Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752081AbdFSUHx (ORCPT ); Mon, 19 Jun 2017 16:07:53 -0400 Received: from emsm-gh1-uea10.nsa.gov ([8.44.101.8]:64563 "EHLO emsm-gh1-uea10.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750930AbdFSUHv (ORCPT ); Mon, 19 Jun 2017 16:07:51 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A/i1g/hCSmE6uIPE1mPwQUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP3+p8qwAkXT6L1XgUPTWs2DsrQf2rWQ4/2rADBcqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmsrgjctsYajZZtJ6s+1xDEvmZGd+?= =?us-ascii?q?NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLD?= =?us-ascii?q?TRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljj?= =?us-ascii?q?oMOiUn+2/LlMN/kKNboAqgpxNhxY7UfJqVP+d6cq/EYN8WWXZNUsNXWiNPGIO8?= =?us-ascii?q?a5YEAfQHM+hWsoLxo0ICoQWiCQWpAu7k1z1GiWLs3aAi0OovDAHI0hIuEd0Mvn?= =?us-ascii?q?TUq8n6OqAdXu6616TI0TbOYulK1Trn9ITFcBYsquyMU7JqdsrRzFEiGR7ZjlqO?= =?us-ascii?q?sYzlPy2a1uIQuGaG6upvT+avi2o5pABxvzOiwdwshZTSho8O1lDF9Tl2wIYyJd?= =?us-ascii?q?GiTk57esSrHIFftyGdKYt7W8UvSHxrtiYi0rAKpJG2cScQxJkn2hLTceKLfoeW?= =?us-ascii?q?7h75SeqcJypzimh/d7KlnRmy9FCtyuj7VsapzllHtjFFktzQtnAV0BzT99SHRu?= =?us-ascii?q?N9/ki/3TaP0Bje6v1eLkAulKrbNoUhzqQslpsTrUvDHij2lF/wjKCKbUUr5vKk?= =?us-ascii?q?6+HmYrXivpOcNol0hR/iMqk2h8CyDus1PhIOUmSG4+iwyrLu8VPjTLlXlvE2l7?= =?us-ascii?q?PWsJHeJcQVvK65BApV35446xmiFDery8gYnHkbI1JFfxKLlY7pO0rUL/ziAve/?= =?us-ascii?q?hEqsnC9xx//aJr3hHonNLn/bnbflfLZ97VNcyQUqwdBc+Z1UELcBL+z3WkLqqt?= =?us-ascii?q?zYAQE2Mxauz+bkFtp9zIUeVnyLAqODN6PSq1CI7Po1I+aQfI8VpCr9K/896v7q?= =?us-ascii?q?jH85n0IdfKaw0ZsMdn+3AulmI1+YYXrwgtYNCGIKvg0jQ+z3jF2NTyVeZ2i9X6?= =?us-ascii?q?0i/DE3EoGmApnZRoCrnrOB2D23HppMZmBJElqMC2vnd52YW/cQbyKfOtRhnSIe?= =?us-ascii?q?VbiuVYAszhGuuxX+y7pjLuvU/DcUuo7k1Nhw/+fTjw099SRoD8SB1GGAV2N0kX?= =?us-ascii?q?kNRzAox6Bzu0h9xk2G0ah/mfxYD91T5+hSXwc9L57T1fB1C9TsVQ7bYtiJT1Om?= =?us-ascii?q?SM28AT4tVtIx38MOY0FlFtq8lhDMxTCqA74Ol7GQHJw76Ljc33nqJ8Zlz3bJzr?= =?us-ascii?q?UugEc8TstIL22mibZ19xLPCI7Rj0WZi6GqeLwE3CHX6WeDyXGDvFlCXw5tVaXJ?= =?us-ascii?q?RHUfZkzRrdTj+EzOVaOhCbMiMgFZ086NNrNKasH1jVVBXPrsIs7ebHi3m2iuHx?= =?us-ascii?q?mF3amDbIvlemoH3CXRElULnB5AtUqBYCwjBzzpmW/FFzFqXQbmeUrq/OBWoXKr?= =?us-ascii?q?R09ywwzcKwVZ3qexsjsSguaRA6cL168AkD8otjExGVG6xd+QAN2F8U4pUb9dap?= =?us-ascii?q?sF6U1GziqNuhR0JJ27B7hrnF8FawB+tE6o0A94XMEIs8EvoWhi6Q1oM6ODmAdD?= =?us-ascii?q?fjaVxtb0fLjQMHPz5ziocafd3lyY29GTrONHos81sVru9CzvXmor93F21ZMdh2?= =?us-ascii?q?CR/JrHJAobVZbgVAA88B0s4/mQZy4x6pndyXBgea21qSOQ4P8NJc0Y+l6bUvxi?= =?us-ascii?q?CoK4JUfXNOEnI+XkYLgxllyoaA8UFPxD/64zecW9fr2J37D9eK4qmyqriyxD4Z?= =?us-ascii?q?thgHmh3BdGa9L5l6046cqp5Teqcn202FOgtN3n3JtJbiwIH3aujC3jCJNVa4Vs?= =?us-ascii?q?cosRT2SjOcu6wpN5nZG7HzZf7FOlT1cHw9PhLR6TaUHtmA5dz0IapVS5liaiiT?= =?us-ascii?q?95iTckquyYxiOYkMr4cx9SAXJGXGlvix/XJIGwi90LFByzYxMBiAqu5UG8wbNS?= =?us-ascii?q?4qt4MT+AEg9zYyHqIjQ6AeOLvb2YbpsKsclwvA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2HkBACvLUhZ/wHyM5BcHAEBBAEBCgEBFwEFAQsBgwMrgW+?= =?us-ascii?q?Da5pnBoEomAiGJAKCWVcBAQEBAQEBAQIBAmgogjMkAYJBAQUjDwFWCw0BCgICJ?= =?us-ascii?q?gICVwYBEogLghQNrWKCJiUCg24Bh0EBAQEHAQEBASSBC4URhUmHe4JhBZ5ek1+?= =?us-ascii?q?LMYZcSJRBWIEKJwkCHwghD4cdAVYkNolPAQEB?= Message-ID: <1497903059.27645.9.camel@tycho.nsa.gov> Subject: Re: [PATCH] selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets From: Stephen Smalley To: Luis Ressel , Paul Moore , Eric Paris , James Morris , "Serge E. Hallyn" , "moderated list:SELINUX SECURITY MODULE" , "open list:SECURITY SUBSYSTEM" , open list Date: Mon, 19 Jun 2017 16:10:59 -0400 In-Reply-To: <20170618214532.3031-1-aranea@aixah.de> References: <20170618214532.3031-1-aranea@aixah.de> Organization: National Security Agency Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6 (3.22.6-2.fc25) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 805 Lines: 26 On Sun, 2017-06-18 at 23:45 +0200, Luis Ressel wrote: > For PF_UNIX, SOCK_RAW is synonymous with SOCK_DGRAM (cf. > net/unix/af_unix.c). This is a tad obscure, but libpcap uses it. No Signed-off-by? Feel free to add my: Acked-by: Stephen Smalley > --- >  security/selinux/hooks.c | 1 + >  1 file changed, 1 insertion(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 819fd6858b49..1a331fba4a3c 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1275,6 +1275,7 @@ static inline u16 > socket_type_to_security_class(int family, int type, int protoc >   case SOCK_SEQPACKET: >   return SECCLASS_UNIX_STREAM_SOCKET; >   case SOCK_DGRAM: > + case SOCK_RAW: >   return SECCLASS_UNIX_DGRAM_SOCKET; >   } >   break;