Before SELinux is disabled at boot it can create AVC entries. This patch
will flush those entries before disabling SELinux.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
security/selinux/avc.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index f601246..1ed0f07 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void)
void avc_disable(void)
{
+ avc_flush();
+ synchronize_rcu();
if (avc_node_cachep)
kmem_cache_destroy(avc_node_cachep);
}
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
