Re: [PATCH v4] libsepol, checkpolicy: remove use of hardcoded security class values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/26/20 5:57 AM, Petr Lautrbach wrote:

Stephen Smalley <sds@xxxxxxxxxxxxx> writes:

libsepol carried its own (outdated) copy of flask.h with the generated
security class and initial SID values for use by the policy
compiler and the forked copy of the security server code
leveraged by tools such as audit2why.  Convert libsepol and
checkpolicy entirely to looking up class values from the policy,
remove the SECCLASS_* definitions from its flask.h header, and move
the header with its remaining initial SID definitions private to
libsepol.  While we are here, fix the sepol_compute_sid() logic to
properly support features long since added to the policy and kernel,
although there are no users of it other than checkpolicy -d (debug)
and it is not exported to users of the shared library.  There
are still some residual differences between the kernel logic and
libsepol.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>


The only problem I found running tests on this is related to SETools
https://github.com/SELinuxProject/selinux/pull/200#issuecomment-577745225

Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx>

Thanks. I guess the question is whether we should wait to merge it until setools has a corresponding fix ready or go ahead.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux