis <jda...@google.com> wrote:
>> > I don't mind. Then before sefcontext_com
surgery so I haven't been
following this as well as I normally would have,
If its merged, just leave it.
>
> On Fri, Sep 16, 2016 at 1:35 PM William Roberts <bill.c.robe...@gmail.com>
> wrote:
>>
>>
>> >
>> >
>> > That's just th
>
>
> That's just the thing. Without -r the phone _will_ boot because the regexes
> are compiled on first use. With -r and an arch mismatch we have an undefined
> behavior, which is bad.
That's just a limitation of the current design.
>
> See, I don't currently know what part of the
On Thu, Sep 15, 2016 at 7:57 AM, Stephen Smalley wrote:
> On 09/15/2016 10:04 AM, Janis Danisevskis wrote:
>> From: Janis Danisevskis
>>
>> This patch moves all pcre1/2 dependencies into the new files regex.h
>> and regex.c implementing the common
On Thu, Sep 15, 2016 at 11:10 AM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> patch 5e15a52aaa cleans up the process_file() but introduced
> a bug. If the binary file cannot be opened, always attempt
> to fa
On Sep 7, 2016 11:29, "Jason Zaman" <ja...@perfinion.com> wrote:
>
> On Wed, Sep 07, 2016 at 09:40:43AM -0700, William Roberts wrote:
> > On Wed, Sep 7, 2016 at 8:02 AM, Stephen Smalley <s...@tycho.nsa.gov>
wrote:
> > > On 09/07/2016 04:08 AM,
On Wed, Sep 7, 2016 at 8:02 AM, Stephen Smalley wrote:
> On 09/07/2016 04:08 AM, Janis Danisevskis wrote:
>> From: Janis Danisevskis
>>
>> This patch moves all pcre1/2 dependencies into the new files regex.h
>> and regex.c implementing the common
On Tue, Sep 6, 2016 at 1:43 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
>
>>>>>
>>>>> Also, there are some memory leaks in there; run it under valgrind, e.g.
>>>>> valgrind --leak-check=full matchpathcon /etc
>>>>
>>
Also, there are some memory leaks in there; run it under valgrind, e.g.
valgrind --leak-check=full matchpathcon /etc
>>>
>>> OK I'll run that test.
>
> I cant reproduce:
bad send... Can you send your valgrind output? Are you sure its not there
prior to my patch? The only heap alloc
On Tue, Sep 6, 2016 at 1:22 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/06/2016 04:06 PM, William Roberts wrote:
>> On Sep 6, 2016 13:01, "Stephen Smalley" <s...@tycho.nsa.gov
>> <mailto:s...@tycho.nsa.gov>> wrote:
>>>
>
On Sep 6, 2016 13:01, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 09/06/2016 11:51 AM, william.c.robe...@intel.com wrote:
> > From: William Roberts <william.c.robe...@intel.com>
> >
> > The current process_file() code will open the file
&
On Sep 6, 2016 11:58, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 08/29/2016 12:22 PM, william.c.robe...@intel.com wrote:
> > From: William Roberts <william.c.robe...@intel.com>
> >
> > I noticed, via gprof, that the time spent in nodups_s
On Aug 18, 2016 17:07, "Paul Moore" <p...@paul-moore.com> wrote:
>
> On Mon, Aug 15, 2016 at 3:42 PM, <william.c.robe...@intel.com> wrote:
> > From: William Roberts <william.c.robe...@intel.com>
> >
> > Remove the SECURITY_SELINUX_PO
>> Currently, in file-systems like reiserFS that support scalable xattrs, only
>> VFS is the one limiting the size to 64k. Since their is no constant, and
>> maybe one day this arbitrary VFS limit
>> would be removed, I think we should check correctlly here that were
>> allocating > 1 bytes, and
On Tue, Aug 16, 2016 at 8:11 AM, William Roberts <bill.c.robe...@gmail.com>
wrote:
> On Aug 16, 2016 06:12, "James Carter" <jwca...@tycho.nsa.gov> wrote:
> >
> > On 08/15/2016 11:59 AM, william.c.robe...@intel.com wrote:
> >>
> >
On Thu, Aug 11, 2016 at 12:14 PM, James Carter <jwca...@tycho.nsa.gov>
wrote:
> On 08/10/2016 06:36 PM, william.c.robe...@intel.com wrote:
>
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> Throughout libsepol, values taken from sepolicy are
>
> I would recommend just initializing the variables to NULL and keeping
> the "goto exit"'s. That would maintain the single return point, allows
> for extra cleanup code to be run in the future if necessary, and is
> consistent with the rest of the module_to_cil code.
>
FYI these functions
On Thu, Jul 14, 2016 at 4:18 PM, William Roberts <bill.c.robe...@gmail.com>
wrote:
>
>
> On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <p...@paul-moore.com> wrote:
>
>> On Thu, Jul 14, 2016 at 3:29 PM, <william.c.robe...@intel.com> wrote:
>> > From:
On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Thu, Jul 14, 2016 at 3:29 PM, <william.c.robe...@intel.com> wrote:
> > From: William Roberts <william.c.robe...@intel.com>
> >
> > ioctlcmd is currently printing hex numbers, but
You could set enforcing mode to on via set enforce, which enables it
globally, and then set various domains in permissive to get a mixed blend
of enforcing and non-enforcing.
On Jun 19, 2016 16:21, "Taeho Kgil" wrote:
> Hi SELinux community,
>
> I'm relatively new to this
On May 6, 2016 11:58 AM, "James Carter" wrote:
>
> The removal of attributes that are only used in neverallow rules is
> hindering AOSP adoption of the CIL compiler. This is because AOSP
> extracts neverallow rules from its policy.conf for use in the Android
> compatibility
LGTM, but have no way to test it. I have no apples.
On Tue, May 3, 2016 at 9:13 AM, Nick Kralevich wrote:
> On Tue, May 3, 2016 at 8:58 AM, Stephen Smalley wrote:
> > As per discussion in https://android-review.googlesource.com/#/c/221980,
> > we should be
On Sat, Apr 2, 2016 at 8:31 AM, Paul Moore wrote:
> On Fri, Apr 1, 2016 at 6:40 PM, Jeff Vander Stoep
> wrote:
> > Utilize existing kernel_read_file hook on kernel module load.
> > Add module_load permission to the system class.
> >
> > Enforces
>
>
>
> I came accross this in build/tools/fs_config/fs_config.c:
>
>
> char* secontext;
> if (selabel_lookup(sehnd, , full_name, ( mode | (is_dir ?
> S_IFDIR : S_IFREG {
> secontext = strdup("u:object_r:unlabeled:s0");
> }
>
> printf(" selabel=%s",
>
>
>> SIDs, with the values in ->sid[0] and the context structures in
>> ->context[0]. Richard's sample program showed you how to walk it and
>> print out all the entries. The symbolic names themselves aren't in the
>> policydb, as he noted; you can grab it from the kernel source
>>
On Mon, Dec 14, 2015 at 2:11 PM, Stephen Smalley wrote:
> On 12/14/2015 04:29 PM, Roberts, William C wrote:
>
>>
>>
>>> Subject: Re: Exposing secid to secctx mapping to user-space
>>>
>>> On 12/13/2015 2:06 PM, Paul Moore wrote:
>>>
On Friday, December 11, 2015 05:14:38
On Oct 20, 2015 7:46 AM, "Stephen Smalley" wrote:
>
> On 10/20/2015 08:27 AM, Richard Haines wrote:
>>
>>
>>
>>
>>
>>> On Monday, 19 October 2015, 19:10, Stephen Smalley
wrote:
On 10/18/2015 11:00 AM, Richard Haines wrote:
> On
FYI you can take just 1 C and H file from crypt lib. You don't need it all.
On Oct 20, 2015 8:42 AM, "Richard Haines" <richard_c_hai...@btinternet.com>
wrote:
>
> On Tuesday, 20 October 2015, 15:00, William Roberts <
> bill.c.robe...@gmail.com> wrote:
>
>
On Sep 29, 2015 12:12 PM, "Joshua Brindle" <brin...@quarksecurity.com>
wrote:
>
> William Roberts wrote:
>>
>> Out of curiosity, whats the purpose of the types field in the struct
>> type_datum? This seems to never have anything in it.
>>
>
&
201 - 233 of 233 matches
Mail list logo