Re: [PATCH ghak57 V2] selinux: format all invalid context as untrusted

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue https://github.com/linux-audit/audit-kernel/issues/57 Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; --- security/selinux/ss/services.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-)