Re: [PATCH v2 0/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options
From: Paul Moore <paul@paul-moore.com>
Date: 2024-06-14 15:08:53
Also in:
linux-security-module
From: Paul Moore <paul@paul-moore.com>
Date: 2024-06-14 15:08:53
Also in:
linux-security-module
On Fri, Jun 14, 2024 at 3:20 AM [off-list ref] wrote:
Hello: This series was applied to netdev/net.git (main) by David S. Miller [off-list ref]:
Welp, that was premature based on the testing requests in the other thread, but what's done is done. Ondrej, please accelerate the testing if possible as this patchset now in the netdev tree and it would be good to know if it need a fix or reverting before the next merge window.
On Fri, 7 Jun 2024 18:07:51 +0200 you wrote:quoted
This series aims to improve cipso_v4_skbuff_delattr() to fully remove the CIPSO options instead of just clearing them with NOPs. That is implemented in the second patch, while the first patch is a bugfix for cipso_v4_delopt() that the second patch depends on. Tested using selinux-testsuite a TMT/Beakerlib test from this PR: https://src.fedoraproject.org/tests/selinux/pull-request/488 [...]Here is the summary with links: - [v2,1/2] cipso: fix total option length computation https://git.kernel.org/netdev/net/c/9f3616991233 - [v2,2/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (no matching commit) You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
-- paul-moore.com