Before SELinux is disabled at boot it can create AVC entries. This patch will flush those entries before disabling SELinux. Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> --- security/selinux/avc.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index f601246..1ed0f07 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -868,6 +868,8 @@ u32 avc_policy_seqno(void) void avc_disable(void) { + avc_flush(); + synchronize_rcu(); if (avc_node_cachep) kmem_cache_destroy(avc_node_cachep); } -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.