On Fri, Mar 30, 2012 at 11:58 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Basically I am sick of some of the bad names we chose for booleans when we
> were first writing policy, so I want a mechanism to allow us to change the
> names but still support the old names.
>
> This patch will allow policy developers to ship a
> /etc/selinux/targeted/contexts/booleans.subs
>
> Then libselinux will check if a boolean name exists, if not it will see if
> there is a substitute name and attempt to use that.
>
> I have attached the libselinux_bools-subs.patch and the first pass at what a
> booleans.subs file will look like in Fedora 18.
+static int bool_open(const char *name, int flag) {
...
+
+ len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
Calling strlen() on NULL is not valid C, IIRC.
+ snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
Silent truncation?
Should work under benign conditions. Will probably fail in a hostile
environment.
Jeff
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
