mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Browse Source 
Pull SELinux updates from Paul Moore:
 "Six SELinux patches, all are simple and easily understood, but a list
  of the highlights is below:

   - Use 'grep -E' instead of 'egrep' in the SELinux policy install
     script.

     Fun fact, this seems to be GregKH's *second* dedicated SELinux
     patch since we transitioned to git (ignoring merges, the SPDX
     stuff, and a trivial fs reference removal when lustre was yanked);
     the first was back in 2011 when selinuxfs was placed in
     /sys/fs/selinux. Oh, the memories ...

   - Convert the SELinux policy boolean values to use signed integer
     types throughout the SELinux kernel code.

     Prior to this we were using a mix of signed and unsigned integers
     which was probably okay in this particular case, but it is
     definitely not a good idea in general.

   - Remove a reference to the SELinux runtime disable functionality in
     /etc/selinux/config as we are in the process of deprecating that.

     See [1] for more background on this if you missed the previous
     notes on the deprecation.

   - Minor cleanups: remove unneeded variables and function parameter
     constification"

Link: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable [1]

* tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: remove runtime disable message in the install_policy.sh script
  selinux: use "grep -E" instead of "egrep"
  selinux: remove the unneeded result variable
  selinux: declare read-only parameters const
  selinux: use int arrays for boolean values
  selinux: remove an unneeded variable in sel_make_class_dir_entries()
This commit is contained in:
Linus Torvalds
2022-10-03 17:45:15 -07:00
parent eafb121ec0 2fe2fb4ce6
commit e816da29bc
7 changed files with 48 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/selinux/install_policy.sh
View File

@@ -31,8 +31,7 @@ fi
if selinuxenabled; then
echo "SELinux is already enabled"
echo "This prevents safely relabeling all files."
echo "Boot with selinux=0 on the kernel command-line or"
echo "SELINUX=disabled in /etc/selinux/config."
echo "Boot with selinux=0 on the kernel command-line."
exit 1
fi
@@ -78,7 +77,7 @@ cd /etc/selinux/dummy/contexts/files
$SF -F file_contexts /
mounts=`cat /proc/$$/mounts | \
egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
awk '{ print $2 '}`
$SF -F file_contexts $mounts