Linux-Security-Module Archive on
 help / color / Atom feed
From: Paul Moore <>
To: Linus Torvalds <>
Subject: [GIT PULL] SELinux fixes for v5.12 (#2)
Date: Fri, 9 Apr 2021 13:44:38 -0400
Message-ID: <> (raw)

Hi Linus,

I realize we are getting late in the v5.12-rcX release cycle, but we
have three SELinux patches which I believe should be merged before the
proper v5.12 release.  The patches fix known problems relating to
(re)loading SELinux policy or changing the policy booleans, and pass
our test suite without problem.  As of a few minutes ago, the tag
below also merged cleanly into your tree.

Please pull for the next v5.12-rcX release, thanks.

The following changes since commit ee5de60a08b7d8d255722662da461ea159c15538:

 selinuxfs: unify policy load error reporting (2021-03-18 23:26:59 -0400)

are available in the Git repository at:


for you to fetch changes up to 9ad6e9cb39c66366bf7b9aece114aca277981a1f:

 selinux: fix race between old and new sidtab (2021-04-07 20:42:56 -0400)

selinux/stable-5.12 PR 20210409

Ondrej Mosnacek (3):
     selinux: make nslot handling in avtab more robust
     selinux: fix cond_list corruption when changing booleans
     selinux: fix race between old and new sidtab

security/selinux/ss/avtab.c       | 101 ++++++++----------------
security/selinux/ss/avtab.h       |   2 +-
security/selinux/ss/conditional.c |  12 +--
security/selinux/ss/services.c    | 157 +++++++++++++++++++++++++++-------
security/selinux/ss/sidtab.c      |  21 +++++
security/selinux/ss/sidtab.h      |   4 +
6 files changed, 185 insertions(+), 112 deletions(-)

paul moore

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-09 17:44 Paul Moore [this message]
2021-04-09 19:59 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='' \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on

Archives are clonable:
	git clone --mirror linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ \
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone