From: Al Viro <viro@ftp.linux.org.uk>
To: Jon Smirl <jonsmirl@gmail.com>
Cc: linux-kernel@vger.kernel.org, Stephen Smalley <sds@tycho.nsa.gov>,
Linus Torvalds <torvalds@osdl.org>
Subject: Re: [PATCH 11/14] Reworked patch for labels on user space messages
Date: Wed, 3 May 2006 15:53:20 +0100 [thread overview]
Message-ID: <20060503145320.GE27946@ftp.linux.org.uk> (raw)
In-Reply-To: <9e4733910605030740s6f394676g66377f2a48cd4209@mail.gmail.com>
On Wed, May 03, 2006 at 10:40:19AM -0400, Jon Smirl wrote:
> On 5/3/06, Al Viro <viro@ftp.linux.org.uk> wrote:
> >On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> >> Something seems to be wrong in selinux_get_task_sid. I am getting
> >> thousands of these and can't boot the kernel.
> >
> >It's actually in security/selinux/hooks.c::selinux_disable() and gets
> >triggered if you have selinux enabled and explicitly disable afterwards.
> >Stephen Smalley had done a fix yesterday, basically adding
> > selinux_enabled = 0;
> >after
> > selinux_disabled = 1;
> >in there. selinux_get_task_sid() happens to step on that in visible way
> >and nobody had caught that while this stuff was sitting in -mm ;-/
> >
> >The only question I have about that patch: what would happen if we do not
> >have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> >defined to 1, so...
>
> I have these config options set:
>
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> CONFIG_SECURITY_SELINUX_DISABLE=y
> CONFIG_SECURITY_SELINUX_DEVELOP=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
>
> SELinux needs to be built in or FC5 won't run.
Then add the assignment above (selinux_enabled = 0;) in selinux_disable()
and see if that fixes your problem.
next prev parent reply other threads:[~2006-05-03 14:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-01 10:30 [PATCH 11/14] Reworked patch for labels on user space messages Al Viro
2006-05-03 14:11 ` Jon Smirl
2006-05-03 14:28 ` Al Viro
2006-05-03 14:40 ` Jon Smirl
2006-05-03 14:53 ` Al Viro [this message]
2006-05-03 14:52 ` Stephen Smalley
2006-05-03 14:51 ` James Morris
2006-05-03 15:00 ` Jon Smirl
2006-05-03 16:55 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060503145320.GE27946@ftp.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=jonsmirl@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.