• Stephen Smalley's avatar
    SELinux: detect dead booleans · d313f948
    Stephen Smalley authored
    Instead of using f_op to detect dead booleans, check the inode index
    against the number of booleans and check the dentry name against the
    boolean name for that index on reads and writes.  This prevents
    incorrect use of a boolean file opened prior to a policy reload while
    allowing valid use of it as long as it still corresponds to the same
    boolean in the policy.
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    d313f948
selinuxfs.c 37.6 KB