[PATCH 1/1] checkpolicy: dereference rangehead after checking it was not NULL

Signed-off-by: Nicolas Iooss --- checkpolicy/policy_define.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index dbafadb01e21..949ca7117233 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@

[PATCH 1/1] libsepol/cil: avoid freeing uninitialized values

cil_resolve_ast() begins by checking whether one of its parameters is NULL and "goto exit;" when it is the case. As extra_args has not been initialized there, this leads to calling cil_destroy_tree_node_stack(), __cil_ordered_lists_destroy()... on garbage values. In practise this cannot happen bec

[PATCH 1/1] libsepol/cil: make reporting conflicting type transitions work

When compiling a CIL policy which defines conflicting type transitions, secilc crashes when trying to format an error message with uninitialized values. This is caused by __cil_typetransition_to_avtab() not initializing the ..._str fields of its local variable "struct cil_type_rule trans" before ca

Re: newrole as su'ed root

> Hmmm...Fedora policy doesn't allow use of su from staff_t; you have to > newrole first and then su. > > Regardless, newrole uses the login uid if available, falling back to > the real uid if not, for the identity used to re-authenticate and to > set up the environment. If you want the environmen

Re: newrole as su'ed root

On Fri, 2017-03-17 at 12:07 +0100, cgzones wrote: > Hi list, > I am using newrole v2.6 on Debian testing. The pam config > /etc/pam.d/newrole contains: > > #%PAM-1.0 > > @include common-auth > @include common-account > @include common-session > session  required pam_namespace.so unmnt_remnt no_un

[PATCH] selinux: Remove unnecessary check of array base in selinux_set_mapping()

'perms' will never be NULL since it isn't a plain pointer but an array of u32 values. This fixes the following warning when building with clang: security/selinux/ss/services.c:158:16: error: address of array 'p_in->perms' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]

newrole as su'ed root

Hi list, I am using newrole v2.6 on Debian testing. The pam config /etc/pam.d/newrole contains: #%PAM-1.0 @include common-auth @include common-account @include common-session session required pam_namespace.so unmnt_remnt no_unmount_on_close I log into the machine as a normal user: christian@de