Commit - centos-sig-hyperscale/systemd - 82e9abf69ada90373efd7dc2db9934510562b853

centos-sig-hyperscale / systemd

`82e9abf` selinux: reload label db on policy load with libselinux 3.2

1 file Authored by Christian Göttsche 2 years ago, Committed by zbyszek 2 years ago,

raw patch tree parent

1 file changed. 16 lines added. 17 lines removed.

    selinux: reload label db on policy load with libselinux 3.2
    
    Currently the label database is not reloaded with libselinux 3.2 on a
    policy reload.
    
    Since libselinux 3.2 avc_open(3) uses the SELinux status page instead of
    a netlink socket to check for policy reloads.
    The status page is also queried in mac_selinux_maybe_reload().
    Thus calls to selinux_check_access(3) might consume an update, queried
    by selinux_status_updated(3), leaving mac_selinux_maybe_reload() unable
    to detect a policy reload.
    
    Do not use selinux_status_updated(3), use selinux_status_policyload(3)
    unconditionally.
    
    Relevant libselinux commit: https://github.com/SELinuxProject/selinux/commit/05bdc03130d741e53e1fb45a958d0a2c184be503
    
    Debian Bullseye is going to ship libselinux 3.1, so stay compatible for
    backports.
    
    (cherry picked from commit c46c76881144271b9a18842e086d1318febdb372)

src/basic/selinux-util.c

file modified

+16 -17

centos-sig-hyperscale / systemd

Source Code

82e9abf selinux: reload label db on policy load with libselinux 3.2

1 file Authored by Christian Göttsche 2 years ago, Committed by zbyszek 2 years ago,

`82e9abf` selinux: reload label db on policy load with libselinux 3.2