On 7/22/20 7:32 PM, Stephen Smalley wrote: > On Wed, Jul 22, 2020 at 12:57 PM Dominick Grift > <dominick.grift@xxxxxxxxxxx> wrote: >> Can we not just assume that if that happens, that the kernel should just >> treat the context as if it were the context of the unlabeled isid. > > No, because then a simple typo or other error in a context provided by > a user or application would end up being handled as the unlabeled > context instead of producing an error return that can be handled by > the application or user. So are you saying that it is up to the libselinux consumers to deal with this? what do you suggest they do in these situations? > >> I mean that is what it boils down to anyway: everything always needs a >> valid context. so might as well treat invalid contexts as unlabeled >> isids? Not sure how "state" is relevant here as invalid is invalid. > > The state is whether the context was previously valid and used by the > application. >
