On 07/16/2018 08:24 PM, Casey Schaufler wrote:
> [PATCH 20/22] Move common usercopy into security_getpeersec_stream
>
> The modules implementing hook for getpeersec_stream
> don't need to be duplicating the copy-to-user checks.
> Moving the user copy part into the infrastructure makes
> the
mls_context_to_sid incorrectly accepted MLS context strings that are
followed by a dash and trailing garbage.
Before this change, the following command works:
# mount -t tmpfs -o 'context=system_u:object_r:tmp_t:s0-s0:c0-BLAH' \
none mount
After this change, it fails with the following error
On 8/3/2018 2:10 AM, Piotr Sawicki wrote:
> On 07/16/2018 08:24 PM, Casey Schaufler wrote:
>> [PATCH 20/22] Move common usercopy into security_getpeersec_stream
>>
>> The modules implementing hook for getpeersec_stream
>> don't need to be duplicating the copy-to-user checks.
>> Moving the user
On Fri, Aug 3, 2018 at 5:36 AM Jann Horn wrote:
>
> mls_context_to_sid incorrectly accepted MLS context strings that are
> followed by a dash and trailing garbage.
>
> Before this change, the following command works:
>
> # mount -t tmpfs -o 'context=system_u:object_r:tmp_t:s0-s0:c0-BLAH' \
> none
On Wed, Aug 1, 2018 at 5:39 AM Nixiaoming wrote:
>
> advisory:
> 1 After creating dentry in d_alloc_name, should I call dput to release
> resources before the exception exit?
> 2 After calling the new_inode to create an inode, should the inode resource
> be released before the exception exit?
>