On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote:

On Thu, Mar 02, 2017 at 03:45:40PM -0500, Stephen Smalley wrote:

quoted

On Wed, 2017-02-22 at 17:03 +0000, Richard Haines wrote:

<snip>

quoted

quoted

+	return err;
+}
+
+static int selinux_sctp_accept_conn(struct sctp_endpoint *ep,
+				????struct sk_buff *skb)
+{
+	struct sk_security_struct *sksec = ep->base.sk-

quoted

sk_security;

+	int err;
+	u32 connsid;
+	u32 peersid;
+
+	/* Have COOKIE ECHO so compute the MLS component for the
connection
+	?* and store the information in ep. This will only be
used
by
+	?* TCP/peeloff connections as they cause a new socket to
be
generated.

Not sure why you say TCP above. ?And won't this be true of
accept()'d

Probably just a typo, should be SCTP instead.

Yes so changed to "This will only be used by SCTP TCP type sockets
and peeled off connections".

Thanks for pointing this out, I'll fix in next patch set.

? Marcelo

quoted

quoted

+	?* selinux_sctp_sk_clone() will then plug this into the
new
socket
+	?* as described in Documentation/security/LSM-sctp.txt
+	?*/
+	err = selinux_skb_peerlbl_sid(skb, ep->base.sk-

quoted

sk_family,

&peersid);
+	if (err)
+		return err;
+
+	err = selinux_conn_sid(sksec->sid, peersid, &connsid);
+	if (err)
+		return err;
+
+	ep->secid = connsid;
+	ep->peer_secid = peersid;
+
+	return 0;
+}
+

--
To unsubscribe from this list: send the line "unsubscribe linux-
sctp" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at??http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" 
in
the body of a message to majordomo at vger.kernel.org
More majordomo info at??http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html