Well at least it doesn't segfault :) /me has much pain trying to move genfs_context type messages into a module. -Eric On Fri, May 2, 2008 at 9:45 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > On Thu, 2008-05-01 at 16:04 -0400, Eric Paris wrote: > > Maybe someone else will know this pretty quickly. I'm attaching a > > tiny little base.conf and base.mod and a tiny test.te and test.mod > > that I built. When I try to link them together I get a segfault > > somewhere through user_fix_callback() -> mls_level_convert() > > > > Anyway, maybe I'll get to looking at it tomorrow, but if anyone else > > who actually understands all of this has a chance to look let me > > know.... > > Looks like mls_level_convert() falls over dead if passed an "empty" user > declaration, which appears to happen when you specify a require on it > but not a declaration for it in your module, which is what you do in > test.te. Patch below will at least fix the symptom - not sure whether > it will yield the expected end result though. > > Index: trunk/libsepol/src/link.c > =================================================================== > --- trunk/libsepol/src/link.c (revision 2874) > +++ trunk/libsepol/src/link.c (working copy) > @@ -864,6 +864,10 @@ > if (!mod->policy->mls) > return 0; > > + /* Required not declared. */ > + if (!src->sens) > + return 0; > + > assert(mod->map[SYM_LEVELS][src->sens - 1]); > dst->sens = mod->map[SYM_LEVELS][src->sens - 1]; > > > -- > Stephen Smalley > National Security Agency > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
