Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 | netdev

(off-list ancestor, not in this archive)
Re: Is TCP over IPsec broken in 2.6.18? · Herbert Xu <herbert@gondor.apana.org.au> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · jamal <hidden> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
[PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-01
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-02
[PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · David Miller <davem@davemloft.net> · 2006-10-03
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-05
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · David Miller <davem@davemloft.net> · 2006-10-05

Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02

From: Evgeniy Polyakov <hidden>
Date: 2006-10-02 16:01:27

Possibly related (same subject, not in this thread)

2006-10-04 · RE: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Venkat Yekkirala <hidden>

On Mon, Oct 02, 2006 at 10:27:13AM -0400, James Morris (jmorris@namei.org) wrote:

Updated version of the patch, which return directly after a flow cache 
lookup error in xfrm_lookup rather than returing via the cleanup path 
(which was causing a spurious dst_release).

This works for me, although I never saw the oops with the old patch.

Evgeniy, let me know if this fixes the oops you're seeing.

With enabled selinux in enforcing mode I can not even get messages to
racoon, i.e. tcpdump sees first message of the daemon, but racoon log
(with a lot of -d) is not changed.
With permissive mode everything works fine.

It is possible that it is 2.6.18 only problem though, I will try
previous kernels.

-- 
	Evgeniy Polyakov

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help