Received: by 10.213.65.68 with SMTP id h4csp1639016imn; Sun, 8 Apr 2018 08:08:42 -0700 (PDT) X-Google-Smtp-Source: AIpwx49d++2UHuivnovVNEUaTGMFvuUZ9Q/AhW0szopuJ4hEDAUIFi66Ltx68awaia/pxHFrWA3/ X-Received: by 2002:a17:902:bb87:: with SMTP id m7-v6mr35675294pls.103.1523200122435; Sun, 08 Apr 2018 08:08:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523200122; cv=none; d=google.com; s=arc-20160816; b=Nc0MKhPDihxpOt+ngOlk/KPXVr61x/BUX7hXgZ4OlcTIA+ShywyfqOHUkPN0hHkoAX lPrNvjuJtJ79XEQPyE5st0pCa4h4wgO/h5HhYX62GRuUXgBcw2becvV4u/jOX9tI8w17 e+NjcgTfSyltbJnuNbbDz3c9r8h5O/xkETVHIYLIxMPaeI9bO+kd5o5ZUb9sNsO4pZqS ip4yuvy+B5QpLA5xvN5lUMZy1cGiiWvXvE9oWeO03Z6ZeWzt+NZWs60c07lHgEBI3y5M SC3aa2u+al9YV0QT0vq+5chenLlH/v/v45ug5enPBqq8gXhv3HBEHOsYJS0DFyR9rjQY PFKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=oalmfF/V49XWOzmsRtuXv4m/QSIss6NUi57DJ8eOrMs=; b=NNmxCuE6H4nwfQe8DOJewCOsKm0xvXtxoRUlzHNnWgBtyptgQ1VkEty5hYRSVn94p2 OyHwD+Quizv9CP6dkYRh68fMW/GAzqY99FJt4BdTA8JZ4WgSyrdzXhG8SXbe37+7bQ1I xMU2QsfCARTqt2BddeGYtNVletPfUh6Aq0dH27uFba1+miqzEnO0S5KYA2JaPSWOGH/k xxzt+jjq3zMJp4w/kgMTQEUIAK9UgEJPc5mwrPd/JlJY/7VhNpsfk782/6bfafSlgUiE tuGfiEaW3CRvQLHeDxdGfUbg18kBSCfUClsyvLlKpJJtxa6P9F++VevEsL49YOC7tYP4 XtvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@btinternet.com header.s=btcpcloud header.b=q+ArTXLG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=btinternet.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h18si9052244pfi.31.2018.04.08.08.07.50; Sun, 08 Apr 2018 08:08:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@btinternet.com header.s=btcpcloud header.b=q+ArTXLG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=btinternet.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752264AbeDHOJo (ORCPT + 99 others); Sun, 8 Apr 2018 10:09:44 -0400 Received: from rgout0707.bt.lon5.cpcloud.co.uk ([65.20.0.147]:13844 "EHLO rgout0707.bt.lon5.cpcloud.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752068AbeDHOJn (ORCPT ); Sun, 8 Apr 2018 10:09:43 -0400 X-OWM-Source-IP: 86.134.53.205 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-RazorGate-Vade-Classification: clean X-RazorGate-Vade-Verdict: clean 0 X-VadeSecure-score: verdict=clean score=0/300, class=clean X-SNCR-VADESECURE: CLEAN X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedtgedrhedvgdejgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkffuhffvffgjfhgtofgggfesthejredtredtjeenucfhrhhomheptfhitghhrghrugcujfgrihhnvghsuceorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpmhgrrhgtrdhinhhfohdpphgruhhlqdhmohhorhgvrdgtohhmnecukfhppeekiedrudefgedrheefrddvtdehnecurfgrrhgrmhephhgvlhhopehlohgtrghlhhhoshhtrdhlohgtrghlughomhgrihhnpdhinhgvthepkeeirddufeegrdehfedrvddthedpmhgrihhlfhhrohhmpeeorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecuvehluhhsthgvrhfuihiivgeptd Received: from localhost.localdomain (86.134.53.205) by rgout07.bt.lon5.cpcloud.co.uk (9.0.019.26-1) (authenticated as richard_c_haines@btinternet.com) id 5ABD09F900C913FC; Sun, 8 Apr 2018 15:09:21 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1523196583; bh=oalmfF/V49XWOzmsRtuXv4m/QSIss6NUi57DJ8eOrMs=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References:X-Mailer:Mime-Version; b=q+ArTXLGXuJXLxunMlPqnok8Sp6/M/qbRY2QSf0b/codHWVWg+/XIF8Sfw+ZsZGqBTMWdbb7sUFGwABaqaGS8jdNnVNXi0DaIdrvQT1eB6GVdzuNzfNkxM3+EMZ8JtCCZcc+YwWZpJ6jsoVMPy7+JK2IBZMs+AxdG1eMPKcdPw4= Message-ID: <1523196560.6192.3.camel@btinternet.com> Subject: Re: [GIT PULL] SELinux patches for v4.17 From: Richard Haines To: Paul Moore , Linus Torvalds Cc: Xin Long , selinux@tycho.nsa.gov, LSM List , Linux Kernel Mailing List Date: Sun, 08 Apr 2018 15:09:20 +0100 In-Reply-To: <162a54f1470.2781.85c95baa4474aabc7814e68940a78392@paul-moore.com> References: <1523120055.31267.13.camel@btinternet.com> <162a54f1470.2781.85c95baa4474aabc7814e68940a78392@paul-moore.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.5 (3.26.5-1.fc27) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: > On April 7, 2018 1:03:57 PM Linus Torvalds .org> wrote: > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines > wrote: > > So please check my resolution, but also somebody should tell me > "Linus, you're a cretin, sctp_connect() doesn't want that > security_sctp_bind_connect() at all because it was already done by > XYZ" > > sctp_connect() or __sctp_connect() do not need to call > security_sctp_bind_connect(). This is because the connect(2) call > will > handle the checks required via security_socket_connect(): > > Ok, thanks, that's exactly what I wanted to get. > > Anyway, somebody should still verify that it all looks good in my > tree, but I don't actually expect the merge to have had any issues > even if the refactoring made it a bit more complex than most merges > are. > > Thanks for the quick response Richard. > > Xin Long looked it over and gave it the thumbs up, I'll take a look > too, but to be honest I trust his SCTP understanding much more than > mine. I also do weekly tests of each rcX release at a minimum so if > something odd pops up I'll make sure you get a fix. > > Thanks again everyone. I built the kernel this morning and sorry to spoil the party, but I've run into a problem with lksctp-tools when running the func_tests: make v6test .. .. ./test_timetolive_v6 test_timetolive.c 0 INFO : Creating fillmsg of size 3087 test_timetolive.c 1 PASS : Send a message with timeout test_timetolive.c 2 PASS : Send a message with no timeout test_timetolive.c 3 PASS : Send a fragmented message with timeout test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** test_timetolive.c 4 BROK : Got a datamsg of unexpected length:23, expected length:27 DUMP_CORE sctputil.c: 247 /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a test_timetolive_v6 fails make v4 test fails the same way. I'm using lksctp-tools from [1]. I have not investigated the cause yet as just found this and thought I should flag first just in case someone has the answer !!! On the bright side, I've run the sctp-tests from [2] with no problems and also the selinux-testsuite with my SCTP patch from [3] using an updated Fedora policy from [4] (with sctp support added), all in enforcing mode. Also the LTP test passed: cd /opt/ltp/ cat runtest/syscalls |grep connect01>runtest/connect-syscall ./runltp -pq -f connect-syscall .... [1] https://github.com/sctp/lksctp-tools [2] https://github.com/sctp/sctp-tests [3] https://marc.info/?l=selinux&m=152156947715709&w=2 [4] https://github.com/fedora-selinux/selinux-policy > > -- > paul moore > www.paul-moore.com > > >