SELinux: check seqno when updating an avc_node - openslx/kernel-qcow2-linux.git

diff options

author	Eric Paris	2009-02-12 20:50:11 +0100
committer	James Morris	2009-02-13 23:22:34 +0100
commit	a5dda683328f99c781f92c66cc52ffc0639bef58 (patch)
tree	2432f51e505fd9242f7081d5bf4e21ff322b73d6 /kernel/mutex-debug.h
parent	SELinux: NULL terminate al contexts from disk (diff)
download	kernel-qcow2-linux-a5dda683328f99c781f92c66cc52ffc0639bef58.tar.gz kernel-qcow2-linux-a5dda683328f99c781f92c66cc52ffc0639bef58.tar.xz kernel-qcow2-linux-a5dda683328f99c781f92c66cc52ffc0639bef58.zip

SELinux: check seqno when updating an avc_node

The avc update node callbacks do not check the seqno of the caller with the seqno of the node found. It is possible that a policy change could happen (although almost impossibly unlikely) in which a permissive or permissive_domain decision is not valid for the entry found. Simply pass and check that the seqno of the caller and the seqno of the node found match. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

Diffstat (limited to 'kernel/mutex-debug.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: