From: Al Viro <viro@ftp.linux.org.uk>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ingo Molnar <mingo@elte.hu>, Steve Grubb <sgrubb@redhat.com>,
Andrew Morton <akpm@osdl.org>, James Morris <jmorris@namei.org>,
Jon Smirl <jonsmirl@gmail.com>,
linux-kernel@vger.kernel.org, Linus Torvalds <torvalds@osdl.org>
Subject: Re: [PATCH 11/14] Reworked patch for labels on user space messages
Date: Wed, 3 May 2006 17:55:02 +0100 [thread overview]
Message-ID: <20060503165502.GF27946@ftp.linux.org.uk> (raw)
In-Reply-To: <1146667956.27735.73.camel@moss-spartans.epoch.ncsc.mil>
On Wed, May 03, 2006 at 10:52:36AM -0400, Stephen Smalley wrote:
> On Wed, 2006-05-03 at 15:28 +0100, Al Viro wrote:
> > On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> > > Something seems to be wrong in selinux_get_task_sid. I am getting
> > > thousands of these and can't boot the kernel.
> >
> > It's actually in security/selinux/hooks.c::selinux_disable() and gets
> > triggered if you have selinux enabled and explicitly disable afterwards.
> > Stephen Smalley had done a fix yesterday, basically adding
> > selinux_enabled = 0;
> > after
> > selinux_disabled = 1;
> > in there. selinux_get_task_sid() happens to step on that in visible way
> > and nobody had caught that while this stuff was sitting in -mm ;-/
> >
> > The only question I have about that patch: what would happen if we do not
> > have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> > defined to 1, so...
>
> Good point. Ok, take two.
>
> [patch 1/1] selinux: Clear selinux_enabled flag upon runtime disable.
>
> Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
> and make sure it is defined even if selinux= boot parameter support is
> not enabled in configuration.
>
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
prev parent reply other threads:[~2006-05-03 16:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-01 10:30 [PATCH 11/14] Reworked patch for labels on user space messages Al Viro
2006-05-03 14:11 ` Jon Smirl
2006-05-03 14:28 ` Al Viro
2006-05-03 14:40 ` Jon Smirl
2006-05-03 14:53 ` Al Viro
2006-05-03 14:52 ` Stephen Smalley
2006-05-03 14:51 ` James Morris
2006-05-03 15:00 ` Jon Smirl
2006-05-03 16:55 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060503165502.GF27946@ftp.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=akpm@osdl.org \
--cc=jmorris@namei.org \
--cc=jonsmirl@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=sds@tycho.nsa.gov \
--cc=sgrubb@redhat.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.