On Apr 5, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote: > > Since the status page is currently only allocated on first use, the > sequence number of the initial policyload (i.e. 1) is not stored, > leading to the observable sequence of 0, 2, 3, 4, ... > > Try to pre-allocate the status page during the initialization of the > selinuxfs, so selinux_status_update_policyload() will set the sequence > number. > > This brings the status page to return the actual sequence number for the > initial policy load, which is also observable via the netlink socket. > I could not find any occurrence where userspace depends on the actual > value returned by selinux_status_policyload(3), thus the breakage should > be unnoticed. > > Reported-by: Milos Malik > Closes: https://lore.kernel.org/selinux/87o7fmua12.fsf@xxxxxxxxxx/ > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > v2: ignore allocation failure > --- > security/selinux/selinuxfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) Thanks Christian. I trimmed out the 'Reported-by:' tag since there wasn't an email listed and I wasn't sure if that would cause problems with any tooling that digs through the git log (checkpatch.pl did complain). If any of the IBM/RH folks want to check with Milos and make sure it is okay with him I'll re-add him to the commit metadata. Merged into selinux/dev. -- paul-moore.com
