On Fri, Jan 25, 2019 at 11:15 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Fri, Jan 25, 2019 at 2:49 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 1/25/19 5:06 AM, Ondrej Mosnacek wrote: > > > These BUG_ONs do not really protect from any catastrophic situation so > > > there is no need to have them there. > > > > They are to catch bugs in callers that pass requested==0. That is > > always indicative of a bug in the caller (e.g. failed to correctly > > compute the permissions). Otherwise, we will silently allow such calls > > and not notice them. > > > > At the least, they should be WARN_ONs. > > OK, seems that switching to WARN_ON() will be a better choice. > > Paul, you can apply the series without this patch and I will post a > corrected patch separately (if that's OK with you). Yep. Patches 1, 2, and 4 should now be in selinux/next. -- paul moore www.paul-moore.com
