On Wed, Mar 28, 2018 at 8:40 PM, Yuli Khodorkovskiy <ykhodo@xxxxxxxxx> wrote: > In permissive, if a bad label is written to a file_context file, > restorecon will not verify the label before succesfully applying the > context. These patches fix validation of labels during restorecon > while not breaking current behavior of lazy validation. > > Yuli Khodorkovskiy (2): > libselinux: verify file_contexts when using restorecon > libselinux: echo line number of bad label in selabel_fini() > > libselinux/src/label.c | 4 ++-- > libselinux/src/label_file.h | 1 + > libselinux/src/label_internal.h | 1 + > 3 files changed, 4 insertions(+), 2 deletions(-) > > -- > 2.14.3 > > ack, LGTM.
