[SELinux commit]SELinux userland upstream repository branch, master, updated. 20080909-148-g206e2df

ewalsh at oss.tresys.com ewalsh at oss.tresys.com
Wed Sep 2 19:37:15 CDT 2009 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".

The branch, master has been updated
       via  206e2dfe7a35e25c971baa79eee22c5eb4981b09 (commit)
       via  09cd8160d97770533d3290aeafc466b5c6fe8939 (commit)
       via  58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b (commit)
      from  acc3a041458c94820114b71876406950aeed621d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 206e2dfe7a35e25c971baa79eee22c5eb4981b09
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Sep 2 20:27:10 2009 -0400

    libselinux 2.0.86

commit 09cd8160d97770533d3290aeafc466b5c6fe8939
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Sep 2 20:23:08 2009 -0400

    Documentation updates for the removal of recounted SID's.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

commit 58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Sep 2 17:41:22 2009 -0400

    The userspace AVC currently has refcounted SID's.  This patch strips out
    the refcounting under the following justifications:
    
    1.  Managing the refcounts by calling sidput() and sidget() as
    appropriate is a difficult and bug-prone task for users of the library.
    
    2.  The userspace AVC doesn't currently make use of the refcounts to
    reclaim unused SID's unless avc_cleanup() is explicitly called.
    
    3.  The kernel itself no longer uses refcounting for it's own SID's.
    
    The implication of this change is that SID's (basically malloc'ed copies
    of security contexts) will persist in the AVC's SID table until the next
    call to avc_destroy().  This presents the potential for increased memory
    usage, but in practice I don't believe this will be an issue.  ABI
    compatibility is preserved: the avc_cleanup(), sidput(), and sidget()
    calls are changed to no-ops.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
    Acked-by:  Stephen Smalley <sds at tycho.nsa.gov>

-----------------------------------------------------------------------

Summary of changes:
 libselinux/ChangeLog                     |    3 +
 libselinux/VERSION                       |    2 +-
 libselinux/man/man3/avc_compute_create.3 |    9 +--
 libselinux/man/man3/avc_context_to_sid.3 |   45 ++---------
 libselinux/man/man3/avc_open.3           |    2 +-
 libselinux/src/avc.c                     |  122 ++++--------------------------
 libselinux/src/avc_internal.h            |   11 ---
 libselinux/src/avc_sidtab.c              |   42 +----------
 libselinux/src/avc_sidtab.h              |    2 -
 9 files changed, 32 insertions(+), 206 deletions(-)


hooks/post-receive
--
SELinux userland upstream repository

More information about the selinux-commits mailing list