Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Revert "libsepol/cil: raise default attrs_expand_size to 2"
This reverts commit 692716f.

Other parts of the SELinux userspace depend on certain attributes,
such as node_type, exisiting and this change breaks those parts.

Before this patch can be reapplied, we need to identify the attributes
that must never be expanded and create a CIL module with the needed
expandtypeattribute statements (or something similar).

Signed-off-by: James Carter <jwcarter@gmail.com>
  • Loading branch information
jwcarter committed May 12, 2020
1 parent 6950ee0 commit c2c2dc6
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions libsepol/cil/src/cil.c
Expand Up @@ -455,8 +455,7 @@ void cil_db_init(struct cil_db **db)
(*db)->disable_dontaudit = CIL_FALSE;
(*db)->disable_neverallow = CIL_FALSE;
(*db)->attrs_expand_generated = CIL_FALSE;
/* 2 == remove attributes that contain none or just 1 type */
(*db)->attrs_expand_size = 2;
(*db)->attrs_expand_size = 1;
(*db)->preserve_tunables = CIL_FALSE;
(*db)->handle_unknown = -1;
(*db)->mls = -1;
Expand Down

0 comments on commit c2c2dc6

Please sign in to comment.