sepol_set_sidtab() is called without calling sepol_sidtab_destroy().
This is not a big deal, since checkpolicy does not run for long, but
it does add noise when checking for other, more important, leaks.
Call sepol_sidtab_destroy() before exiting if not in debug mode.
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
---
checkpolicy/checkpolicy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 442e7db..534fc22 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -673,6 +673,7 @@ int main(int argc, char **argv)
if (!debug) {
policydb_destroy(&policydb);
+ sepol_sidtab_destroy(&sidtab);
exit(0);
}
--
2.7.4
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
