Received: by 10.213.65.68 with SMTP id h4csp81811imn;
        Fri, 6 Apr 2018 16:12:37 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49SSlgAn3ykR4qtvdrX8oWvH7BCyIcCI2hv8cvds2HuSxgeD8CMAnKA3VErZ+31bx/0yy5n
X-Received: by 2002:a17:902:8e8b:: with SMTP id bg11-v6mr29019999plb.225.1523056357893;
        Fri, 06 Apr 2018 16:12:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523056357; cv=none;
        d=google.com; s=arc-20160816;
        b=JzlW86t1l7sb5m3KJrL7m1JNtn/wFZYiG3JErgOZyUEPim8AJ0hbKGIGy/Ql6K6C/S
         oSOJG/yAe8lnQrrqpmh8VVLdxzRz1gq12Kr8wZs6wNKplJ9K/f6Y9n/XrKWzVnPgXq3J
         iZMzpNkgedZY5vdjjJellf36bKzPU1trsJ/+zwE8z5AEQ47S+hQgWoR8LaFHiVLFHWMm
         cE88GvzK4uyx4FHIrrb4PrPzgsFV9RK3UyP2RnHxjQU01K/qPFU8TksDZECN6nJ4eNRI
         xrPFZ7owTr31XQbx9V0MOjLP/mRdZTEI0pzpGSEkoYRfFsE5Yw/9stxl95CKIYv7BPtn
         OVOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=3pwPtu5XYAuUtVgUxZxMlojgZKdJB7EPD5jSJJiVEd4=;
        b=uX7Pis5Y3hDKAT97/rwUNzOUAQ0NdK0OaD4oay2RnfI8YMBPirfJxSnYJ2mlH2LobB
         /cCASs1qwJOfsQRMZuziusgy6omsCB0VJyXmmtxoAVlMHP9aRcwqyQeTlbPuJmHeJSOv
         8no0/HZ16wAnTvgbGgMggkRYrOD3UE0bnitUKOOKjh2acrwEmQWU68ELUm1cHBqJU17r
         CbAxfxAfi9tvokG40oS6Xz4xd6Q7XN4D4eoUCQk31zzSA7lgWaqxw+wgkicqVygwCJzv
         crwWh6wpG9xNqCzwFuwi4kA9uCgSF0Cs0r3LEnuaFbMHbs99IrTr47KDzlYuUHA9RAi7
         BdPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=MOa+smw1;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Z+3trrKW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k76si8812280pfb.146.2018.04.06.16.11.29;
        Fri, 06 Apr 2018 16:12:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=MOa+smw1;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Z+3trrKW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753027AbeDFXHF (ORCPT <rfc822;tuxbino@gmail.com> + 99 others);
        Fri, 6 Apr 2018 19:07:05 -0400
Received: from mail-io0-f195.google.com ([209.85.223.195]:35182 "EHLO
        mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752989AbeDFXHE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 6 Apr 2018 19:07:04 -0400
Received: by mail-io0-f195.google.com with SMTP id x77so3476250ioi.2;
        Fri, 06 Apr 2018 16:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=3pwPtu5XYAuUtVgUxZxMlojgZKdJB7EPD5jSJJiVEd4=;
        b=MOa+smw1mfKT+8ASoRBFgy2mmpxjBZIFF8X4KsWPPaV0PiBRZz/snf5xbIrWZ8gcof
         ZveJvuB8OnHgAAXWLD1Wr/JejhYKtQ/Vs+GuXeSF2Vrtgqa1Wot25ynl4xwxpklmavIs
         LHi44JMAb4n0UtUC/SZr6sin1LZygjls3YpDLuTpTLoozNttaDJ851uAqc0cx+fzB/Bh
         fhEY9mflC7xolLskvPHirKl667zDUF5dc2xF983oRaLua7sFgBfCDwV7O++gLBFdDHfv
         HEQ/2CoumKtfJ2BOoB2w5QnCBHG4j7+4VV4F4vREZCVpZjOhaUwKGt6/XWCVYVZgu8XY
         7Nyw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=3pwPtu5XYAuUtVgUxZxMlojgZKdJB7EPD5jSJJiVEd4=;
        b=Z+3trrKWR3hligbhymPJKPnAjmTFfvHZefxUoi8FvMLuWcBeJa1Em4CbxOzPOyMtOo
         6NjijBfQ0UqPpjQa5vF59+Z+MY/0irxxOyuZ3ni7itCxzx4FEyX5hlW5rbARgwTSn093
         z0d0igGTGXoE/mH9JPmTB4L9TmBfzX2qUZa7k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=3pwPtu5XYAuUtVgUxZxMlojgZKdJB7EPD5jSJJiVEd4=;
        b=RI0KjgsPfSHOreWSGAy6nsnzEG8B73XrkMpzX6tJi27sS+WdJ02/JS7P9LitK5dyZG
         FHiVhFB6GDAcuxOu9x5rLu5Xbm4o2ohs/MSmgbnrzc+/7acRzsfUag142QkC/Nep9xJV
         6bj2uJJT59maus955Rg4T0lr9/FCbTA5huL0Bzp6jWDQlIWLKE7aTeITGC90c6uJ3AgC
         3ZRBPWOdah3KdWcr9lH3xLnlhbMFShvkoz1mbRw2gaea57Fdc7AtH5cHFRKEXhV1zXbJ
         Rl65oBWxKzO3cDwljJKWQZXhEhowIZQ7Tn16GK3sWylwhJimPuTS9lTTQhup9oa4Nz3I
         GKqg==
X-Gm-Message-State: ALQs6tD7XOZDalipOEjkR6hhNjxqYNULhBey0q5Tjh0CC/8ykmkwZbFi
        QxIlzApG8gihYYLj9nlJ913fKf5EamE7OWkF3MMvReEB
X-Received: by 10.107.12.201 with SMTP id 70mr26450359iom.48.1523056022944;
 Fri, 06 Apr 2018 16:07:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Fri, 6 Apr 2018 16:07:02 -0700 (PDT)
In-Reply-To: <CAHC9VhQExmdXutVEhysGzf95CDzO_0sXFWQqndeeuChQ=0xbmA@mail.gmail.com>
References: <CAHC9VhQExmdXutVEhysGzf95CDzO_0sXFWQqndeeuChQ=0xbmA@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri, 6 Apr 2018 16:07:02 -0700
X-Google-Sender-Auth: k5nY5oTl2yKS5td1_RnLVZ74QGs
Message-ID: <CA+55aFzzxfAL+Khed9nc-RzB2P3FxrCgr6Whmh_bYondTQvO6A@mail.gmail.com>
Subject: Re: [GIT PULL] SELinux patches for v4.17
To:     Paul Moore <paul@paul-moore.com>, Xin Long <lucien.xin@gmail.com>
Cc:     selinux@tycho.nsa.gov,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 6:37 PM, Paul Moore <paul@paul-moore.com> wrote:
>
> Everything passes the selinux-testsuite, but there are a few known
> merge conflicts.  The first is with the netdev tree and is in
> net/sctp/socket.c.  Unfortunately it is a bit ugly, thankfully Stephen
> Rothwell has already done the heavy lifting in resolving the merge for
> you, and the SCTP folks have given his merge patch a thumbs-up.

I ended up re-doing the merge, and it looks like some more sctp
changes happened after Stephen's merge anyway, so mine didn't end up
quite like his.

Adding Xin Long to see if he can verify it again, but it all *looks* sane.

While looking at it, it struck me that the new security hooks don't
seem to hook into __sctp_connect(), which also does that

                        scope = sctp_scope(&to);
                        asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);

thing. Is that intentional? The sendmsg case does that
security_sctp_bind_connect, the actual __sctp_connect() does not.

This is not because I screwed up the merge - it's that way in the
SELinux tree too. And I obviously _left_ it that way, but while doing
the merge and trying to understand what was going on, this struck me.

I'm probably missing something really obvious why the connect case
doesn't want to do it thgere.

NOTE! I do see it being done in __sctp_setsockopt_connectx(). But
__sctp_connect() has another caller (in sctp_connect()) which doesn't
have that security_sctp_bind_connect() call.

So please check my resolution, but also somebody should tell me
"Linus, you're a cretin, sctp_connect() doesn't want that
security_sctp_bind_connect() at all because it was already done by
XYZ"

                 Linus