diff options
author | Eric Paris <eparis@redhat.com> | 2009-09-12 22:54:23 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-09-13 22:34:11 -0400 |
commit | 4e6d0bffd3d72a32b620525c9007d2482c731775 (patch) | |
tree | f4a3ff34e800be74469bec99834780b4a0294dec | |
parent | 008574b11171a1ee9583a00188e27ff9e0432061 (diff) |
SELinux: flush the avc before disabling SELinux
Before SELinux is disabled at boot it can create AVC entries. This patch
will flush those entries before disabling SELinux.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/avc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index f60124623645..1ed0f076aadc 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void) | |||
868 | 868 | ||
869 | void avc_disable(void) | 869 | void avc_disable(void) |
870 | { | 870 | { |
871 | avc_flush(); | ||
872 | synchronize_rcu(); | ||
871 | if (avc_node_cachep) | 873 | if (avc_node_cachep) |
872 | kmem_cache_destroy(avc_node_cachep); | 874 | kmem_cache_destroy(avc_node_cachep); |
873 | } | 875 | } |