Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Stephen Smalley <sds@xxxxxxxxxxxxx>
Subject: Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Tue, 15 Apr 2014 15:37:46 -0400
Cc: SE-Linux <selinux@xxxxxxxxxxxxx>
In-reply-to: <534D865F.1080409@tycho.nsa.gov>
References: <1397579252-1378-1-git-send-email-richard_c_haines@btinternet.com> <534D6117.4020506@tycho.nsa.gov> <534D78B6.9070208@tycho.nsa.gov> <1397586465.2471.2.camel@flatline.rdu.redhat.com> <534D7BA4.2040705@tycho.nsa.gov> <1397587423.2471.4.camel@flatline.rdu.redhat.com> <534D8385.9010908@tycho.nsa.gov> <CACLa4pu49Qhpyf8j_c3PE=fHySN_Tsf9PTaoZfR-TjiGB1nYKw@mail.gmail.com> <534D865F.1080409@tycho.nsa.gov>

On Tue, 2014-04-15 at 15:19 -0400, Stephen Smalley wrote:
> On 04/15/2014 03:18 PM, Eric Paris wrote:
> > Why didn't it fail in the kernel on policy load?
> 
> AFAICS you aren't checking for conflicts (and are ignoring duplicates)
> in your kernel side code that loads the entries.

Oh right, that whole 'system wasn't booting' thing.  Which pointed out
this bug, and then I never fixed it.  Perfect.  Glad I've been
reminded...

References:
- [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Richard Haines
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Stephen Smalley
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Stephen Smalley
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Eric Paris
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Stephen Smalley
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Eric Paris
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Stephen Smalley
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Eric Paris
- Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
  - From: Stephen Smalley

Prev by Date: Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
Next by Date: [PATCH] selinux, kbuild: remove unnecessary $(hostprogs-y) from clean-files
Previous by thread: Re: [PATCH] libsepol: Skip duplicate filename_trans rules in state->out policy.
Next by thread: [PATCH] selinux, kbuild: remove unnecessary $(hostprogs-y) from clean-files
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]