On Mon, Feb 24, 2020 at 11:09 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > Remove initial SIDs that have never been used or are no longer used by > the kernel from its string table, which is also used to generate the > SECINITSID_* symbols referenced in code. Update the code to > gracefully handle the fact that these can now be NULL. Stop treating > it as an error if a policy defines additional initial SIDs unknown to > the kernel. Do not load unused initial SID contexts into the sidtab. > Fix the incorrect usage of the name from the ocontext in error > messages when loading initial SIDs since these are not presently > written to the kernel policy and are therefore always NULL. ... > Fixes: https://github.com/SELinuxProject/selinux-kernel/issues/12 > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > v4 fixes the commit hashes that I cut-and-pasted from the GH issue > comments to be the proper length and added the one-line descriptions. > Oddly checkpatch.pl didn't catch that originally. > > scripts/selinux/genheaders/genheaders.c | 11 +++- > .../selinux/include/initial_sid_to_string.h | 57 +++++++++---------- > security/selinux/selinuxfs.c | 6 +- > security/selinux/ss/policydb.c | 25 ++++---- > security/selinux/ss/services.c | 26 ++++----- > 5 files changed, 66 insertions(+), 59 deletions(-) Merged into selinux/next, thanks Stephen. -- paul moore www.paul-moore.com