On Thu, Mar 29, 2018 at 5:16 PM, Yuli Khodorkovskiy <ykhodo@xxxxxxxxx> wrote: > In permissive, if a bad label is written to a file_context file, > restorecon will not verify the label before succesfully applying the > context. These patches fix validation of labels during restorecon > while not breaking current behavior of lazy validation. > > Changes since V1: > - Continue using lazy validation for restorecon that was broken in V1 of > the patch. > - Add line number tracking for error messages in restorecon. > > Changes since V2: > - Fix compiler error caused by unused variable in selabel_validate() > > Yuli Khodorkovskiy (2): > libselinux: verify file_contexts when using restorecon > libselinux: echo line number of bad label in selabel_fini() > > libselinux/src/label.c | 7 +++---- > libselinux/src/label_backends_android.c | 2 +- > libselinux/src/label_file.c | 2 +- > libselinux/src/label_file.h | 3 ++- > libselinux/src/label_internal.h | 7 +++---- > libselinux/src/matchpathcon.c | 5 ++--- > 6 files changed, 12 insertions(+), 14 deletions(-) > > -- > 2.14.3 > > These look good to me and pass all my testing. I have them on github passing CI as well: https://github.com/SELinuxProject/selinux/pull/90 ack. Unless someone finds an issue, will merge on 4/3.
