Stephen Smalley 3a28cff3bd selinux: avoid silent denials in permissive mode under RCU walk ... commit 0dc1ba24f7 ("SELINUX: Make selinux cache VFS RCU walks safe") results in no audit messages at all if in permissive mode because the cache is updated during the rcu walk and thus no denial occurs on the subsequent ref walk. Fix this by not updating the cache when performing a non-blocking permission check. This only affects search and symlink read checks during rcu walk. Fixes: 0dc1ba24f7 ("SELINUX: Make selinux cache VFS RCU walks safe") Reported-by: BMK <bmktuwien@gmail.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>		2019-01-10 20:32:53 -05:00
..
audit.h	SELinux: keep the code clean formating and syntax	2008-07-14 15:01:36 +10:00
avc_ss.h	selinux: wrap AVC state	2018-03-20 16:58:17 -04:00
avc.h	selinux: avoid silent denials in permissive mode under RCU walk	2019-01-10 20:32:53 -05:00
classmap.h	net: initial AF_XDP skeleton	2018-05-03 15:55:23 -07:00
conditional.h	selinux: wrap global selinux state	2018-03-01 18:48:02 -05:00
ibpkey.h	selinux: Add a cache for quicker retreival of PKey SIDs	2017-05-23 12:28:12 -04:00
initial_sid_to_string.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
netif.h	selinux: make the netif cache namespace aware	2014-09-10 17:09:57 -04:00
netlabel.h	selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration	2018-02-26 17:45:32 -05:00
netnode.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
netport.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
objsec.h	selinux: wrap global selinux state	2018-03-01 18:48:02 -05:00
security.h	selinux: make "selinux_policycap_names[]" const char *	2018-11-26 18:26:22 -05:00
xfrm.h	security: Remove rtnl_lock() in selinux_xfrm_notify_policyload()	2018-03-29 13:47:53 -04:00