mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-27 08:22:07 +00:00
544cc7957b
Installing a cil module with invalid mlsconstrain syntax currently results in a segfault. In the following module, the right-hand side of the second operand of the OR is a list (mlstrustedobject): $ cat test.cil (class test (foo) ) (classorder (unordered test)) (mlsconstrain (test (foo)) (or (dom h1 h2) (eq t2 (mlstrustedobject)) ) ) $ sudo semodule -i test.cil zsh: segmentation fault sudo semodule -i test.cil This syntax is invalid and should error accordingly, rather than segfaulting. This patch provides this syntax error for the same module: $ sudo semodule -i test.cil t1, t2, r1, r2, u1, u2 cannot be used on the left side with a list on the right side Bad expression tree for constraint Bad constrain declaration at /var/lib/selinux/mls/tmp/modules/400/test/cil:4 semodule: Failed! Signed-off-by: Mike Palmiotto <mike.palmiotto@crunchydata.com> |
||
---|---|---|
.. | ||
include/cil | ||
src | ||
test | ||
.gitignore |