aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorGary Tierney2017-01-09 10:07:32 -0500
committerPaul Moore2017-01-09 10:07:32 -0500
commit900fde06cb9d27625fec4f5cabd7f5462adc79fb (patch)
tree11fb58c6c970d18b21e02f86631d3dbf27c43b11 /security
parent4262fb51c9f53e0c623663216e6a5d1872a45824 (diff)
selinux: default to security isid in sel_make_bools() if no sid is found
Use SECINITSID_SECURITY as the default SID for booleans which don't have a matching SID returned from security_genfs_sid(), also update the error message to a warning which matches this. This prevents the policy failing to load (and consequently the system failing to boot) when there is no default genfscon statement matched for the selinuxfs in the new policy. Signed-off-by: Gary Tierney <gary.tierney@gmx.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/selinuxfs.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 7672b61d6673..c354807381c1 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1311,9 +1311,9 @@ static int sel_make_bools(void)
isec = (struct inode_security_struct *)inode->i_security;
ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
if (ret) {
- pr_err("SELinux: failed to lookup sid for %s\n", page);
- goto out;
-
+ pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
+ page);
+ sid = SECINITSID_SECURITY;
}
isec->sid = sid;