diff for duplicates of <1508860214.7674.3.camel@btinternet.com> diff --git a/a/1.txt b/N1/1.txt index 2e670b1..9f465bc 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -23,11 +23,10 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > +++ b/Documentation/security/SELinux-sctp.txt > > @@ -0,0 +1,108 @@ > > + SCTP SELinux Support -> > + ====================== +> > + =========== > > + > > +Security Hooks -> > +=============== -> > + +> > +=======> > + > > +The Documentation/security/LSM-sctp.txt document describes how the > > following > > +sctp security hooks are utilised: @@ -39,7 +38,7 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > + > > + > > +Policy Statements -> > +================== +> > +========= > > +The following class and permissions to support SCTP are available > > within the > > +kernel: @@ -60,7 +59,7 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > + > > + > > +SCTP Bind, Connect and ASCONF Chunk Parameter Permission Checks -> > +================================================================ +> > +================================ > > +The hook security_sctp_bind_connect() is called by SCTP to check > > permissions > > +required for ipv4/ipv6 addresses based on the @optname as follows: @@ -124,8 +123,7 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > ---- > > + > > +SCTP Peer Labeling -> > +=================== -> > +An SCTP socket will only have one peer label assigned to it. This +> > +=========> > +An SCTP socket will only have one peer label assigned to it. This > > will be > > +assigned during the establishment of the first association. Once > > the @@ -216,7 +214,7 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > + sh = skb_header_pointer(skb, offset, > > sizeof(_sctph), > > &_sctph); -> > + if (sh == NULL) +> > + if (sh = NULL) > > + break; > > + > > + ad->u.net->sport = sh->source; @@ -239,7 +237,7 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > + sh = skb_header_pointer(skb, offset, > > sizeof(_sctph), > > &_sctph); -> > + if (sh == NULL) +> > + if (sh = NULL) > > + break; > > + > > + ad->u.net->sport = sh->source; @@ -258,9 +256,8 @@ On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote: > > + /* Allows detection of the first association on > > this > > socket */ -> > + if (sksec->sclass == SECCLASS_SCTP_SOCKET) -> > + sksec->sctp_assoc_state = -> > SCTP_ASSOC_UNSET; +> > + if (sksec->sclass = SECCLASS_SCTP_SOCKET) +> > + sksec->sctp_assoc_state > > SCTP_ASSOC_UNSET; > > + > > What prevents this from interleaving with @@ -289,14 +286,14 @@ I've added a spinlock in selinux_sctp_assoc_request() > > + /* If PF_INET or PF_INET6, check name_bind permission for > > the port. */ > > family = sk->sk_family; -> > if (family == PF_INET || family == PF_INET6) { +> > if (family = PF_INET || family = PF_INET6) { > > char *addrp; > > @@ -4417,7 +4449,13 @@ static int selinux_socket_bind(struct socket > > *sock, struct sockaddr *address, in > > unsigned short snum; > > u32 sid, node_perm; > > -> > - if (family == PF_INET) { +> > - if (family = PF_INET) { > > + /* > > + * sctp_bindx(3) calls via > > selinux_sctp_bind_connect() @@ -304,10 +301,9 @@ I've added a spinlock in selinux_sctp_assoc_request() > > Because of this > > + * need to check address->sa_family as it is > > possible to have -> > + * sk->sk_family = PF_INET6 with addr->sa_family = -> > AF_INET. +> > + * sk->sk_family = PF_INET6 with addr->sa_family > > AF_INET. > > + */ -> > + if (family == PF_INET || address->sa_family == +> > + if (family = PF_INET || address->sa_family = > > AF_INET) { > > if (addrlen < sizeof(struct sockaddr_in)) > > { @@ -330,8 +326,8 @@ I've added a spinlock in selinux_sctp_assoc_request() > > ad.u.net->sport = htons(snum); > > ad.u.net->family = family; > > -> > - if (family == PF_INET) -> > + if (family == PF_INET || address->sa_family == +> > - if (family = PF_INET) +> > + if (family = PF_INET || address->sa_family = > > AF_INET) > > ad.u.net->v4info.saddr = addr4- > > > sin_addr.s_addr; @@ -349,10 +345,10 @@ I've added a spinlock in selinux_sctp_assoc_request() > > permission > > + * for the port. > > */ -> > if (sksec->sclass == SECCLASS_TCP_SOCKET || -> > - sksec->sclass == SECCLASS_DCCP_SOCKET) { -> > + sksec->sclass == SECCLASS_DCCP_SOCKET || -> > + sksec->sclass == SECCLASS_SCTP_SOCKET) { +> > if (sksec->sclass = SECCLASS_TCP_SOCKET || +> > - sksec->sclass = SECCLASS_DCCP_SOCKET) { +> > + sksec->sclass = SECCLASS_DCCP_SOCKET || +> > + sksec->sclass = SECCLASS_SCTP_SOCKET) { > > struct common_audit_data ad; > > struct lsm_network_audit net = {0,}; > > struct sockaddr_in *addr4 = NULL; @@ -361,18 +357,17 @@ I've added a spinlock in selinux_sctp_assoc_request() > > unsigned short snum; > > u32 sid, perm; > > -> > - if (sk->sk_family == PF_INET) { +> > - if (sk->sk_family = PF_INET) { > > + /* sctp_connectx(3) calls via > > + *selinux_sctp_bind_connect() that validates > > multiple > > + * connect addresses. Because of this need to > > check > > + * address->sa_family as it is possible to have -> > + * sk->sk_family = PF_INET6 with addr->sa_family = -> > AF_INET. +> > + * sk->sk_family = PF_INET6 with addr->sa_family > > AF_INET. > > + */ -> > + if (sk->sk_family == PF_INET || -> > + address->sa_family == +> > + if (sk->sk_family = PF_INET || +> > + address->sa_family = > > AF_INET) { > > addr4 = (struct sockaddr_in *)address; > > if (addrlen < sizeof(struct sockaddr_in)) @@ -387,7 +382,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > if (err) > > goto out; > > -> > - perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? +> > - perm = (sksec->sclass = SECCLASS_TCP_SOCKET) ? > > - TCP_SOCKET__NAME_CONNECT : > > DCCP_SOCKET__NAME_CONNECT; > > + switch (sksec->sclass) { @@ -409,12 +404,12 @@ I've added a spinlock in selinux_sctp_assoc_request() > > *op > > u32 peer_sid = SECSID_NULL; > > -> > if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || -> > - sksec->sclass == SECCLASS_TCP_SOCKET) -> > + sksec->sclass == SECCLASS_TCP_SOCKET || -> > + sksec->sclass == SECCLASS_SCTP_SOCKET) +> > if (sksec->sclass = SECCLASS_UNIX_STREAM_SOCKET || +> > - sksec->sclass = SECCLASS_TCP_SOCKET) +> > + sksec->sclass = SECCLASS_TCP_SOCKET || +> > + sksec->sclass = SECCLASS_SCTP_SOCKET) > > peer_sid = sksec->peer_sid; -> > if (peer_sid == SECSID_NULL) +> > if (peer_sid = SECSID_NULL) > > return -ENOPROTOOPT; > > @@ -4928,6 +4990,183 @@ static void selinux_sock_graft(struct sock > > *sk, struct socket *parent) @@ -455,11 +450,11 @@ I've added a spinlock in selinux_sctp_assoc_request() > > + if (err) > > + return err; > > + -> > + if (peer_sid == SECSID_NULL) +> > + if (peer_sid = SECSID_NULL) > > + peer_sid = SECINITSID_UNLABELED; > > + } > > + -> > + if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) { +> > + if (sksec->sctp_assoc_state = SCTP_ASSOC_UNSET) { > > + sksec->sctp_assoc_state = SCTP_ASSOC_SET; > > + > > + /* Here as first association on socket. As the @@ -489,7 +484,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > + return err; > > + } > > + -> > + if (sctp_cid == SCTP_CID_INIT) { +> > + if (sctp_cid = SCTP_CID_INIT) { > > + /* Have INIT when incoming connect(2), > > sctp_connectx(3) > > + * or sctp_sendmsg(3) (with no association already @@ -656,8 +651,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > index b9fe343..b4b10da 100644 > > --- a/security/selinux/include/classmap.h > > +++ b/security/selinux/include/classmap.h -> > @@ -173,7 +173,8 @@ struct security_class_mapping secclass_map[] = -> > { +> > @@ -173,7 +173,8 @@ struct security_class_mapping secclass_map[] > > { > > { COMMON_CAP2_PERMS, NULL } }, > > { "sctp_socket", > > { COMMON_SOCK_PERMS, @@ -768,8 +762,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > >sk_security; > > + > > + if (ep->base.sk->sk_family != PF_INET && -> > + ep->base.sk->sk_family != -> > PF_INET6) +> > + ep->base.sk->sk_family !> > PF_INET6) > > + return 0; > > + > > + netlbl_secattr_init(&secattr); @@ -778,7 +771,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > + goto assoc_request_return; > > + > > + rc = netlbl_sctp_setattr(ep->base.sk, skb, &secattr); -> > + if (rc == 0) +> > + if (rc = 0) > > + sksec->nlbl_state = NLBL_LABELED; > > + > > +assoc_request_return: @@ -819,7 +812,7 @@ I've added a spinlock in selinux_sctp_assoc_request() > > check if > > + * @sk owned already. > > + */ -> > + if (sock_owned_by_user(sk) && sksec->sclass == +> > + if (sock_owned_by_user(sk) && sksec->sclass = > > SECCLASS_SCTP_SOCKET) > > + already_owned_by_user = 1; > > + else @@ -850,9 +843,5 @@ I've now split this as suggested. > -- > To unsubscribe from this list: send the line "unsubscribe linux-sctp" > in -> the body of a message to majordomo at vger.kernel.org +> the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 00f829f..ba319b8 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,8 +1,8 @@ "ref\020171017135953.4419-1-richard_c_haines@btinternet.com\0" "ref\01508526028.8054.5.camel@tycho.nsa.gov\0" - "From\0richard_c_haines@btinternet.com (Richard Haines)\0" - "Subject\0[RFC PATCH 5/5] selinux: Add SCTP support\0" - "Date\0Tue, 24 Oct 2017 16:50:14 +0100\0" + "From\0Richard Haines <richard_c_haines@btinternet.com>\0" + "Subject\0Re: [RFC PATCH 5/5] selinux: Add SCTP support\0" + "Date\0Tue, 24 Oct 2017 15:50:14 +0000\0" "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" @@ -31,11 +31,10 @@ "> > +++ b/Documentation/security/SELinux-sctp.txt\n" "> > @@ -0,0 +1,108 @@\n" "> > + SCTP SELinux Support\n" - "> > + ======================\n" + "> > + ===========\n" "> > +\n" "> > +Security Hooks\n" - "> > +===============\n" - "> > +\n" + "> > +=======> > +\n" "> > +The Documentation/security/LSM-sctp.txt document describes how the\n" "> > following\n" "> > +sctp security hooks are utilised:\n" @@ -47,7 +46,7 @@ "> > +\n" "> > +\n" "> > +Policy Statements\n" - "> > +==================\n" + "> > +=========\n" "> > +The following class and permissions to support SCTP are available\n" "> > within the\n" "> > +kernel:\n" @@ -68,7 +67,7 @@ "> > +\n" "> > +\n" "> > +SCTP Bind, Connect and ASCONF Chunk Parameter Permission Checks\n" - "> > +================================================================\n" + "> > +================================\n" "> > +The hook security_sctp_bind_connect() is called by SCTP to check\n" "> > permissions\n" "> > +required for ipv4/ipv6 addresses based on the @optname as follows:\n" @@ -132,8 +131,7 @@ "> > ----\n" "> > +\n" "> > +SCTP Peer Labeling\n" - "> > +===================\n" - "> > +An SCTP socket will only have one peer label assigned to it. This\n" + "> > +=========> > +An SCTP socket will only have one peer label assigned to it. This\n" "> > will be\n" "> > +assigned during the establishment of the first association. Once\n" "> > the\n" @@ -224,7 +222,7 @@ "> > +\t\tsh = skb_header_pointer(skb, offset,\n" "> > sizeof(_sctph),\n" "> > &_sctph);\n" - "> > +\t\tif (sh == NULL)\n" + "> > +\t\tif (sh = NULL)\n" "> > +\t\t\tbreak;\n" "> > +\n" "> > +\t\tad->u.net->sport = sh->source;\n" @@ -247,7 +245,7 @@ "> > +\t\tsh = skb_header_pointer(skb, offset,\n" "> > sizeof(_sctph),\n" "> > &_sctph);\n" - "> > +\t\tif (sh == NULL)\n" + "> > +\t\tif (sh = NULL)\n" "> > +\t\t\tbreak;\n" "> > +\n" "> > +\t\tad->u.net->sport = sh->source;\n" @@ -266,9 +264,8 @@ "> > +\t\t/* Allows detection of the first association on\n" "> > this\n" "> > socket */\n" - "> > +\t\tif (sksec->sclass == SECCLASS_SCTP_SOCKET)\n" - "> > +\t\t\tsksec->sctp_assoc_state =\n" - "> > SCTP_ASSOC_UNSET;\n" + "> > +\t\tif (sksec->sclass = SECCLASS_SCTP_SOCKET)\n" + "> > +\t\t\tsksec->sctp_assoc_state > > SCTP_ASSOC_UNSET;\n" "> > +\n" "> \n" "> What prevents this from interleaving with\n" @@ -297,14 +294,14 @@ "> > +\t/* If PF_INET or PF_INET6, check name_bind permission for\n" "> > the port. */\n" "> > \tfamily = sk->sk_family;\n" - "> > \tif (family == PF_INET || family == PF_INET6) {\n" + "> > \tif (family = PF_INET || family = PF_INET6) {\n" "> > \t\tchar *addrp;\n" "> > @@ -4417,7 +4449,13 @@ static int selinux_socket_bind(struct socket\n" "> > *sock, struct sockaddr *address, in\n" "> > \t\tunsigned short snum;\n" "> > \t\tu32 sid, node_perm;\n" "> > \n" - "> > -\t\tif (family == PF_INET) {\n" + "> > -\t\tif (family = PF_INET) {\n" "> > +\t\t/*\n" "> > +\t\t * sctp_bindx(3) calls via\n" "> > selinux_sctp_bind_connect()\n" @@ -312,10 +309,9 @@ "> > Because of this\n" "> > +\t\t * need to check address->sa_family as it is\n" "> > possible to have\n" - "> > +\t\t * sk->sk_family = PF_INET6 with addr->sa_family =\n" - "> > AF_INET.\n" + "> > +\t\t * sk->sk_family = PF_INET6 with addr->sa_family > > AF_INET.\n" "> > +\t\t */\n" - "> > +\t\tif (family == PF_INET || address->sa_family ==\n" + "> > +\t\tif (family = PF_INET || address->sa_family =\n" "> > AF_INET) {\n" "> > \t\t\tif (addrlen < sizeof(struct sockaddr_in))\n" "> > {\n" @@ -338,8 +334,8 @@ "> > \t\tad.u.net->sport = htons(snum);\n" "> > \t\tad.u.net->family = family;\n" "> > \n" - "> > -\t\tif (family == PF_INET)\n" - "> > +\t\tif (family == PF_INET || address->sa_family ==\n" + "> > -\t\tif (family = PF_INET)\n" + "> > +\t\tif (family = PF_INET || address->sa_family =\n" "> > AF_INET)\n" "> > \t\t\tad.u.net->v4info.saddr = addr4-\n" "> > > sin_addr.s_addr;\n" @@ -357,10 +353,10 @@ "> > permission\n" "> > +\t * for the port.\n" "> > \t */\n" - "> > \tif (sksec->sclass == SECCLASS_TCP_SOCKET ||\n" - "> > -\t sksec->sclass == SECCLASS_DCCP_SOCKET) {\n" - "> > +\t sksec->sclass == SECCLASS_DCCP_SOCKET ||\n" - "> > +\t sksec->sclass == SECCLASS_SCTP_SOCKET) {\n" + "> > \tif (sksec->sclass = SECCLASS_TCP_SOCKET ||\n" + "> > -\t sksec->sclass = SECCLASS_DCCP_SOCKET) {\n" + "> > +\t sksec->sclass = SECCLASS_DCCP_SOCKET ||\n" + "> > +\t sksec->sclass = SECCLASS_SCTP_SOCKET) {\n" "> > \t\tstruct common_audit_data ad;\n" "> > \t\tstruct lsm_network_audit net = {0,};\n" "> > \t\tstruct sockaddr_in *addr4 = NULL;\n" @@ -369,18 +365,17 @@ "> > \t\tunsigned short snum;\n" "> > \t\tu32 sid, perm;\n" "> > \n" - "> > -\t\tif (sk->sk_family == PF_INET) {\n" + "> > -\t\tif (sk->sk_family = PF_INET) {\n" "> > +\t\t/* sctp_connectx(3) calls via\n" "> > +\t\t *selinux_sctp_bind_connect() that validates\n" "> > multiple\n" "> > +\t\t * connect addresses. Because of this need to\n" "> > check\n" "> > +\t\t * address->sa_family as it is possible to have\n" - "> > +\t\t * sk->sk_family = PF_INET6 with addr->sa_family =\n" - "> > AF_INET.\n" + "> > +\t\t * sk->sk_family = PF_INET6 with addr->sa_family > > AF_INET.\n" "> > +\t\t */\n" - "> > +\t\tif (sk->sk_family == PF_INET ||\n" - "> > +\t\t\t\t\taddress->sa_family ==\n" + "> > +\t\tif (sk->sk_family = PF_INET ||\n" + "> > +\t\t\t\t\taddress->sa_family =\n" "> > AF_INET) {\n" "> > \t\t\taddr4 = (struct sockaddr_in *)address;\n" "> > \t\t\tif (addrlen < sizeof(struct sockaddr_in))\n" @@ -395,7 +390,7 @@ "> > \t\tif (err)\n" "> > \t\t\tgoto out;\n" "> > \n" - "> > -\t\tperm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?\n" + "> > -\t\tperm = (sksec->sclass = SECCLASS_TCP_SOCKET) ?\n" "> > -\t\t TCP_SOCKET__NAME_CONNECT :\n" "> > DCCP_SOCKET__NAME_CONNECT;\n" "> > +\t\tswitch (sksec->sclass) {\n" @@ -417,12 +412,12 @@ "> > *op\n" "> > \tu32 peer_sid = SECSID_NULL;\n" "> > \n" - "> > \tif (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||\n" - "> > -\t sksec->sclass == SECCLASS_TCP_SOCKET)\n" - "> > +\t sksec->sclass == SECCLASS_TCP_SOCKET ||\n" - "> > +\t sksec->sclass == SECCLASS_SCTP_SOCKET)\n" + "> > \tif (sksec->sclass = SECCLASS_UNIX_STREAM_SOCKET ||\n" + "> > -\t sksec->sclass = SECCLASS_TCP_SOCKET)\n" + "> > +\t sksec->sclass = SECCLASS_TCP_SOCKET ||\n" + "> > +\t sksec->sclass = SECCLASS_SCTP_SOCKET)\n" "> > \t\tpeer_sid = sksec->peer_sid;\n" - "> > \tif (peer_sid == SECSID_NULL)\n" + "> > \tif (peer_sid = SECSID_NULL)\n" "> > \t\treturn -ENOPROTOOPT;\n" "> > @@ -4928,6 +4990,183 @@ static void selinux_sock_graft(struct sock\n" "> > *sk, struct socket *parent)\n" @@ -463,11 +458,11 @@ "> > +\t\tif (err)\n" "> > +\t\t\treturn err;\n" "> > +\n" - "> > +\t\tif (peer_sid == SECSID_NULL)\n" + "> > +\t\tif (peer_sid = SECSID_NULL)\n" "> > +\t\t\tpeer_sid = SECINITSID_UNLABELED;\n" "> > +\t}\n" "> > +\n" - "> > +\tif (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {\n" + "> > +\tif (sksec->sctp_assoc_state = SCTP_ASSOC_UNSET) {\n" "> > +\t\tsksec->sctp_assoc_state = SCTP_ASSOC_SET;\n" "> > +\n" "> > +\t\t/* Here as first association on socket. As the\n" @@ -497,7 +492,7 @@ "> > +\t\t\treturn err;\n" "> > +\t}\n" "> > +\n" - "> > +\tif (sctp_cid == SCTP_CID_INIT) {\n" + "> > +\tif (sctp_cid = SCTP_CID_INIT) {\n" "> > +\t\t/* Have INIT when incoming connect(2),\n" "> > sctp_connectx(3)\n" "> > +\t\t * or sctp_sendmsg(3) (with no association already\n" @@ -664,8 +659,7 @@ "> > index b9fe343..b4b10da 100644\n" "> > --- a/security/selinux/include/classmap.h\n" "> > +++ b/security/selinux/include/classmap.h\n" - "> > @@ -173,7 +173,8 @@ struct security_class_mapping secclass_map[] =\n" - "> > {\n" + "> > @@ -173,7 +173,8 @@ struct security_class_mapping secclass_map[] > > {\n" "> > \t { COMMON_CAP2_PERMS, NULL } },\n" "> > \t{ \"sctp_socket\",\n" "> > \t { COMMON_SOCK_PERMS,\n" @@ -776,8 +770,7 @@ "> > >sk_security;\n" "> > +\n" "> > +\tif (ep->base.sk->sk_family != PF_INET &&\n" - "> > +\t\t\t\tep->base.sk->sk_family !=\n" - "> > PF_INET6)\n" + "> > +\t\t\t\tep->base.sk->sk_family !> > PF_INET6)\n" "> > +\t\treturn 0;\n" "> > +\n" "> > +\tnetlbl_secattr_init(&secattr);\n" @@ -786,7 +779,7 @@ "> > +\t\tgoto assoc_request_return;\n" "> > +\n" "> > +\trc = netlbl_sctp_setattr(ep->base.sk, skb, &secattr);\n" - "> > +\tif (rc == 0)\n" + "> > +\tif (rc = 0)\n" "> > +\t\tsksec->nlbl_state = NLBL_LABELED;\n" "> > +\n" "> > +assoc_request_return:\n" @@ -827,7 +820,7 @@ "> > check if\n" "> > +\t * @sk owned already.\n" "> > +\t */\n" - "> > +\tif (sock_owned_by_user(sk) && sksec->sclass ==\n" + "> > +\tif (sock_owned_by_user(sk) && sksec->sclass =\n" "> > SECCLASS_SCTP_SOCKET)\n" "> > +\t\talready_owned_by_user = 1;\n" "> > +\telse\n" @@ -858,11 +851,7 @@ "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-sctp\" \n" "> in\n" - "> the body of a message to majordomo at vger.kernel.org\n" - "> More majordomo info at http://vger.kernel.org/majordomo-info.html\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> the body of a message to majordomo@vger.kernel.org\n" + > More majordomo info at http://vger.kernel.org/majordomo-info.html -185750a5c27f1ab7fd47cc30c92691e3093b800a40e836ca3118b295cadd0424 +9164dc64893c3fc1635fee390cbcb53ca82acfe0d653c99f2ee49505a728e9dc
diff --git a/a/1.txt b/N2/1.txt index 2e670b1..432f599 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -850,9 +850,5 @@ I've now split this as suggested. > -- > To unsubscribe from this list: send the line "unsubscribe linux-sctp" > in -> the body of a message to majordomo at vger.kernel.org +> the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 00f829f..11d2842 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,9 +1,13 @@ "ref\020171017135953.4419-1-richard_c_haines@btinternet.com\0" "ref\01508526028.8054.5.camel@tycho.nsa.gov\0" - "From\0richard_c_haines@btinternet.com (Richard Haines)\0" - "Subject\0[RFC PATCH 5/5] selinux: Add SCTP support\0" + "From\0Richard Haines <richard_c_haines@btinternet.com>\0" + "Subject\0Re: [RFC PATCH 5/5] selinux: Add SCTP support\0" "Date\0Tue, 24 Oct 2017 16:50:14 +0100\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Stephen Smalley <sds@tycho.nsa.gov>\0" + "Cc\0selinux@tycho.nsa.gov" + netdev@vger.kernel.org + linux-sctp@vger.kernel.org + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2017-10-20 at 15:00 -0400, Stephen Smalley wrote:\n" @@ -858,11 +862,7 @@ "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-sctp\" \n" "> in\n" - "> the body of a message to majordomo at vger.kernel.org\n" - "> More majordomo info at http://vger.kernel.org/majordomo-info.html\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> the body of a message to majordomo@vger.kernel.org\n" + > More majordomo info at http://vger.kernel.org/majordomo-info.html -185750a5c27f1ab7fd47cc30c92691e3093b800a40e836ca3118b295cadd0424 +230bffa4d9fc26269dcf41558457dd0fd53e356a54a2bb5fcde3caa355efdf55
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.