On Mon, Jun 21, 2021 at 9:18 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > Patch 1 fixes the check for self-referential loops that didn't work in all cases > Patches 2 and 3 fix a couple of bugs > Patches 4 and 5 make it harder to create small policies that expand into large > policies that consume all of a system's memory. > > Only patches 2 and 5 are changed in v2. > > James Carter (5): > libsepol/cil: Properly check for loops in sets > libsepol/cil: Fix syntax checking of defaultrange rule > libsepol/cil: Check for empty list when marking neverallow attributes > libsepol/cil: Reduce the initial symtab sizes for blocks > libsepol/cil: Improve degenerate inheritance check > > libsepol/cil/src/cil.c | 2 +- > libsepol/cil/src/cil_build_ast.c | 10 ++ > libsepol/cil/src/cil_internal.h | 5 +- > libsepol/cil/src/cil_post.c | 4 + > libsepol/cil/src/cil_resolve_ast.c | 226 +++++++++++++++++++---------- > libsepol/cil/src/cil_verify.c | 48 ++++-- > 6 files changed, 198 insertions(+), 97 deletions(-) > > -- > 2.26.3 Hello, These patches look good to me: Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> Thanks! Nicolas
