Re: Possible fix

kmalloc with locks held in xfrm. · Dave Jones <hidden> · 2014-02-27
Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-28
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-03-02
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-07
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
[PATCH 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-04
[PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-04
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCH 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-04
RE: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Laight <hidden> · 2014-03-04
Re: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Miller <davem@davemloft.net> · 2014-03-04
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Paul Moore <paul@paul-moore.com> · 2014-03-05
[PATCHv2 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-10

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: 2014-03-05 12:20:09

On Fri, Feb 28, 2014 at 05:10:47PM -0500, Paul Moore wrote:

On Friday, February 28, 2014 11:10:07 AM Nikolay Aleksandrov wrote:

quoted

On 02/28/2014 08:23 AM, Steffen Klassert wrote:

quoted

Looking at the git history, it seems that this bug is about nine
years old. I guess noone is actually using this.

Most (all?) of the labeled IPsec users use the netlink interface and not pfkey 
so it isn't surprising that this has gone unnoticed for some time.

Right, that's not really surprising. But it is a bit surprising that
we care for the security context only if we add a socket policy via
the pfkey key manager. The security context is not handled if we do
that with the netlink key manager, see xfrm_compile_policy().

I'm not that familiar with selinux and labeled IPsec, but maybe this
needs to be implemented in xfrm_compile_policy() too.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help