Brian, This is an update. I found out where we handled the cred incorrectly. I'll fix that. I logged a P3 bug:
CR 6685898 P3 TX: server side sends incorrect cred when MLP is in use When sending back the SYN-ACK, the code noticed the existence of a peercred, which only exists for MLP connections, and used that. While the peercred contains the correct label for that connection, everything else in the cred is wrong, needless to say. The server should have used its own cred + correct label for that connection. Thanks for finding the bug. Jarrett Jarrett Lu wrote: > Brian, > > You are right that a client doesn't get correct ucred of its connected > peer > when MLP is in use. I'll investigate why that's the case. > > Thanks. > > Jarrett > > > Brian Vetter wrote: >> Jarrett, >> >> Rather than the pid, can you check to see if the proper ruid, euid >> rgid, and egid are there. In my test, the pid information is correct. >> But the ruid, euid, egid, and zoneid are all wrong (they are the >> client's information). I have not checked the label and other peer info. >> _______________________________________________ networking-discuss mailing list [email protected]
