similar to: Memory leaks in backgroundrb

The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error.

On Fri, Mar 24, 2023 at 6:18?AM Roberto Sassu <roberto.sassu at huaweicloud.com> wrote: > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > <roberto.sassu at huaweicloud.com> wrote: > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > Currently,

Hi! My cron-based worker is being indeed invoked by backgroundRB at correct times. But... After several runs it can no longer find DB columns! The same query, which was running OK an hour ago starts to throw MySQL error about unkown column in where clause. If I restart backgroundrb it works for some time but stops working after several invocations. Has anyone epxerienced the similar beahviour?

Hi tinc list members, There were some problems with Ivo's email adresses (both zarq@iname.com and zarq@spark.icicle.dhs.org) so I resent the stuff to the mailling list. ============================================= Hi Ivo, Hier is een oplossing voor een bugje in flush_queue(), en ook wat andere troepjes zoals een tincd scheduler. Dit werkt wat beter, omdat de

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

Add some warnings. Well, the first patch is a miscellaneous change, but patches 2-5 add some warnings. Rich.

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

We just had a security application vendor come in. We asked about Linux support and he said that putting a security application on top of an insecure OS was useless. When I asked what he meant by insecure he replied that Linux does not have a true Auditing capability - as opposed to HP-UX & Solaris which they do support. Can anyone explain to me what he was talking about? Thanks, Marty

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

The Wine development release 1.7.20 is now available. What's new in this release (see below for details): - X11 drag & drop fixes. - A few more C/C++ runtime functions. - Fixes for various memory issues found by Valgrind. - Some OLE storage fixes. - Various bug fixes. The source is available from the following locations: