SELinux - Date Index

• Thread Index

• Re: [PATCH] selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] selinux: add checksum to policydb
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] selinux: add checksum to policydb
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 2/3] selinux: add checksum to policydb
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libselinux: Add permissive= entry to avc audit log
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 2/3] selinux: add checksum to policydb
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Colin Walters <walters@xxxxxxxxxx>
• Re: [PATCH security-next 2/2] selinux: use pernet operations for hook registration
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Colin Walters <walters@xxxxxxxxxx>
• Re: is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• is_selinux_enabled() always returns 0 after selinux_set_policy_root()
  • From: Colin Walters <walters@xxxxxxxxxx>
• Re: [PATCH 2/3] selinux: add checksum to policydb
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH v3] libsemanage: remove lock files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH v3] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
• Re: [PATCH 1/3] selinux: Implement LSM notification system
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• [PATCH 2/3] selinux: add checksum to policydb
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• [PATCH 1/3] selinux: Implement LSM notification system
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• [PATCH] libselinux: Add permissive= entry to avc audit log
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH v3] libsemanage: remove lock files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH v3] libsemanage: remove lock files
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• Re: [PATCH v2] libsemanage: remove lock files
  • From: Russell Coker via Selinux <selinux@xxxxxxxxxxxxx>
• Re: [PATCH] security: hooks : Prevent security to persist in memory (PR #31)
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH v3] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• [PATCH v2] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: Docker daemon in enforcing state
  • From: Daniel Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH 7/7] policycoreutils: make audit and pam support configurable
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Docker daemon in enforcing state
  • From: Umair Sarfraz <aquadestructor@xxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• [PATCH 7/7] policycoreutils: make audit and pam support configurable
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 6/7] Add includes for DESTDIR only in root Makefile
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 5/7] restorecond: get pcre cflags/libs from pkg-config
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 4/7] Makefiles: drop -L/-I to system paths
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 3/7] libselinux: PCRE_LDFLAGS is actually LDLIBS
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 2/7] libselinux: get pcre CFLAGS/LDFLAGS from pkg-config
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 1/7] policycoreutils: honour LINGUAS variable
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: [RFC PATCH 0/1] libselinux: Add support for selinux_check_access_flags
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: last call for selinux 2.7-rc1 release
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [RFC PATCH 0/1] libselinux: Add support for selinux_check_access_flags
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 0/1] libselinux: Add support for selinux_check_access_flags
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [RFC PATCH 1/1] libselinux: Add support for selinux_check_access_flags
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• [RFC PATCH 0/1] libselinux: Add support for selinux_check_access_flags
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• [PATCH] security: hooks : Prevent security to persist in memory (PR #31)
  • From: Pirabarlen-Cheenaramen <selven@xxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• Re: last call for selinux 2.7-rc1 release
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• last call for selinux 2.7-rc1 release
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Updating offline the commit_num file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• SELinux BoF at Open Source Summit Japan
  • From: 中村雄一 / NAKAMURA，YUUICHI <yuichi.nakamura.fe@xxxxxxxxxxx>
• Updating offline the commit_num file
  • From: Eduardo Barretto <ebarreto@xxxxxxxxxxxxxxxxxx>
• [PATCH v2] selinux-testsuite: Add CAP_MAC_ADMIN tests
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: remove lock files
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux-testsuite: Add CAP_MAC_ADMIN tests
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] libsemanage: remove lock files
  • From: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
• Re: SELinux "filtering" capabilities?
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: SELinux "filtering" capabilities?
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• SELinux "filtering" capabilities?
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [GIT PULL] SELinux patches for 4.12
  • From: James Morris <jmorris@xxxxxxxxx>
• [GIT PULL] SELinux patches for 4.12
  • From: Paul Moore via Selinux <selinux@xxxxxxxxxxxxx>
• Re: Cannot write policy to allow { relabelto }
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Cannot write policy to allow { relabelto }
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: Cannot write policy to allow { relabelto }
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: Cannot write policy to allow { relabelto }
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: Cannot write policy to allow { relabelto }
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Cannot write policy to allow { relabelto }
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Daniel Walsh <dwalsh@xxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Daniel Walsh <dwalsh@xxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Daniel Walsh <dwalsh@xxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Daniel Walsh <dwalsh@xxxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• let's revert e3cab998b48ab293a9962faf9779d70ca339c65d
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 2/2] sestatus: show checkreqprot status
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH 0/2] show checkreqprot status in sestatus
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 2/2] sestatus: show checkreqprot status
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 0/2] show checkreqprot status in sestatus
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] libselinux: add O_CLOEXEC
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 6/6] policycoreutils: newrole: always initialize pw fields
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/2 v2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 2/2 v2] secilc: Add options to control the expansion of attributes
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/2 v2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/2 v2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/6] libsemanage: make semanage_..._destroy return void
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] libsepol: correct spelling errors in module_to_cil.c comments
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 2/2] sestatus: show checkreqprot status
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 1/2] libselinux: add security_checkreqprot
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 2/2] secilc: Add options to control the expansion of attributes
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_status_get_seq() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_status_get_seq() function
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] selinux: add selinux_is_enforced() function
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• [PATCH] selinux: add selinux_is_enforced() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• [PATCH] selinux: add selinux_status_get_seq() function
  • From: Sebastien Buisson <sbuisson.ddn@xxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• [PATCH 6/6] policycoreutils: newrole: always initialize pw fields
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/6] policycoreutils: newrole: do not free pw strings twice
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/6] libselinux: avoid calling strcmp() on a NULL pointer
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/6] libselinux: getsebool: always free names
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/6] libsemanage: make semanage_..._destroy return void
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/6] libsepol: cil: check cil_fill_list return value
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH 2/2] secilc: Add options to control the expansion of attributes
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH 6/6] libsepol: do not wrap integers when checking bound
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 3/6] libselinux: make process_boolean() fail on invalid lines
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 2/6] libsemanage: drop checks on semanage_module_info_destroy() value
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH v2] libsemanage: Save linked policy, skip re-link when possible
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 2/2] secilc: Add options to control the expansion of attributes
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/2] libsepol/cil: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/2] libsepol and checkpolicy: Add ability to expand some attributes in binary policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] libsemanage: Save linked policy, skip re-link when possible
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: refpolicy flask generator script
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• refpolicy flask generator script
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• [PATCH 3/3] libsepol: correct spelling errors in module_to_cil.c comments
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/3] libsepol: do not leak memory when an error occurs
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/3] libsepol: do not free attr_name twice
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/2] libsemanage: revert "Skip policy module re-link when only setting booleans."
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 1/2] libsepol: do not seg fault on sepol_*_key_free(NULL)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH 6/6] libsepol: do not wrap integers when checking bound
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/6] libselinux: do not dereference a NULL pointer when calloc() fails
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/6] libselinux: make process_boolean() fail on invalid lines
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/6] libsemanage: drop checks on semanage_module_info_destroy() value
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH 4/6] libselinux: ensure that 4 columns are read from /proc/mounts
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/6] libsepol: refuse to load policies with no block
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: MLS directory label inheritance rules
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Dennis Sherrell <sherrellconsulting@xxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• RE: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• RE: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: <thomasclinganjones@xxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: Tom Jones <thomasclinganjones@xxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: Tom Jones <thomasclinganjones@xxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: MLS directory label inheritance rules
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• MLS directory label inheritance rules
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• RE: add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
• add CONFIG_SECURITY_SELINUX_LOAD_ONCE
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check
  • From: Luis Ressel <aranea@xxxxxxxx>
• Setting booleans causes duplicate ports in semanage listings
  • From: Carlos Rodrigues <cefrodrigues@xxxxxxxxx>
• Re: [PATCH 0/3 v3] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH v2] libsepol: In module_to_cil create one attribute for each unique set
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: [PATCH v2] libsepol: In module_to_cil create one attribute for each unique set
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH v2] libsepol: In module_to_cil create one attribute for each unique set
  • From: Nick Kralevich <nnk@xxxxxxxxxx>
• Re: newrole: pam_systemd fails after dbus message rejection
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: security_bounded_transition
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: security_bounded_transition
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• newrole: pam_systemd fails after dbus message rejection
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• security_bounded_transition
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Confining a Java process reading file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Confining a Java process reading file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Confining a Java process reading file
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Confining a Java process reading file
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 3/3] selinux: Use an other error code for an input validation failure in sidtab_insert()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH 2/3] selinux: Return an error code only as a constant in sidtab_insert()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH 1/3] selinux: Return directly after a failed memory allocation in policydb_index()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH 0/3] SELinux: Fine-tuning for two function implementations
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix an uninitialized variable bug
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] selinux: Fix an uninitialized variable bug
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: Running Java and JVM on SELinux
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Running Java and JVM on SELinux
  • From: Rahmadi Trimananda <rtrimana@xxxxxxx>
• Re: ssh/cron access checks and my Play Machine
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix an uninitialized variable bug
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: selinux: Fix an uninitialized variable bug in range_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: selinux: Fix an uninitialized variable bug in range_read()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• Re: ssh/cron access checks and my Play Machine
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: ssh/cron access checks and my Play Machine
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• ssh/cron access checks and my Play Machine
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix an uninitialized variable bug
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix an uninitialized variable bug
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: Fix an uninitialized variable bug
  • From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: userspace object manager confused
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: userspace object manager confused
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• userspace object manager confused
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: label for /proc directory (before mounting)
  • From: Colin Walters <walters@xxxxxxxxxx>
• Re: label for /proc directory (before mounting)
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Re: label for /proc directory (before mounting)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: Tomeu Vizoso <tomeu.vizoso@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
• Re: label for /proc directory (before mounting)
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• label for /proc directory (before mounting)
  • From: Colin Walters <walters@xxxxxxxxxx>
• [PATCH v2] libsepol: In module_to_cil create one attribute for each unique set
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/7] libsepol: do not dereference a NULL pointer when stack_init() fails
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 46/46] selinuxfs: Use seq_puts() in sel_avc_stats_seq_show()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 44/46] selinux: Adjust two checks for null pointers
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 42/46] selinux: One function call less in roles_init() after error detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 43/46] selinux: Use kmalloc_array() in sidtab_init()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 35/46] selinux: Return directly after a failed kzalloc() in perm_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 41/46] selinux: Move two assignments for the variable "rc" in roles_init()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 40/46] selinux: Return directly after a failed kzalloc() in roles_init()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 39/46] selinux: Move two assignments for the variable "rc" in ocontext_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 38/46] selinux: One function call less in five functions after null pointer detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 36/46] selinux: Move an assignment for the variable "rc" in mls_read_range_helper()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 37/46] selinux: Move an assignment for the variable "rc" in policydb_load_isids()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 34/46] selinux: Return directly after a failed kzalloc() in common_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 33/46] selinux: Move an assignment for the variable "rc" in class_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
  • From: Tomeu Vizoso <tomeu.vizoso@xxxxxxxxxxxxx>
• Re: [PATCH 30/46] selinux: Return directly after a failed kzalloc() in role_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 32/46] selinux: Return directly after a failed kzalloc() in class_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 29/46] selinux: Return directly after a failed kzalloc() in type_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 28/46] selinux: Return directly after a failed kzalloc() in user_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 27/46] selinux: Move an assignment for the variable "rc" in sens_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 26/46] selinux: Improve another size determination in sens_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 25/46] selinux: Return directly after a failed kzalloc() in sens_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 24/46] selinux: Return directly after a failed kzalloc() in cat_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] libsepol: In module_to_cil create one attribute for each unique set
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 7/7] libsemanage: genhomedircon: fix possible double-free
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 6/7] libsemanage: do not dereference a NULL pointer when calloc() fails
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/7] libsemanage: do not close uninitialized file descriptors
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/7] libsepol: fix use-after-free in sepol_user_clone()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/7] libsepol: constify sepol_genbools()'s boolpath parameter
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/7] libsepol: make process_boolean() fail on invalid lines
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/7] libsepol: do not dereference a NULL pointer when stack_init() fails
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH] libsepol: In module_to_cil create one attribute for each unique set
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH 1/3] policycoreutils/setfiles: stdout messages don't need program prefix
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/2] policycoreutils: fixfiles should handle path arguments more robustly
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] libsepol/cil: do not dereference a NULL pointer when calloc() fails
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] mcstrans: fix typo in mcstransd.8 man page
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] libsepol/cil: Add hexadecimal support for Xen ioportcon statements
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] libsepol: In module_to_cil create one attribute for each unique set
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: Use task_alloc hook rather than task_create hook
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: selinux: Delete an error message for a failed memory allocation in policydb_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: selinux: Delete unnecessary variable assignments in policydb_index()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: SELinux: Fine-tuning for several function implementations
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: selinux: Delete unnecessary variable assignments in policydb_index()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• Re: selinux: Delete an error message for a failed memory allocation in policydb_read()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• Re: SELinux: Fine-tuning for several function implementations
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• Re: selinux: Delete an error message for a failed memory allocation in policydb_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: selinux: Move some assignments for the variable "rc" in policydb_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• FOSSASIA 2017 SELinux intro talk
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• [PATCH 2/3] policycoreutils/setfiles: don't scramble stdout and stderr together
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• [PATCH 1/3] policycoreutils/setfiles: stdout messages don't need program prefix
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• [PATCH 3/3] policycoreutils: fixfiles: remove useless use of cat
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• [PATCH 2/2] policycoreutils: fixfiles: handle unexpected spaces in command
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• [PATCH 1/2] policycoreutils: fixfiles should handle path arguments more robustly
  • From: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
• Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH 1/1] libsepol/cil: do not dereference a NULL pointer when calloc() fails
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] mcstrans: fix typo in mcstransd.8 man page
  • From: Nikola Forró <nforro@xxxxxxxxxx>
• Re: selinux: Delete an error message for a failed memory allocation in policydb_read()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH] selinux: fix double free in selinux_parse_opts_str()
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: selinux: Move some assignments for the variable "rc" in policydb_read()
  • From: SF Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
• [ANNOUNCE] Linux Security Summit 2017 - CFP
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH 00/46] SELinux: Fine-tuning for several function implementations
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 23/46] selinux: Move an assignment for a pointer in range_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 22/46] selinux: Delete an unnecessary variable initialisation in range_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 21/46] selinux: Two function calls less in range_read() after error detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 20/46] selinux: Move four assignments for the variable "rc" in range_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 19/46] selinux: Return directly after a failed next_entry() in range_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 18/46] selinux: One function call less in filename_trans_read() after error detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 17/46] selinux: Delete an unnecessary variable assignment in filename_trans_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 16/46] selinux: Move two assignments for the variable "rc" in filename_trans_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 15/46] selinux: One check and function call less in genfs_read() after error detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 14/46] selinux: One function call less in genfs_read() after null pointer detection
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 13/46] selinux: Move four assignments for the variable "rc" in genfs_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 12/46] selinux: Move assignments for two pointers in genfs_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 11/46] selinux: Return directly after a failed next_entry() in genfs_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 10/46] selinux: Move some assignments for the variable "rc" in policydb_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 09/46] selinux: Delete an error message for a failed memory allocation in policydb_read()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 08/46] selinux: Delete an unnecessary return statement in policydb_destroy()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 07/46] selinux: Delete unnecessary variable assignments in policydb_index()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 06/46] selinux: Use kcalloc() in policydb_index()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 05/46] selinux: Adjust four checks for null pointers
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode
  • From: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
• Re: [PATCH 04/46] selinux: Use kmalloc_array() in hashtab_create()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 03/46] selinux: Improve size determinations in four functions
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 02/46] selinux: Delete an unnecessary return statement in cond_compute_av()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH 01/46] selinux: Use kmalloc_array() in cond_init_bool_indexes()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Grant Grundler <grundler@xxxxxxxxxxxx>
• [PATCH 1/3 v3] libsepol: Add ability to convert binary policy to CIL
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 2/3 v3] libsepol: Add ability to convert binary policy to policy.conf file
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 3/3 v3] checkpolicy: Add options to convert binary policy to CIL or a policy.conf
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/3 v3] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: security: double-free in superblock_doinit
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• security: double-free in superblock_doinit
  • From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
• Re: [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Grant Grundler <grundler@xxxxxxxxxxxx>
• Re: [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Grant Grundler <grundler@xxxxxxxxxxxx>
• [PATCH] libsepol/cil: Add hexadecimal support for Xen ioportcon statements
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: net_admin audit for setsockopt SO_SNDBUFFORCE
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: [PATCH 0/3 v2] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: net_admin audit for setsockopt SO_SNDBUFFORCE
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: Bug#857660: SELinux: cannot sent policyload notice
  • From: Simon McVittie <smcv@xxxxxxxxxx>
• Re: net_admin audit for setsockopt SO_SNDBUFFORCE
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH 0/3 v2] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: Bug#857660: SELinux: cannot sent policyload notice
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/3] libsepol: Allow hexadecimal numbers in Xen context rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] checkpolicy: Fix minor memory leak in checkpolicy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] checkpolicy: dereference rangehead after checking it was not NULL
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] libsepol/cil: avoid freeing uninitialized values
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] libsepol/cil: make reporting conflicting type transitions work
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Bug#857660: SELinux: cannot sent policyload notice
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: net_admin audit for setsockopt SO_SNDBUFFORCE
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• net_admin audit for setsockopt SO_SNDBUFFORCE
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support
  • From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
• [PATCH 2/3 v2] libsepol: Add ability to convert binary policy to policy.conf file
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/3 v2] libsepol: Add ability to convert binary policy to CIL
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 3/3 v2] checkpolicy: Add options to convert binary policy to CIL or a policy.conf
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/3 v2] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 3/3] libsepol/cil: Use hexadecimal numbers when writing Xen rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 2/3] libsepol: Update module_to_cil to output hexadecimal for Xen rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/3] libsepol/cil: Allow hexadecimal numbers in Xen context rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/3] libsepol: Allow hexadecimal numbers in Xen context rules
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] checkpolicy: Fix minor memory leak in checkpolicy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/1] checkpolicy: dereference rangehead after checking it was not NULL
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/1] libsepol/cil: avoid freeing uninitialized values
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/1] libsepol/cil: make reporting conflicting type transitions work
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: newrole as su'ed root
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: newrole as su'ed root
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()
  • From: Matthias Kaehlcke <mka@xxxxxxxxxxxx>
• newrole as su'ed root
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: portcon in policy modules
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: portcon in policy modules
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• portcon in policy modules
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• [PATCH] python/semanage: fix export of fcontext socket entries
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: tomcat_t domain behavior
  • From: 面和毅 <ka-omo@xxxxxxxx>
• Re: tomcat_t domain behavior
  • From: 面和毅 <ka-omo@xxxxxxxx>
• Re: tomcat_t domain behavior
  • From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
• Re: tomcat_t domain behavior
  • From: Gary Tierney <gary.tierney@xxxxxxx>
• tomcat_t domain behavior
  • From: 面和毅 <ka-omo@xxxxxxxx>
• Re: Bug#857660: SELinux: cannot sent policyload notice
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH 0/3] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] checkpolicy: Add options to convert binary policy to CIL or a policy.conf
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
• Re: [PATCH 1/3] libsepol: Add ability to convert binary policy to CIL
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH 0/3] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: John Johansen <john.johansen@xxxxxxxxxxxxx>
• Re: [PATCH 3/3] checkpolicy: Add options to convert binary policy to CIL or a policy.conf
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] Python 3.6 invalid escape sequence deprecation fixes
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] python/sepolicy: fix obtaining domain name in HTMLManPages
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] selinux: include sys/socket.h in host programs to have PF_MAX
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH 1/3] libsepol: Add ability to convert binary policy to CIL
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 2/3] libsepol: Add ability to convert binary policy to policy.conf file
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 3/3] checkpolicy: Add options to convert binary policy to CIL or a policy.conf
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/3] libsepol and checkpolicy: Output CIL or policy.conf from kernel policy
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
• Re: isolate selinux_enforcing
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: isolate selinux_enforcing
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] Python 3.6 invalid escape sequence deprecation fixes
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: Custom Process Label (SElinux)
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• Re: Custom Process Label (SElinux)
  • From: Kashif ali <kashif.ali.9498@xxxxxxxxx>
• [PATCH] Python 3.6 invalid escape sequence deprecation fixes
  • From: Ville Skyttä <ville.skytta@xxxxxx>
• isolate selinux_enforcing
  • From: yangshukui <yangshukui@xxxxxxxxxx>
• Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()
  • From: David Miller <davem@xxxxxxxxxxxxx>
• Re: Custom Process Label (SElinux)
  • From: Kashif ali <kashif.ali.9498@xxxxxxxxx>
• Re: Custom Process Label (SElinux)
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: Custom Process Label (SElinux)
  • From: Thomas <thomas@xxxxxxxxxxxxxx>
• Custom Process Label (SElinux)
  • From: Kashif ali <kashif.ali.9498@xxxxxxxxx>
• Re: [PATCH 1/6] restorecond: add noreturn attribute to exitApp()
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()
  • From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
• [PATCH v2] selinux: check for address length in selinux_socket_bind()
  • From: Alexander Potapenko <glider@xxxxxxxxxx>
• Fwd: Kernel repository updated to v4.11-rc1
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH 6/6] policycoreutils: add noreturn attribute to usage()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/6] semodule-utils: add noreturn attribute to usage()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/6] mcstrans: add noreturn attribute to usage()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/6] secilc: add noreturn attribute to usage()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/6] checkpolicy: add noreturn attribute to usage()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/6] restorecond: add noreturn attribute to exitApp()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/1] selinux: include sys/socket.h in host programs to have PF_MAX
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Simon Sekidde <ssekidde@xxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: [PATCH] selinux: check for address length in selinux_socket_bind()
  • From: Eric Dumazet <edumazet@xxxxxxxxxx>
• Re: [PATCH] selinux: check for address length in selinux_socket_bind()
  • From: Alexander Potapenko <glider@xxxxxxxxxx>
• [PATCH] selinux: check for address length in selinux_socket_bind()
  • From: Alexander Potapenko <glider@xxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Simon Sekidde <ssekidde@xxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Simon Sekidde <ssekidde@xxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• [PATCH] python/sepolicy: fix obtaining domain name in HTMLManPages
  • From: Vit Mojzis <vmojzis@xxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: seapply - alternative to semanage for configuration management
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux-testsuite: capable_file: Add dac_override and dac_read_search tests
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Simon Sekidde <ssekidde@xxxxxxxxxx>
• Re: [systemd-devel] SELinux type transition rule not working
  • From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
• Re: selinux transition rules
  • From: "RM-IT R.Mielnik" <r.mielnik@xxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Jason Zaman <jason@xxxxxxxxxxxxx>
• seapply - alternative to semanage for configuration management
  • From: Doug Brown <dgbrown@xxxxxxxxxx>
• Re: Securing a service written in Python
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Securing a service written in Python
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: SELinux type transition rule not working
  • From: cgzones <cgzones@xxxxxxxxxxxxxx>
• SELinux type transition rule not working
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• [GIT PULL] SELinux fixes for 4.11 (#1)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH 1/6] semodule_package: do not leak memory when using -u or -s
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix kernel BUG on prlimit(..., NULL, NULL)
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] selinux: fix kernel BUG on prlimit(..., NULL, NULL)
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] selinux: wrap cgroup seclabel support with its own policy capability
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix kernel BUG on prlimit(..., NULL, NULL)
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC PATCH 4/4] selinux: constify nlmsg permission tables
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] libsepol: Define cgroup_seclabel policy capability
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux: wrap cgroup seclabel support with its own policy capability
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• selinux transition rules
  • From: "RM-IT R.Mielnik" <r.mielnik@xxxxxxxx>
• [PATCH] selinux: fix kernel BUG on prlimit(..., NULL, NULL)
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 3/6] libsemanage: never call memcpy with a NULL value
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• Re: [PATCH 3/6] libsemanage: never call memcpy with a NULL value
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• [PATCH 6/6] libselinux: initialize temp value in SWIG wrapper to prevent freeing garbage
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/6] mcstrans: do not dereference color_str if it is NULL
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/6] libsemanage/tests: include libsepol headers from $DESTDIR
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/6] libsemanage: never call memcpy with a NULL value
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/6] libsepol/cil: do not dereference args before checking it was not null
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/6] semodule_package: do not leak memory when using -u or -s
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• strange audit2allow error
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• Re: Support for multiple types in typeattribute
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: Support for multiple types in typeattribute
  • From: Dominick Grift <dac.override@xxxxxxxxx>
• Support for multiple types in typeattribute
  • From: Alex Klyubin <klyubin@xxxxxxxxxx>
• [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• [RFC v2 PATCH 1/2] kernel: Add LSM hooks for SCTP support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• [RFC v2 PATCH 0/2] kernel: Add SELinux SCTP protocol support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Petr Lautrbach <plautrba@xxxxxxxxxx>
• Re: [PATCH] libselinux: allow link with -lfts
  • From: William Roberts <bill.c.roberts@xxxxxxxxx>
• [PATCH] libselinux: allow link with -lfts
  • From: Natanael Copa <ncopa@xxxxxxxxxxxxxxx>
• Re: [PATCH] sepolgen: strip non-printable characters when parsing audit messages
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] libselinux, libsemanage: make PYPREFIX computation more robust
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 2/5] libsepol/cil: destroy bitmap when __cil_permx_str_to_int() fails
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] sepolgen: strip non-printable characters when parsing audit messages
  • From: Vit Mojzis <vmojzis@xxxxxxxxxx>
• Re: [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops
  • From: Hoeun Ryu <hoeun.ryu@xxxxxxxxx>
• [PATCH 1/1] libselinux, libsemanage: make PYPREFIX computation more robust
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/5] libsepol/cil: destroy bitmap when __cil_permx_str_to_int() fails
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/5] libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/5] libsepol/cil: free bitmaps in cil_level_equals()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/5] libsepol/cil: free the first operand if the second one is invalid
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/5] libsepol/cil: do not leak left-hand side of an invalid constraint
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH] prlimit,security,selinux: add a security hook for prlimit
  • From: James Morris <jmorris@xxxxxxxxx>
• [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH] prlimit, security, selinux: add a security hook for prlimit
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] security: mark LSM hooks as __ro_after_init
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [PATCH] libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 2/2] security: mark LSM hooks as __ro_after_init
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• [PATCH] timerfd: only check CAP_WAKE_ALARM when it is needed
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH v2] prlimit,security,selinux: add a security hook for prlimit
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] prlimit,security,selinux: add a security hook for prlimit
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Daniel Micay <danielmicay@xxxxxxxxx>
• Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• [PATCH 1/2] selinux-testsuite: exclude netlink_socket tests from RHEL7
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 2/2] selinux-testsuite: fix nnp test for RHEL7
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 0/2] selinux-testsuite: fixes for RHEL7.3
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] prlimit,security,selinux: add a security hook for prlimit
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• Re: [RFC] prlimit,security,selinux: add a security hook for prlimit
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [kernel-hardening] [RFC v2 PATCH 0/2] security: mark LSM hooks with __ro_after_init
  • From: Kees Cook <keescook@xxxxxxxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
• [RFC v2 PATCH 2/2] security: mark LSM hooks as __ro_after_init
  • From: James Morris <jmorris@xxxxxxxxx>
• [RFC v2 PATCH 2/2] security: mark LSM hooks as __ro_after_init
  • From: James Morris <jmorris@xxxxxxxxx>
• [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
  • From: James Morris <jmorris@xxxxxxxxx>
• [RFC v2 PATCH 0/2] security: mark LSM hooks with __ro_after_init
  • From: James Morris <jmorris@xxxxxxxxx>
• [PATCH] libsemanage: Perform access check using euid instead of uid
  • From: Vit Mojzis <vmojzis@xxxxxxxxxx>
• Re: possible regression in "semanage user"
  • From: Miroslav Vadkerti <mvadkert@xxxxxxxxxx>
• Re: [RFC PATCH 4/4] selinux: constify nlmsg permission tables
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] selinux-testsuite: Add tests for prlimit(2) permission checks
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [RFC] prlimit,security,selinux: add a security hook for prlimit
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [GIT PULL] SELinux patches for 4.11
  • From: James Morris <jmorris@xxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [GIT PULL] SELinux patches for 4.11
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [PATCH] selinux-testsuite: allow netlink test domains to load kernel modules
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [PATCH] security: selinux: allow per-file labeling for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [PATCH] libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] libsepol/cil: fix type confusion in cil_copy_ast
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 1/1] Introduce Travis-CI tests
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix off-by-one in setprocattr
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix off-by-one in setprocattr
  • From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
• Re: [PATCH v2] security: selinux: allow changing labels for cgroupfs
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• [GIT PULL] SELinux fixes for 4.10 (#2)
  • From: Paul Moore <pmoore@xxxxxxxxxx>
• Re: [PATCH] selinux: fix off-by-one in setprocattr
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• Re: [PATCH] selinux: fix off-by-one in setprocattr
  • From: Paul Moore <paul@xxxxxxxxxxxxxx>
• SELinux help
  • From: Anpu Ann mathews <anpu.amathews@xxxxxxxxx>
• Re: strange avc
  • From: Russell Coker <russell@xxxxxxxxxxxx>
• [PATCH] selinux-testsuite: add tests for new netlink socket classes
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH] selinux-testsuite: fix ptrace test script
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 1/8] libsepol: fix -Wwrite-strings warnings
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 3/8] policycoreutils/semodule: hide -Wwrite-strings warnings
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [RFC PATCH 1/1] kernel: Add SELinux SCTP protocol support
  • From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
• Re: Still having problems with typebounds check.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: Still having problems with typebounds check.
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Still having problems with typebounds check.
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• [PATCH 7/8] libsepol/tests: fix -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 8/8] libsemanage/tests: fix -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 3/8] policycoreutils/semodule: hide -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 6/8] semodule_deps: hide -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 2/8] libsemanage: make lang_ext parameter const in semanage_direct_write_langext()
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 5/8] mcstrans: fix -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 4/8] policycoreutils/hll/pp: fix -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/8] libsepol: fix -Wwrite-strings warnings
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/1] libsepol/cil: fix type confusion in cil_copy_ast
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• [PATCH 1/1] Introduce Travis-CI tests
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• ANN: Reference Policy Release
  • From: Chris PeBenito <pebenito@xxxxxxxx>
• Re: possible regression in "semanage user"
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: [PATCH 0/5] checkpolicy: Cleanup declare and require functions
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• Re: [PATCH 0/5] checkpolicy: Cleanup declare and require functions
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• openshift label issue
  • From: Kashif ali <kashif.ali.9498@xxxxxxxxx>
• Re: [PATCH 0/5] checkpolicy: Cleanup declare and require functions
  • From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
• Re: [PATCH v2] security: selinux: allow changing labels for cgroupfs
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: possible regression in "semanage user"
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: possible regression in "semanage user"
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• Re: possible regression in "semanage user"
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• possible regression in "semanage user"
  • From: Vit Mojzis <vmojzis@xxxxxxxxxx>
• Re: [PATCH v2] security: selinux: allow changing labels for cgroupfs
  • From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
• Re: [PATCH] security: selinux: allow changing labels for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [PATCH v2] security: selinux: allow changing labels for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• Re: [PATCH] security: selinux: allow changing labels for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• Re: [PATCH] security: selinux: allow changing labels for cgroupfs
  • From: Gary Tierney <gary.tierney@xxxxxxx>
• [PATCH] security: selinux: allow changing labels for cgroupfs
  • From: Antonio Murdaca <amurdaca@xxxxxxxxxx>
• [PATCH] libselinux: do not rely on non-POSIX behavior for write()
  • From: Stephen Smalley <sds@xxxxxxxxxxxxx>
• [PATCH 2/2] checkpolicy: Remove uneeded return check in require_symbol()
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/2] libsepol: Return +1 when declaration is followed by a require
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/2] checkpolicy & libsepol: process declarations and requirements
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH] checkpolicy: Improve check for identifier flavor mismatch
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 5/5] checkpolicy: Move common require and declare code into new function
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 4/5] checkpolicy: Cleanup error messages
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 3/5] checkpolicy: Create common function for user declares and requires
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 2/5] checkpolicy: Create common function for role declares and requires
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 1/5] checkpolicy: Create common function for type declares and requires
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>
• [PATCH 0/5] checkpolicy: Cleanup declare and require functions
  • From: James Carter <jwcart2@xxxxxxxxxxxxx>