On Tue, Aug 8, 2023 at 6:27 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> This commit reverts 5b0eea835d4e ("selinux: introduce an initial SID
> for early boot processes") as it was found to cause problems on
> distros with old SELinux userspace tools/libraries, specifically
> Ubuntu 16.04.
>
> Hopefully we will be able to re-add this functionality at a later
> date, but let's revert this for now to help ensure a stable and
> backwards compatible SELinux tree.
>
> Link: https://lore.kernel.org/selinux/87edkseqf8.fsf@mail.lhotse
> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> ---
> security/selinux/hooks.c | 28 -------------------
> .../selinux/include/initial_sid_to_string.h | 2 +-
> security/selinux/include/policycap.h | 1 -
> security/selinux/include/policycap_names.h | 1 -
> security/selinux/include/security.h | 6 ----
> security/selinux/ss/policydb.c | 27 ------------------
> 6 files changed, 1 insertion(+), 64 deletions(-)
I don't think I'm able to post a fix for this quickly enough, so:
Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
