On 1/17/20 10:26 AM, William Roberts wrote:
On Fri, Jan 17, 2020 at 8:47 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
Despite deprecating use of flask.h and av_permissions.h back in 2014,
the man pages for avc_has_perm(3) and security_compute_av(3) were not
updated to provide instructions on how to dynamically map class/permission
names nor to encourage use of selinux_check_access(3) instead of these
interfaces. Also, while selinux_set_mapping(3) supports dynamic
class/perm mapping at initialization, it does not support changes to
the class/perm values at runtime upon a policy reload, and no
instructions were provided on how to set up a callback to support
this case. Update the man pages accordingly.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Thanks, this patch is now applied. For future reference, if you reply
with a full Acked-by: name <email> line, patchwork will automatically
mark that the patch has received an Ack in the A/R/T tags field which
makes it easy to track. It doesn't recognize a bare Ack.
https://patchwork.kernel.org/project/selinux/list/
