Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756117AbYKEOHd (ORCPT ); Wed, 5 Nov 2008 09:07:33 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751528AbYKEOHT (ORCPT ); Wed, 5 Nov 2008 09:07:19 -0500 Received: from zombie2.ncsc.mil ([144.51.88.133]:52009 "EHLO zombie2.ncsc.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751152AbYKEOHR (ORCPT ); Wed, 5 Nov 2008 09:07:17 -0500 Subject: Re: [PATCH] selinux: recognize netlink messages for 'ip addrlabel' From: Stephen Smalley To: Michal Schmidt Cc: James Morris , linux-kernel@vger.kernel.org, Eric Paris , netdev@vger.kernel.org In-Reply-To: <20081105133506.203b48d6@leela> References: <20081105133506.203b48d6@leela> Content-Type: text/plain Organization: National Security Agency Date: Wed, 05 Nov 2008 09:05:45 -0500 Message-Id: <1225893945.19111.70.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9) Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1570 Lines: 41 On Wed, 2008-11-05 at 13:35 +0100, Michal Schmidt wrote: > In enforcing mode '/sbin/ip addrlabel' results in a SELinux error: > type=SELINUX_ERR msg=audit(1225698822.073:42): SELinux: unrecognized > netlink message type=74 for sclass=43 > > The problem is missing RTM_*ADDRLABEL entries in SELinux's netlink > message types table. > > Reported in https://bugzilla.redhat.com/show_bug.cgi?id=469423 > > Signed-off-by: Michal Schmidt Acked-by: Stephen Smalley > --- > security/selinux/nlmsgtab.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c > index ff59c0c..4ed7bab 100644 > --- a/security/selinux/nlmsgtab.c > +++ b/security/selinux/nlmsgtab.c > @@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] = > { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, > + { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, > + { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, > + { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > }; > > static struct nlmsg_perm nlmsg_firewall_perms[] = -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/