Commit 4e6d0bff authored Sep 12, 2009 by Eric Paris Committed by James Morris Sep 14, 2009

SELinux: flush the avc before disabling SELinux



Before SELinux is disabled at boot it can create AVC entries.  This patch
will flush those entries before disabling SELinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

parent 008574b1

security/selinux/avc.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void)

		void avc_disable(void)
		{
		avc_flush();
		synchronize_rcu();
		if (avc_node_cachep)
		kmem_cache_destroy(avc_node_cachep);
		}