RE: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
My apologies. The second one is also numbered 1, but has the following distinct subject line: [PATCH 1/3] Fix for IPsec leakage with SELinux enabled - V.03: Fix xfrm code I definitely deleted one of them, since I usually get N copies of very single patch posting and two of them looked identical:) I guess this is probably the reason why I don't see the fix in net-2.6.git yet :) I will resend the patchset with the subject titles fixed up since it needs to be in 2.6.19. - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
On Thu, Oct 05, 2006 at 03:42:13PM -0500, Venkat Yekkirala ([EMAIL PROTECTED]) wrote: This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure. I applied all three patches and rerun my acrypto tests, which do not show any unencrypted packets anymore, so I ack this changes since they fix the problem. Thanks. -- Evgeniy Polyakov - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure. include/linux/security.h| 24 ++- include/net/flow.h |2 include/net/xfrm.h |3 net/core/flow.c | 42 net/ipv4/xfrm4_policy.c |2 net/ipv6/xfrm6_policy.c |2 net/key/af_key.c|5 - net/xfrm/xfrm_policy.c | 101 ++ net/xfrm/xfrm_user.c|9 -- security/dummy.c|3 security/selinux/include/xfrm.h |3 security/selinux/xfrm.c | 53 --- 12 files changed, 162 insertions(+), 87 deletions(-) - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
From: Venkat Yekkirala [EMAIL PROTECTED] Date: Thu, 05 Oct 2006 15:42:13 -0500 This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure. I only have patches 1 and 3 in my inbox, did you forget to send the second one out or are they simply misnumbered? - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure. I only have patches 1 and 3 in my inbox, did you forget to send the second one out or are they simply misnumbered? My apologies. The second one is also numbered 1, but has the following distinct subject line: [PATCH 1/3] Fix for IPsec leakage with SELinux enabled - V.03: Fix xfrm code - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure. I only have patches 1 and 3 in my inbox, did you forget to send the second one out or are they simply misnumbered? My apologies. The second one is also numbered 1, but has the following distinct subject line: [PATCH 1/3] Fix for IPsec leakage with SELinux enabled - V.03: Fix xfrm code In actuality, patch 2 in the series has the following subject line: [PATCH 1/3] Fix for IPsec leakage with SELinux enabled - V.03 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
From: Venkat Yekkirala [EMAIL PROTECTED] Date: Thu, 5 Oct 2006 17:07:59 -0400 My apologies. The second one is also numbered 1, but has the following distinct subject line: [PATCH 1/3] Fix for IPsec leakage with SELinux enabled - V.03: Fix xfrm code I definitely deleted one of them, since I usually get N copies of very single patch posting and two of them looked identical:) - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 0/3] Fix for IPsec leakage with SELinux enabled - V.03
These patches look ok to me. I've tested them and applied them to the git tree [1]. Stephen, please let me know if you see any problems. -- James Morris [EMAIL PROTECTED] [1] Git - git://git.infradead.org/~jmorris/selinux-2.6.git Web - http://git.infradead.org/?p=users/jmorris/selinux-2.6.git;a=summary - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html