[v3,0/3] selinux: policy load fixes

Message ID	20210318215303.2578052-1-omosnace@redhat.com (mailing list archive)
Headers	show Return-Path: <selinux-owner@kernel.org> From: Ondrej Mosnacek <omosnace@redhat.com> To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <stephen.smalley.work@gmail.com> Subject: [PATCH v3 0/3] selinux: policy load fixes Date: Thu, 18 Mar 2021 22:53:00 +0100 Message-Id: <20210318215303.2578052-1-omosnace@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	selinux: policy load fixes \| expand [v3,0/3] selinux: policy load fixes [v3,1/3] selinux: don't log MAC_POLICY_LOAD record on failed policy load [v3,2/3] selinux: fix variable scope issue in live sidtab conversion [v3,3/3] selinuxfs: unify policy load error reporting

Message ID

20210318215303.2578052-1-omosnace@redhat.com (mailing list archive)

Headers

From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH v3 0/3] selinux: policy load fixes
Date: Thu, 18 Mar 2021 22:53:00 +0100
Message-Id: <20210318215303.2578052-1-omosnace@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

selinux: policy load fixes | expand

Message

Ondrej Mosnacek March 18, 2021, 9:53 p.m. UTC

Changes in v3:
- move new struct declarations to the top of services.c
- add another patch to clean up error reporting during policy load

Changes in v2:
- switch to a more minimal fix which allocates the conversion params
  dynamically and passes them between the functions
- split out the MAC_POLICY_LOAD record fix into a separate patch

Ondrej Mosnacek (3):
  selinux: don't log MAC_POLICY_LOAD record on failed policy load
  selinux: fix variable scope issue in live sidtab conversion
  selinuxfs: unify policy load error reporting

 security/selinux/include/security.h | 15 +++++--
 security/selinux/selinuxfs.c        | 22 +++++-----
 security/selinux/ss/services.c      | 63 ++++++++++++++++++-----------
 3 files changed, 59 insertions(+), 41 deletions(-)

Comments

Paul Moore March 19, 2021, 3:33 a.m. UTC | #1

On Thu, Mar 18, 2021 at 5:53 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> Changes in v3:
> - move new struct declarations to the top of services.c
> - add another patch to clean up error reporting during policy load
>
> Changes in v2:
> - switch to a more minimal fix which allocates the conversion params
>   dynamically and passes them between the functions
> - split out the MAC_POLICY_LOAD record fix into a separate patch
>
> Ondrej Mosnacek (3):
>   selinux: don't log MAC_POLICY_LOAD record on failed policy load
>   selinux: fix variable scope issue in live sidtab conversion
>   selinuxfs: unify policy load error reporting
>
>  security/selinux/include/security.h | 15 +++++--
>  security/selinux/selinuxfs.c        | 22 +++++-----
>  security/selinux/ss/services.c      | 63 ++++++++++++++++++-----------
>  3 files changed, 59 insertions(+), 41 deletions(-)

Thanks Ondrej.  I've merged all three of these into the
selinux/stable-5.12 branch and if testing goes well I'll send it up to
Linus next week.  I was a little undecided on if patch 3/3 qualified
as -stable material, but it does fix a user-visible issue and is small
enough in scope that I don't think it should be a problem.