On Wed, 16 Dec 2009, Paul Moore wrote: > It is possible security_compute_av() to return -EINVAL, even when in > permissive mode, due to unknown object classes and SIDs. This patch fixes > this by doing away with the return value for security_compute_av() and > treating unknown classes and SIDs as permission denials. > > NOTE: I've only tested this on Fedora/Rawhide using the standard policy, > so while I'm fairly confident there are no regressions in the common case > the error case hasn't been fully tested yet; I'm posting this to solicit > comments on the basic approach. Looks ok to me. -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
