On Thu, 2008-05-01 at 16:04 -0400, Eric Paris wrote: > Maybe someone else will know this pretty quickly. I'm attaching a > tiny little base.conf and base.mod and a tiny test.te and test.mod > that I built. When I try to link them together I get a segfault > somewhere through user_fix_callback() -> mls_level_convert() > > Anyway, maybe I'll get to looking at it tomorrow, but if anyone else > who actually understands all of this has a chance to look let me > know.... Looks like mls_level_convert() falls over dead if passed an "empty" user declaration, which appears to happen when you specify a require on it but not a declaration for it in your module, which is what you do in test.te. Patch below will at least fix the symptom - not sure whether it will yield the expected end result though. Index: trunk/libsepol/src/link.c =================================================================== --- trunk/libsepol/src/link.c (revision 2874) +++ trunk/libsepol/src/link.c (working copy) @@ -864,6 +864,10 @@ if (!mod->policy->mls) return 0; + /* Required not declared. */ + if (!src->sens) + return 0; + assert(mod->map[SYM_LEVELS][src->sens - 1]); dst->sens = mod->map[SYM_LEVELS][src->sens - 1]; -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
