On Mon, Dec 9, 2019 at 8:53 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > In AVC insert we don't call avc_node_kill() when avc_xperms_populate() > fails, resulting in the avc->avc_cache.active_nodes counter having a > false value. This patch corrects this problem and does some cleanup > in avc_insert() while we are there. > > Reported-by: rsiddoji@xxxxxxxxxxxxxx > Suggested-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > --- > security/selinux/avc.c | 51 +++++++++++++++++++++++------------------------- > 1 file changed, 24 insertions(+), 27 deletions(-) FYI, only compiled tested, thus the RFC. -- paul moore www.paul-moore.com
