[DSE-Dev] Bug#989434: libsepol 3.2: cherry-pick fix for role attributes

Christian Göttsche cgzones at googlemail.com
Thu Jun 3 18:38:31 BST 2021

Source: libsepol
Version: 3.2-1
Severity: serious

Please cherry-pick commit f7431d0e0ed9 ("libsepol: Expand role
attributes in constraint expressions") [1], as it fixes a regression
using role attributes in constraints reported at [2].
Otherwise role attributes in constraints are not validated, introduced with [3].

[1]: https://github.com/SELinuxProject/selinux/commit/f7431d0e0ed9f695a6a8af74c3f239f80649a167
[2]: https://lore.kernel.org/selinux/CAJ2a_Dd_tccbWwA_S8nnRvpAVJW8EcrU3t3R7e=McThsx0L13w@mail.gmail.com/t/#u
[3]: https://github.com/SELinuxProject/selinux/commit/0861c659b59cb106bad1b1d0c9f511a7140a1023

More information about the SELinux-devel mailing list