SELinux: flush the avc before disabling SELinux
authorEric Paris <eparis@redhat.com>
Sun, 13 Sep 2009 02:54:23 +0000 (22:54 -0400)
committerJames Morris <jmorris@namei.org>
Mon, 14 Sep 2009 02:34:11 +0000 (12:34 +1000)
Before SELinux is disabled at boot it can create AVC entries.  This patch
will flush those entries before disabling SELinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/avc.c

index f6012462364592068f8d801507a0dbcd6835ed20..1ed0f076aadcfebbce2b1b3eed1c679e87765bd9 100644 (file)
@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void)
 
 void avc_disable(void)
 {
+       avc_flush();
+       synchronize_rcu();
        if (avc_node_cachep)
                kmem_cache_destroy(avc_node_cachep);
 }