Hello,

On Wed, 2020-12-16 at 08:31 -0800, Casey Schaufler wrote:

On 12/16/2020 3:55 AM, Paolo Abeni wrote:

quoted

The MPTCP protocol uses a specific protocol value, even if
it's an extension to TCP. Additionally, MPTCP sockets
could 'fall-back' to TCP at run-time, depending on peer MPTCP
support and available resources.

As a consequence of the specific protocol number, selinux
applies the raw_socket class to MPTCP sockets.

Have you looked at the implications for Smack?

AFAICS, the only hooks which can be affected is
smack_socket_post_create() - that is, the only hook with a 'protocol'
argument coming directly from the socket APIs.

If I read the code correctly, such hook behaves independently from
'protocol' value. Overall no changes should be needed for smack.

Thanks!

Paolo