commit | 8b114a3bf25b7b818910cca77528de80cdb953f8 | [log] [tgz] |
---|---|---|
author | Stephen Smalley <sds@tycho.nsa.gov> | Mon Oct 28 16:52:50 2013 -0400 |
committer | Stephen Smalley <sds@tycho.nsa.gov> | Mon Oct 28 16:52:50 2013 -0400 |
tree | 697ffbe93827a739976c28d0e47db02317f335eb | |
parent | 0ddd534a11227d0397c5f36fdc3dfbf4e54b864e [diff] |
Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. If we get an EINVAL from security_compute_av* (indicates an invalid source or target security context, likely due to a policy reload that removed one or the other) and we are in permissive mode, then handle it like any other permission denial, i.e. log but do not deny it. Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>