On Wed, Apr 1, 2020 at 2:09 PM Sultan Alsawaf <sultan@xxxxxxxxxxxxxxx> wrote:
> From: Sultan Alsawaf <sultan@xxxxxxxxxxxxxxx>
>
> I'm sure many of you have found yourself in a position where you've
> tried to increase the security of your system by enabling SELinux, only
> to discover that nothing worked anymore because of those darned 'denial'
> messages. It's clearly an overlooked bug in SELinux!
>
> With a bit of investigation, I discovered that the avc_denied() function
> would erroneously return a non-zero value when I saw those denial
> messages. After slapping in a `return 0;` at the top of that function,
> all was well and my machine with SELinux enforcing was working again!
>
> Signed-off-by: Sultan Alsawaf <sultan@xxxxxxxxxxxxxxx>
> ---
> security/selinux/avc.c | 1 +
> 1 file changed, 1 insertion(+)
This is clearly an April Fools joke, but still. No.
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index d18cb32a242a..b29f19471871 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1010,6 +1010,7 @@ static noinline int avc_denied(struct selinux_state *state,
> u8 driver, u8 xperm, unsigned int flags,
> struct av_decision *avd)
> {
> + return 0;
> if (flags & AVC_STRICT)
> return -EACCES;
>
> --
> 2.26.0
--
paul moore
www.paul-moore.com
