SELinux: flush the avc before disabling SELinux

Before SELinux is disabled at boot it can create AVC entries. This patch will flush those entries before disabling SELinux. Signed-off-by: Eric Paris <[email protected]> Signed-off-by: James Morris <[email protected]>
goeke · Sep 14, 2009 · 4e6d0bf · 4e6d0bf
1 parent 008574b
commit 4e6d0bf
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void)
 
 void avc_disable(void)
 {
+	avc_flush();
+	synchronize_rcu();
 	if (avc_node_cachep)
 		kmem_cache_destroy(avc_node_cachep);
 }