Re: [PATCH] policycoreutils/semodule: Allow enabling/disabling multiple modules at once

Please ignore the last two attempts at this patch. Sorry for the noise.

[PATCH] policycoreutils/semodule: Allow enabling/disabling multiple modules at once

From: Vit Mojzis Unify behaviour for all module actions. The same behaviour is already present for -i/-u/-r/-e switches. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1545218 Signed-off-by: Vit Mojzis ---

[PATCH] libsemanage/direct_api.c: Fix iterating over array

Fix sizeof calculation in array iteration introduced by commit 6bb8282c4cf66e93daa9684dbe9c75bb6b1e09a7 "libsemanage: replace access() checks to make setuid programs work" Signed-off-by: Vit Mojzis --- libsemanage/src/direct_api.c | 3 ++- 1 file changed, 2 insertions(+), 1

[PATCH 1/1] Delete identical genfscon-s

From: Pierre-Hugues Husson secilc has a multiple_decls option to allow for multiple type declarations. The next step is to allow multiple samples of the same rules. This commit does this on genfscon One usecase is Android/Project Treble: With Project Treble, vendor might

[PATCH 0/1] Support multiple identical genfscon

secilc has a multiple_decls option to allow for multiple type declarations. The next step is to allow multiple samples of the same rules. This commit does this on genfscon One usecase is Android/Project Treble: With Project Treble, vendor might include rules included in later in framework. In

Re: [PATCH] selinux: Add support for the SCTP portcon keyword

On 03/15/2018 01:09 PM, jwcart2 wrote: On 03/11/2018 12:22 PM, Richard Haines via Selinux wrote: Update libsepol, checkpolicy and the CIL compiler to support the SCTP portcon keyword. Signed-off-by: Richard Haines Acked-by: James Carter

[PATCH] selinux: Update SELinux SCTP documentation

Update SELinux-sctp.rst "SCTP Peer Labeling" section to reflect how the association permission is validated. Reported-by: Dominick Grift Signed-off-by: Richard Haines --- Documentation/security/SELinux-sctp.rst | 11 ++- 1 file

Re: [PATCH] libsemanage/direct_api.c: Fix iterating over array

On Mon, Mar 19, 2018 at 8:19 AM, William Roberts wrote: > On Mon, Mar 19, 2018 at 7:46 AM, Vit Mojzis wrote: >> Fix sizeof calculation in array iteration introduced by commit >> 6bb8282c4cf66e93daa9684dbe9c75bb6b1e09a7 >> "libsemanage: replace

Re: Re: [PATCH] libsepol: Prevent freeing unitialized value in ibendport handling

On 03/08/2018 04:34 PM, Nicolas Iooss wrote: On Wed, Mar 7, 2018 at 4:05 PM, James Carter wrote: Nicolas Iooss reports: In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is called to

Alias path subbing results in unexpected policy labelling

*Empirical Observations * If I was to create an SELinux policy containing the following file_contexts (fruits.fc) ``` /apple/orange/.* -- gen_context(system_u:object_r:atype_t,s0) /banana/.* -- gen_context(system_u:object_r:btype_t,s0) ``` If I then