diff for duplicates of <1490178167.27019.8.camel@btinternet.com> diff --git a/a/1.txt b/N1/1.txt index 51bf089..521f3d8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -8,7 +8,7 @@ On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote: > > > +} > > > + > > > +static int selinux_sctp_accept_conn(struct sctp_endpoint *ep, -> > > + ????struct sk_buff *skb) +> > > + struct sk_buff *skb) > > > +{ > > > + struct sk_security_struct *sksec = ep->base.sk- > > > >sk_security; @@ -18,14 +18,14 @@ On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote: > > > + > > > + /* Have COOKIE ECHO so compute the MLS component for the > > > connection -> > > + ?* and store the information in ep. This will only be +> > > + * and store the information in ep. This will only be > > > used > > > by -> > > + ?* TCP/peeloff connections as they cause a new socket to +> > > + * TCP/peeloff connections as they cause a new socket to > > > be > > > generated. > > -> > Not sure why you say TCP above. ?And won't this be true of +> > Not sure why you say TCP above. And won't this be true of > > accept()'d > > Probably just a typo, should be SCTP instead. @@ -39,16 +39,16 @@ and peeled off connections". > patch, because it's doing: > @@ -7683,8 +7717,6 @@ void sctp_copy_sock(struct sock *newsk, struct > sock *sk, -> -???????security_sk_clone(sk, newsk); +> - security_sk_clone(sk, newsk); > @@ -7829,6 +7862,11 @@ static void sctp_sock_migrate(struct sock > *oldsk, > struct -> +???????security_sctp_sk_clone(oldep, oldsk, newsk); +> + security_sctp_sk_clone(oldep, oldsk, newsk); > > But sctp_copy_sock() is called from places other than > sctp_sock_migrate, mainly: -> net/sctp/ipv6.c:????????sctp_copy_sock(newsk, sk, asoc); -> net/sctp/protocol.c:????sctp_copy_sock(newsk, sk, asoc); +> net/sctp/ipv6.c: sctp_copy_sock(newsk, sk, asoc); +> net/sctp/protocol.c: sctp_copy_sock(newsk, sk, asoc); > Which are on the accept() path. > > Ideally it's better to keep the call to security_sctp_sk_clone in @@ -56,14 +56,14 @@ and peeled off connections". Thanks for pointing this out, I'll fix in next patch set. > -> ? Marcelo +> Marcelo > > > -> > > + ?* selinux_sctp_sk_clone() will then plug this into the +> > > + * selinux_sctp_sk_clone() will then plug this into the > > > new > > > socket -> > > + ?* as described in Documentation/security/LSM-sctp.txt -> > > + ?*/ +> > > + * as described in Documentation/security/LSM-sctp.txt +> > > + */ > > > + err = selinux_skb_peerlbl_sid(skb, ep->base.sk- > > > >sk_family, > > > &peersid); @@ -84,16 +84,12 @@ Thanks for pointing this out, I'll fix in next patch set. > > -- > > To unsubscribe from this list: send the line "unsubscribe linux- > > sctp" in -> > the body of a message to majordomo at vger.kernel.org -> > More majordomo info at??http://vger.kernel.org/majordomo-info.html +> > the body of a message to majordomo@vger.kernel.org +> > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-sctp" > in -> the body of a message to majordomo at vger.kernel.org -> More majordomo info at??http://vger.kernel.org/majordomo-info.html --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html +> the body of a message to majordomo@vger.kernel.org +> More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 3ea51c2..c7a8061 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,8 +1,8 @@ "ref\020170222170359.5433-1-richard_c_haines@btinternet.com\0" "ref\01488487540.19896.108.camel@tycho.nsa.gov\0" "ref\020170320172336.GC23553@localhost.localdomain\0" - "From\0richard_c_haines@btinternet.com (Richard Haines)\0" - "Subject\0[RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support\0" + "From\0Richard Haines <richard_c_haines@btinternet.com>\0" + "Subject\0Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support\0" "Date\0Wed, 22 Mar 2017 10:22:47 +0000\0" "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" @@ -17,7 +17,7 @@ "> > > +}\n" "> > > +\n" "> > > +static int selinux_sctp_accept_conn(struct sctp_endpoint *ep,\n" - "> > > +\t\t\t\t????struct sk_buff *skb)\n" + "> > > +\t\t\t\t\302\240\302\240\302\240\302\240struct sk_buff *skb)\n" "> > > +{\n" "> > > +\tstruct sk_security_struct *sksec = ep->base.sk-\n" "> > > >sk_security;\n" @@ -27,14 +27,14 @@ "> > > +\n" "> > > +\t/* Have COOKIE ECHO so compute the MLS component for the\n" "> > > connection\n" - "> > > +\t?* and store the information in ep. This will only be\n" + "> > > +\t\302\240* and store the information in ep. This will only be\n" "> > > used\n" "> > > by\n" - "> > > +\t?* TCP/peeloff connections as they cause a new socket to\n" + "> > > +\t\302\240* TCP/peeloff connections as they cause a new socket to\n" "> > > be\n" "> > > generated.\n" "> > \n" - "> > Not sure why you say TCP above. ?And won't this be true of\n" + "> > Not sure why you say TCP above. \302\240And won't this be true of\n" "> > accept()'d\n" "> \n" "> Probably just a typo, should be SCTP instead.\n" @@ -48,16 +48,16 @@ "> patch, because it's doing:\n" "> @@ -7683,8 +7717,6 @@ void sctp_copy_sock(struct sock *newsk, struct\n" "> sock *sk,\n" - "> -???????security_sk_clone(sk, newsk);\n" + "> -\302\240\302\240\302\240\302\240\302\240\302\240\302\240security_sk_clone(sk, newsk);\n" "> @@ -7829,6 +7862,11 @@ static void sctp_sock_migrate(struct sock\n" "> *oldsk,\n" "> struct\n" - "> +???????security_sctp_sk_clone(oldep, oldsk, newsk);\n" + "> +\302\240\302\240\302\240\302\240\302\240\302\240\302\240security_sctp_sk_clone(oldep, oldsk, newsk);\n" "> \n" "> But sctp_copy_sock() is called from places other than\n" "> sctp_sock_migrate, mainly:\n" - "> net/sctp/ipv6.c:????????sctp_copy_sock(newsk, sk, asoc);\n" - "> net/sctp/protocol.c:????sctp_copy_sock(newsk, sk, asoc);\n" + "> net/sctp/ipv6.c:\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240sctp_copy_sock(newsk, sk, asoc);\n" + "> net/sctp/protocol.c:\302\240\302\240\302\240\302\240sctp_copy_sock(newsk, sk, asoc);\n" "> Which are on the accept() path.\n" "> \n" "> Ideally it's better to keep the call to security_sctp_sk_clone in\n" @@ -65,14 +65,14 @@ "\n" "Thanks for pointing this out, I'll fix in next patch set.\n" "> \n" - "> ? Marcelo\n" + "> \302\240 Marcelo\n" "> \n" "> > \n" - "> > > +\t?* selinux_sctp_sk_clone() will then plug this into the\n" + "> > > +\t\302\240* selinux_sctp_sk_clone() will then plug this into the\n" "> > > new\n" "> > > socket\n" - "> > > +\t?* as described in Documentation/security/LSM-sctp.txt\n" - "> > > +\t?*/\n" + "> > > +\t\302\240* as described in Documentation/security/LSM-sctp.txt\n" + "> > > +\t\302\240*/\n" "> > > +\terr = selinux_skb_peerlbl_sid(skb, ep->base.sk-\n" "> > > >sk_family,\n" "> > > &peersid);\n" @@ -93,18 +93,14 @@ "> > --\n" "> > To unsubscribe from this list: send the line \"unsubscribe linux-\n" "> > sctp\" in\n" - "> > the body of a message to majordomo at vger.kernel.org\n" - "> > More majordomo info at??http://vger.kernel.org/majordomo-info.html\n" + "> > the body of a message to majordomo@vger.kernel.org\n" + "> > More majordomo info at\302\240\302\240http://vger.kernel.org/majordomo-info.html\n" "> > \n" "> \n" "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-sctp\" \n" "> in\n" - "> the body of a message to majordomo at vger.kernel.org\n" - "> More majordomo info at??http://vger.kernel.org/majordomo-info.html\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> the body of a message to majordomo@vger.kernel.org\n" + "> More majordomo info at\302\240\302\240http://vger.kernel.org/majordomo-info.html" -8253928b24122ab9063b51a91c2c74b8406a0cef8cf60b8b736698e36aa041df +8f094efbbd6edabfa85474daa622eccb184e825a56e482100ada5ccca1dc6ffd
diff --git a/a/1.txt b/N2/1.txt index 51bf089..521f3d8 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -8,7 +8,7 @@ On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote: > > > +} > > > + > > > +static int selinux_sctp_accept_conn(struct sctp_endpoint *ep, -> > > + ????struct sk_buff *skb) +> > > + struct sk_buff *skb) > > > +{ > > > + struct sk_security_struct *sksec = ep->base.sk- > > > >sk_security; @@ -18,14 +18,14 @@ On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote: > > > + > > > + /* Have COOKIE ECHO so compute the MLS component for the > > > connection -> > > + ?* and store the information in ep. This will only be +> > > + * and store the information in ep. This will only be > > > used > > > by -> > > + ?* TCP/peeloff connections as they cause a new socket to +> > > + * TCP/peeloff connections as they cause a new socket to > > > be > > > generated. > > -> > Not sure why you say TCP above. ?And won't this be true of +> > Not sure why you say TCP above. And won't this be true of > > accept()'d > > Probably just a typo, should be SCTP instead. @@ -39,16 +39,16 @@ and peeled off connections". > patch, because it's doing: > @@ -7683,8 +7717,6 @@ void sctp_copy_sock(struct sock *newsk, struct > sock *sk, -> -???????security_sk_clone(sk, newsk); +> - security_sk_clone(sk, newsk); > @@ -7829,6 +7862,11 @@ static void sctp_sock_migrate(struct sock > *oldsk, > struct -> +???????security_sctp_sk_clone(oldep, oldsk, newsk); +> + security_sctp_sk_clone(oldep, oldsk, newsk); > > But sctp_copy_sock() is called from places other than > sctp_sock_migrate, mainly: -> net/sctp/ipv6.c:????????sctp_copy_sock(newsk, sk, asoc); -> net/sctp/protocol.c:????sctp_copy_sock(newsk, sk, asoc); +> net/sctp/ipv6.c: sctp_copy_sock(newsk, sk, asoc); +> net/sctp/protocol.c: sctp_copy_sock(newsk, sk, asoc); > Which are on the accept() path. > > Ideally it's better to keep the call to security_sctp_sk_clone in @@ -56,14 +56,14 @@ and peeled off connections". Thanks for pointing this out, I'll fix in next patch set. > -> ? Marcelo +> Marcelo > > > -> > > + ?* selinux_sctp_sk_clone() will then plug this into the +> > > + * selinux_sctp_sk_clone() will then plug this into the > > > new > > > socket -> > > + ?* as described in Documentation/security/LSM-sctp.txt -> > > + ?*/ +> > > + * as described in Documentation/security/LSM-sctp.txt +> > > + */ > > > + err = selinux_skb_peerlbl_sid(skb, ep->base.sk- > > > >sk_family, > > > &peersid); @@ -84,16 +84,12 @@ Thanks for pointing this out, I'll fix in next patch set. > > -- > > To unsubscribe from this list: send the line "unsubscribe linux- > > sctp" in -> > the body of a message to majordomo at vger.kernel.org -> > More majordomo info at??http://vger.kernel.org/majordomo-info.html +> > the body of a message to majordomo@vger.kernel.org +> > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-sctp" > in -> the body of a message to majordomo at vger.kernel.org -> More majordomo info at??http://vger.kernel.org/majordomo-info.html --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html +> the body of a message to majordomo@vger.kernel.org +> More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 3ea51c2..11d9047 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,10 +1,14 @@ "ref\020170222170359.5433-1-richard_c_haines@btinternet.com\0" "ref\01488487540.19896.108.camel@tycho.nsa.gov\0" "ref\020170320172336.GC23553@localhost.localdomain\0" - "From\0richard_c_haines@btinternet.com (Richard Haines)\0" - "Subject\0[RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support\0" + "From\0Richard Haines <richard_c_haines@btinternet.com>\0" + "Subject\0Re: [RFC v2 PATCH 2/2] kernel: Add SELinux SCTP protocol support\0" "Date\0Wed, 22 Mar 2017 10:22:47 +0000\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>\0" + "Cc\0Stephen Smalley <sds@tycho.nsa.gov>" + selinux@tycho.nsa.gov + linux-sctp@vger.kernel.org + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2017-03-20 at 14:23 -0300, Marcelo Ricardo Leitner wrote:\n" @@ -17,7 +21,7 @@ "> > > +}\n" "> > > +\n" "> > > +static int selinux_sctp_accept_conn(struct sctp_endpoint *ep,\n" - "> > > +\t\t\t\t????struct sk_buff *skb)\n" + "> > > +\t\t\t\t\302\240\302\240\302\240\302\240struct sk_buff *skb)\n" "> > > +{\n" "> > > +\tstruct sk_security_struct *sksec = ep->base.sk-\n" "> > > >sk_security;\n" @@ -27,14 +31,14 @@ "> > > +\n" "> > > +\t/* Have COOKIE ECHO so compute the MLS component for the\n" "> > > connection\n" - "> > > +\t?* and store the information in ep. This will only be\n" + "> > > +\t\302\240* and store the information in ep. This will only be\n" "> > > used\n" "> > > by\n" - "> > > +\t?* TCP/peeloff connections as they cause a new socket to\n" + "> > > +\t\302\240* TCP/peeloff connections as they cause a new socket to\n" "> > > be\n" "> > > generated.\n" "> > \n" - "> > Not sure why you say TCP above. ?And won't this be true of\n" + "> > Not sure why you say TCP above. \302\240And won't this be true of\n" "> > accept()'d\n" "> \n" "> Probably just a typo, should be SCTP instead.\n" @@ -48,16 +52,16 @@ "> patch, because it's doing:\n" "> @@ -7683,8 +7717,6 @@ void sctp_copy_sock(struct sock *newsk, struct\n" "> sock *sk,\n" - "> -???????security_sk_clone(sk, newsk);\n" + "> -\302\240\302\240\302\240\302\240\302\240\302\240\302\240security_sk_clone(sk, newsk);\n" "> @@ -7829,6 +7862,11 @@ static void sctp_sock_migrate(struct sock\n" "> *oldsk,\n" "> struct\n" - "> +???????security_sctp_sk_clone(oldep, oldsk, newsk);\n" + "> +\302\240\302\240\302\240\302\240\302\240\302\240\302\240security_sctp_sk_clone(oldep, oldsk, newsk);\n" "> \n" "> But sctp_copy_sock() is called from places other than\n" "> sctp_sock_migrate, mainly:\n" - "> net/sctp/ipv6.c:????????sctp_copy_sock(newsk, sk, asoc);\n" - "> net/sctp/protocol.c:????sctp_copy_sock(newsk, sk, asoc);\n" + "> net/sctp/ipv6.c:\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240sctp_copy_sock(newsk, sk, asoc);\n" + "> net/sctp/protocol.c:\302\240\302\240\302\240\302\240sctp_copy_sock(newsk, sk, asoc);\n" "> Which are on the accept() path.\n" "> \n" "> Ideally it's better to keep the call to security_sctp_sk_clone in\n" @@ -65,14 +69,14 @@ "\n" "Thanks for pointing this out, I'll fix in next patch set.\n" "> \n" - "> ? Marcelo\n" + "> \302\240 Marcelo\n" "> \n" "> > \n" - "> > > +\t?* selinux_sctp_sk_clone() will then plug this into the\n" + "> > > +\t\302\240* selinux_sctp_sk_clone() will then plug this into the\n" "> > > new\n" "> > > socket\n" - "> > > +\t?* as described in Documentation/security/LSM-sctp.txt\n" - "> > > +\t?*/\n" + "> > > +\t\302\240* as described in Documentation/security/LSM-sctp.txt\n" + "> > > +\t\302\240*/\n" "> > > +\terr = selinux_skb_peerlbl_sid(skb, ep->base.sk-\n" "> > > >sk_family,\n" "> > > &peersid);\n" @@ -93,18 +97,14 @@ "> > --\n" "> > To unsubscribe from this list: send the line \"unsubscribe linux-\n" "> > sctp\" in\n" - "> > the body of a message to majordomo at vger.kernel.org\n" - "> > More majordomo info at??http://vger.kernel.org/majordomo-info.html\n" + "> > the body of a message to majordomo@vger.kernel.org\n" + "> > More majordomo info at\302\240\302\240http://vger.kernel.org/majordomo-info.html\n" "> > \n" "> \n" "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-sctp\" \n" "> in\n" - "> the body of a message to majordomo at vger.kernel.org\n" - "> More majordomo info at??http://vger.kernel.org/majordomo-info.html\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> the body of a message to majordomo@vger.kernel.org\n" + "> More majordomo info at\302\240\302\240http://vger.kernel.org/majordomo-info.html" -8253928b24122ab9063b51a91c2c74b8406a0cef8cf60b8b736698e36aa041df +a7f43f7889c57793caa1d8387757781803780cbf95dcd9a13c8aed2fd29c710b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.