Re: [PATCH] selinux: Support SCTP protocol

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <dborkman@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: vyasevic@redhat.com, selinux@tycho.nsa.gov
Subject: Re: [PATCH] selinux: Support SCTP protocol
Date: Mon, 10 Nov 2014 13:05:27 +0100	[thread overview]
Message-ID: <5460AA07.9090004@redhat.com> (raw)
In-Reply-To: <2529618.NmhAYzQ15g@sifl>

On 11/07/2014 05:35 PM, Paul Moore wrote:
> On Friday, November 07, 2014 01:52:09 PM Richard Haines wrote:
>> This is an RFC patch.
>
> Thanks for your patch, I appreciate the time and effort that went into
> developing it.

Fully agreed, thanks for working on this Richard!

> Unfortunately, I think this patch may be a bit too simplistic.  I haven't
> looked too closely at the SCTP code in recent times, but from my earlier look,
> SCTP associations stuck out as something that will need special handling and I
> don't see that in this initial patch.  From what I could see, SCTP
> associations seem close-ish to TCP connections and we may be able to handle
> them in a similar manner, but I can't say for certain.  Someone would need to
> investigate this further.
>
> There is also an issue of multi-homing which might, or might not, present an
> issue for peer labeling, but once again I can't say for certain.
>
> I'm also not entirely sure if we need any special handling for the SCTP
> handshake (see TCP's connection request sockets).  Hopefully not, but
> something to be aware of if you keep working on this.
>
> I *really* don't want to scare you off of working on SCTP support, I just want
> to caution you that it likely isn't as easy as adding basic support for a new
> object class.

My free cycles are a bit limited at the moment, but selinux support
was also on my todo, so I'm hoping we can merge our efforts here and
get something up and running. I will get back to you this or next
week with a closer review.

Thanks,
Daniel

     prev parent reply	other threads:[~2014-11-10 12:05 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-07 13:52 [PATCH] selinux: Support SCTP protocol Richard Haines
2014-11-07 16:35 ` Paul Moore
2014-11-07 17:02   ` Richard Haines
2014-11-07 19:43     ` Paul Moore
2014-11-10 12:05   ` Daniel Borkmann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5460AA07.9090004@redhat.com \
    --to=dborkman@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=vyasevic@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.