On Wed, Jun 23, 2021 at 3:32 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote: > > On Mon, Jun 21, 2021 at 9:18 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > Patch 1 fixes the check for self-referential loops that didn't work in all cases > > Patches 2 and 3 fix a couple of bugs > > Patches 4 and 5 make it harder to create small policies that expand into large > > policies that consume all of a system's memory. > > > > Only patches 2 and 5 are changed in v2. > > > > James Carter (5): > > libsepol/cil: Properly check for loops in sets > > libsepol/cil: Fix syntax checking of defaultrange rule > > libsepol/cil: Check for empty list when marking neverallow attributes > > libsepol/cil: Reduce the initial symtab sizes for blocks > > libsepol/cil: Improve degenerate inheritance check > > > > libsepol/cil/src/cil.c | 2 +- > > libsepol/cil/src/cil_build_ast.c | 10 ++ > > libsepol/cil/src/cil_internal.h | 5 +- > > libsepol/cil/src/cil_post.c | 4 + > > libsepol/cil/src/cil_resolve_ast.c | 226 +++++++++++++++++++---------- > > libsepol/cil/src/cil_verify.c | 48 ++++-- > > 6 files changed, 198 insertions(+), 97 deletions(-) > > > > -- > > 2.26.3 > > Hello, > > These patches look good to me: > > Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > This series has been merged. Jim > Thanks! > Nicolas >
