Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > If seclen is 0 it implies that there is no security context and that > the secctx is NULL. How that is handled in the release function is up > to the LSM. SELinux allocates secctx data, while Smack points to an > entry in a persistent table. > > > seclen needs to be > 0 or no secinfo is passed to userland, > > yet the secctx release function is called anyway. > > That is correct. The security module is responsible for handling > the release of secctx correctly. > > > Should seclen be initialised to -1? Or we need the change below too? > > No. The security modules handle secctx their own way. Well, as-is security_release_secctx() can be called with garbage ctx; seclen is inited to 0, but ctx is not initialized unconditionally.
