On 08/29/2014 10:14 AM, Stephen Smalley wrote: > On 08/29/2014 10:00 AM, Sven Vermeulen wrote: >> On Fri, Aug 29, 2014 at 2:56 PM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote: >>>>>>> Segmentation fault >>>>> [...] >>>>>> Can you provide a copy of your original policy prior to conversion? >>>>> >>>>> If you mean the policy.29 file, certainly. You can wget it from >>>>> http://dev.gentoo.org/~swift/tmp/20140828-policy.29 >>>> >>>> No, the contents of /etc/selinux/mcs. The migration script converts the >>>> old policy module store, not the final kernel policy file. >>>> >>> >>> Hmm, I'm unable to reproduce this. I think the policy store that Stephen >>> mentions will be help to reproduce it. >>> >> >> Certainly. >> >> The policy store can be found at >> http://dev.gentoo.org/~swift/tmp/20140829-etc-selinux-mcs.tar.gz > > Hmm...semanage_migrate_store worked for me on that policy store. > > Can you reproduce the fault? If so, can you get debug info? > Build with debug flags and run semanage_migrate_store under valgrind, > perhaps? > We are able to get the segfault and have gotten a backtrace. It looks like it has to do with how optionals are handled and how we reset state when an optional is disabled. The fix in this particular case is pretty simple, but I think we need to go through the rest of the reset state code and ensure we aren't making similar mistakes. Might take a little bit of time. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
