On Tue, 2017-07-25 at 10:45 -0400, Paul Moore wrote:
> On Tue, Jul 25, 2017 at 5:59 AM, Paolo Abeni wrote:
> > On Mon, 2017-07-24 at 22:00 -0400, Paul Moore wrote:
> > > > I'm happy to test this, but if you are curious, you can find the
> > > > selinux-testsuite at the link
On Tue, Jul 25, 2017 at 5:59 AM, Paolo Abeni wrote:
> On Mon, 2017-07-24 at 22:00 -0400, Paul Moore wrote:
>> > I'm happy to test this, but if you are curious, you can find the
>> > selinux-testsuite at the link below; the "inet_socket" tests are the
>> > ones relevant to this
On Mon, 2017-07-24 at 22:00 -0400, Paul Moore wrote:
> > I'm happy to test this, but if you are curious, you can find the
> > selinux-testsuite at the link below; the "inet_socket" tests are the
> > ones relevant to this problem.
> >
> > * https://github.com/SELinuxProject/selinux-testsuite
On Mon, Jul 24, 2017 at 3:00 PM, Paul Moore wrote:
> On Mon, Jul 24, 2017 at 12:09 PM, Paolo Abeni wrote:
>> Hi,
>>
>> On Mon, 2017-07-24 at 10:42 -0400, Paul Moore wrote:
>>> The change in behavior for userspace makes me a little nervous as
>>> there is
On Mon, Jul 24, 2017 at 12:09 PM, Paolo Abeni wrote:
> Hi,
>
> On Mon, 2017-07-24 at 10:42 -0400, Paul Moore wrote:
>> The change in behavior for userspace makes me a little nervous as
>> there is no way of knowing how any random application may be coded.
>> Even if we are
Hi,
On Mon, 2017-07-24 at 10:42 -0400, Paul Moore wrote:
> The change in behavior for userspace makes me a little nervous as
> there is no way of knowing how any random application may be coded.
> Even if we are confident that the majority of applications set
> IP_PASSSEC before calling bind(),
On Mon, Jul 24, 2017 at 8:25 AM, Paolo Abeni wrote:
> Hi,
>
> On Fri, 2017-07-21 at 18:19 -0400, Paul Moore wrote:
>> I've been seeing a SELinux regression with IP_PASSSEC on the v4.13-rcX
>> kernels and finally tracked the problem down to the
>> skb_release_head_state() call
Hi,
On Fri, 2017-07-21 at 18:19 -0400, Paul Moore wrote:
> I've been seeing a SELinux regression with IP_PASSSEC on the v4.13-rcX
> kernels and finally tracked the problem down to the
> skb_release_head_state() call in __udp_queue_rcv_skb(). Looking at
> the code and the git log it would appear
Hello,
I've been seeing a SELinux regression with IP_PASSSEC on the v4.13-rcX
kernels and finally tracked the problem down to the
skb_release_head_state() call in __udp_queue_rcv_skb(). Looking at
the code and the git log it would appear that the likely culprit is
0a463c78d25b ("udp: avoid a