Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

SELinux: reset the security_ops before flushing the avc cache

This patch resets the security_ops to the secondary_ops before it flushes
the avc.  It's still possible that a task on another processor could have
already passed the security_ops dereference and be executing an selinux hook
function which would add a new avc entry.  That entry would still not be
freed.  This should however help to reduce the number of needless avcs the
kernel has when selinux is disabled at run time.  There is no wasted
memory if selinux is disabled on the command line or not compiled.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Eric Paris 16 years ago
parent
1669b049db
commit
af8ff04917
1 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 3 3
      security/selinux/hooks.c

+ 3 - 3
security/selinux/hooks.c
View File 

@@ -5830,12 +5830,12 @@ int selinux_disable(void)
 
 	selinux_disabled = 1;
 
 	selinux_enabled = 0;
 
 
-	/* Try to destroy the avc node cache */
 
-	avc_disable();
 
-
 
 	/* Reset security_ops to the secondary module, dummy or capability. */
 
 	security_ops = secondary_ops;
 
 
+	/* Try to destroy the avc node cache */
 
+	avc_disable();
 
+
 
 	/* Unregister netfilter hooks. */
 
 	selinux_nf_ip_exit();