[PATCH 0/3] libsepol/cil: Fixes to neverallow and bounds checking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dan Walsh found a bug that resulted in a seg fault while working on docker policy.
Steve Smalley was able to reproduce and find out where it was occuring in secilc.

This patch set fixes that bug and makes other improvements in the bounds and
neverallow checking.

James Carter (3):
  libsepol/cil: Fixed bug in cil_type_match_any()
  libsepol/cil: Improve type bounds check reporting
  libsepol/cil: Cleanup neverallow checking and fail if bounds checking
    fails

 libsepol/cil/src/cil_binary.c | 74 +++++++++++++++++++++++--------------------
 libsepol/cil/src/cil_find.c   |  6 +++-
 2 files changed, 44 insertions(+), 36 deletions(-)

-- 
2.5.5

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux