On Wed, Aug 9, 2023 at 5:30 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> On Tue, Aug 8, 2023 at 6:27 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > This commit reverts 5b0eea835d4e ("selinux: introduce an initial SID
> > for early boot processes") as it was found to cause problems on
> > distros with old SELinux userspace tools/libraries, specifically
> > Ubuntu 16.04.
> >
> > Hopefully we will be able to re-add this functionality at a later
> > date, but let's revert this for now to help ensure a stable and
> > backwards compatible SELinux tree.
> >
> > Link: https://lore.kernel.org/selinux/87edkseqf8.fsf@mail.lhotse
> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > ---
> > security/selinux/hooks.c | 28 -------------------
> > .../selinux/include/initial_sid_to_string.h | 2 +-
> > security/selinux/include/policycap.h | 1 -
> > security/selinux/include/policycap_names.h | 1 -
> > security/selinux/include/security.h | 6 ----
> > security/selinux/ss/policydb.c | 27 ------------------
> > 6 files changed, 1 insertion(+), 64 deletions(-)
>
> I don't think I'm able to post a fix for this quickly enough, so:
>
> Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
>
Should we revert the userspace patch as well (just the policy capability one)?
Or is a fix expected soon enough to not worry about it?
Jim
> --
> Ondrej Mosnacek
> Senior Software Engineer, Linux Security - SELinux kernel
> Red Hat, Inc.
>
