On Fri, Mar 30, 2018 at 11:59 AM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > On Thu, Mar 29, 2018 at 5:16 PM, Yuli Khodorkovskiy <ykhodo@xxxxxxxxx> wrote: >> In permissive, if a bad label is written to a file_context file, >> restorecon will not verify the label before succesfully applying the >> context. These patches fix validation of labels during restorecon >> while not breaking current behavior of lazy validation. >> >> Changes since V1: >> - Continue using lazy validation for restorecon that was broken in V1 of >> the patch. >> - Add line number tracking for error messages in restorecon. >> >> Changes since V2: >> - Fix compiler error caused by unused variable in selabel_validate() >> >> Yuli Khodorkovskiy (2): >> libselinux: verify file_contexts when using restorecon >> libselinux: echo line number of bad label in selabel_fini() >> >> libselinux/src/label.c | 7 +++---- >> libselinux/src/label_backends_android.c | 2 +- >> libselinux/src/label_file.c | 2 +- >> libselinux/src/label_file.h | 3 ++- >> libselinux/src/label_internal.h | 7 +++---- >> libselinux/src/matchpathcon.c | 5 ++--- >> 6 files changed, 12 insertions(+), 14 deletions(-) >> >> -- >> 2.14.3 >> >> > > These look good to me and pass all my testing. I have them on > github passing CI as well: > https://github.com/SELinuxProject/selinux/pull/90 > > ack. Unless someone finds an issue, will merge > on 4/3. merged. Thank you.
