[Selinux-commits] SF.net SVN: selinux: [2863] trunk/libselinux/src/load_policy.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2863
          http://selinux.svn.sourceforge.net/selinux/?rev=2863&view=rev
Author:   ssmalley
Date:     2008-04-18 06:50:58 -0700 (Fri, 18 Apr 2008)

Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: upstart/SELinux problem loading the wrong policy with kernel version change
Date: Tue, 08 Apr 2008 09:29:46 -0400

If we are not setting local definitions or preserving booleans, then the
maximum policy version for load can be the max of the kernel-supported
version and the libsepol-supported version since we do not need to
manipulate the policy image prior to load.

Modified Paths:
--------------
    trunk/libselinux/src/load_policy.c

Modified: trunk/libselinux/src/load_policy.c
===================================================================

--- trunk/libselinux/src/load_policy.c	2008-04-18 13:48:24 UTC (rev 2862)
+++ trunk/libselinux/src/load_policy.c	2008-04-18 13:50:58 UTC (rev 2863)
@@ -43,6 +43,9 @@
 
 int load_setlocaldefs hidden = 1;
 
+#undef max
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
 int selinux_mkload_policy(int preservebools)
 {	
 	int kernvers = security_policyvers();
@@ -127,11 +130,6 @@
 
 #endif
 
-	if (usesepol) {
-		maxvers = vers_max();
-		minvers = vers_min();
-	}
-
 	/*
 	 * Check whether we need to support local boolean and user definitions.
 	 */
@@ -157,6 +155,13 @@
 	if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
 		preservebools = 0;
 
+	if (usesepol) {
+		maxvers = vers_max();
+		minvers = vers_min();
+		if (!setlocaldefs && !preservebools)
+			maxvers = max(kernvers, maxvers);
+	}
+
 	vers = maxvers;
       search:
 	snprintf(path, sizeof(path), "%s.%d",


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


