On Wed, 19 Aug 2020 at 19:15, Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> Certain SELinux security server functions (e.g. security_port_sid,
> called during bind) were not explicitly testing to see if SELinux
> has been initialized (i.e. initial policy loaded) and handling
> the no-policy-loaded case. In the past this happened to work
> because the policydb was statically allocated and could always
> be accessed, but with the recent encapsulation of policy state
> and conversion to dynamic allocation, we can no longer access
> the policy state prior to initialization. Add a test of
> !selinux_initialized(state) to all of the exported functions that
> were missing them and handle appropriately.
>
> Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor policy load")
> Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Tested-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
The reported problem has been solved after applying this patch on top
of Linux next 20200819 tag.
Test log,
https://lkft.validation.linaro.org/scheduler/job/1687070#L317
- Naresh
