Re: [PATCH] selinux: UNIX domain socket fixes

[Paul Moore <paul.moore@hp.com>]

On Monday 05 April 2010 03:28:12 pm Joe Nall wrote:
> On Apr 5, 2010, at 2:01 PM, Paul Moore wrote:
> > Correct a problem where we weren't setting the peer label correctly on
> > connected UNIX domain sockets and do some other general fixup while we
> > are messing with the code.
> > 
> > Signed-off-by: Paul Moore <paul.moore@hp.com>
> 
> Paul,
> Do you have a before/after test case?

Not really a before/after no, as I don't have anything that really performs a 
getpeercon() on the client end as typically only the server side cares about 
the peer's label (or at least that has been my experience).  What I did test 
was to make sure I didn't see any regressions in the UNIX stream socket 
connections.  To accomplish that I tweaked a little SELinux aware server I use 
for testing INET sockets to make it work with UNIX sockets and connected to it 
with socat at a variety of different levels, making sure getpeercon() always 
displayed the correct level over a UNIX socket connection.

You can find a copy of my little test server at the URL below; I will caution 
you it isn't particularly well written but it works well for situations like 
these.

 * http://free.linux.hp.com/~pmoore/files/getpeercon_server.c

-- 
paul moore
linux @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.