Bug 663445
Summary: | Hardcoded SELinux constants in pam_selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomas Mraz <tmraz> |
Component: | pam | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, eparis, mgrepl, mmaslano, pertusus, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pam-1.1.4-1.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 663193 | Environment: | |
Last Closed: | 2011-11-24 14:16:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Mraz
2010-12-15 20:08:47 UTC
security_class_t tclass = string_to_security_class("context"); if (!tclass) return 0; access_vector_t bit = string_to_av_perm(tclass, "contains"); if (!bit) return 0; ... retval = security_compute_av(context_str(dst_context), dst, tclass, bit, &avd); I told some people some lies earlier and need to make sure they are corrected. these values can change on selinux policy update. So you need to check the string_to_* functions before every call to security_compute_av. The results should not be cached. |