rpms/kernel/devel linux-2.6-selinux-disable-attributes-no-policy.patch, NONE, 1.1 kernel-2.6.spec, 1.1966, 1.1967

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Sat Feb 18 23:34:46 UTC 2006 

Author: davej

Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20008

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6-selinux-disable-attributes-no-policy.patch 
Log Message:
- Disable setting of security attributes on new inodes when
  no policy is loaded. (#180296)



linux-2.6-selinux-disable-attributes-no-policy.patch:
 hooks.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE linux-2.6-selinux-disable-attributes-no-policy.patch ---

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180296

Disable setting of security attributes on new inodes when no policy is loaded

--- linux-2.6.15.noarch/security/selinux/hooks.c~	2006-02-18 18:31:02.000000000 -0500
+++ linux-2.6.15.noarch/security/selinux/hooks.c	2006-02-18 18:31:17.000000000 -0500
@@ -1957,7 +1957,7 @@ static int selinux_inode_init_security(s
 
 	inode_security_set_sid(inode, newsid);
 
-	if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
+	if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
 		return -EOPNOTSUPP;
 
 	if (name) {


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.1966
retrieving revision 1.1967
diff -u -r1.1966 -r1.1967
--- kernel-2.6.spec	18 Feb 2006 21:23:48 -0000	1.1966
+++ kernel-2.6.spec	18 Feb 2006 23:34:22 -0000	1.1967
@@ -357,6 +357,7 @@
 Patch1710: linux-2.6-autofs-pathlookup.patch
 Patch1720: linux-2.6-selinux-hush.patch
 Patch1721: linux-2.6-selinux-mprotect-checks.patch
+Patch1722: linux-2.6-selinux-disable-attributes-no-policy.patch
 Patch1730: linux-2.6-ide-cd-shutup.patch
 Patch1740: linux-2.6-block-reduce-stack.patch
 Patch1750: linux-2.6-ub.patch
@@ -918,6 +919,8 @@
 %patch1720 -p1
 # Fix the SELinux mprotect checks on executable mappings
 %patch1721 -p1
+# Disable setting of security attributes on new inodes when no policy is loaded
+%patch1722 -p1
 # Silence noisy CD drive spew
 %patch1730 -p1
 # Reduce stack usage in block layer
@@ -1580,6 +1583,8 @@
 - Reenable EMI26 driver. (#181813)
 - Fix counting of hotplug cpu's in x86 microcode driver
 - Fix syscall auditting doing allocations whilst atomic.
+- Disable setting of security attributes on new inodes when
+  no policy is loaded. (#180296)
 
 * Fri Feb 17 2006 Dave Jones <davej at redhat.com>
 - 2.6.16rc4

More information about the fedora-cvs-commits mailing list