On 7/11/2016 9:45 AM, Stephen Smalley wrote:
> On 06/23/2016 03:52 PM, Dan Jurgens wrote:
>> diff --git a/security/selinux/include/initial_sid_to_string.h b/security/selinux/include/initial_sid_to_string.h
>> index a59b64e..8f2eefc 100644
>> --- a/security/selinux/include/initial_sid_to_string.h
>> +++ b/security/selinux/include/initial_sid_to_string.h
>> @@ -29,5 +29,6 @@ static const char *initial_sid_to_string[] =
>> "policy",
>> "scmp_packet",
>> "devnull",
>> + "pkey",
> I don't think we can/should add any more initial SIDs until we have
> dynamic discovery support for them. At present, we'll have problems
> with old kernel with new policy and with new kernel with old policy when
> the number of initial SIDs changes.
>
>> + if (c) {
>> + if (!c->sid[0]) {
>> + rc = sidtab_context_to_sid(&sidtab,
>> + &c->context[0],
>> + &c->sid[0]);
>> + if (rc)
>> + goto out;
>> + }
>> + *out_sid = c->sid[0];
>> + } else {
>> + *out_sid = SECINITSID_PKEY;
> Could we just use SECINITSID_UNLABELED as the default?
>
I don't see why that would be a problem. I'll take the same comment for the "[PATCH 06/12] selinux: Add IB End Port SMP access vector".
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
