mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-18 20:24:32 +00:00
2e47b69c53
Originally object_r's types bitmap was empty since we exempt object_r from the normal user-role and role-type checks. CIL however sets object_r's types to all types to avoid special case logic. However, the kernel does not load object_r types from the policy file; it predefines object_r and merely validates that the object_r definition in the policy has the expected value. Thus, the actual policy file and the /sys/fs/selinux/policy file were differing in their object_r entry. Fix this by not writing object_r's types to the policy file, since they are ignored by the kernel anyway. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| cil | ||
| include | ||
| man | ||
| src | ||
| tests | ||
| utils | ||
| .gitignore | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||