linux-next: build failure after merge of the selinux tree

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* linux-next: build failure after merge of the selinux tree
@ 2017-01-10  1:27 Stephen Rothwell
  2017-01-11  3:11 ` Paul Moore
  2017-02-10  2:50 ` Stephen Rothwell
  0 siblings, 2 replies; 4+ messages in thread
From: Stephen Rothwell @ 2017-01-10  1:27 UTC (permalink / raw)
  To: Paul Moore, David Miller, Networking
  Cc: linux-next, linux-kernel, Ursula Braun, Stephen Smalley

Hi Paul,

After merging the selinux tree, today's linux-next build (x86_64
allmodconfig) failed like this:

In file included from /home/sfr/next/next/security/selinux/avc.c:35:0:
/home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
 #error New address family defined, please update secclass_map.
  ^
/home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class':
/home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function.

Caused by commit

  da69a5306ab9 ("selinux: support distinctions among all network address families")

interacting with commit

  ac7138746e14 ("smc: establish new socket family")

from the net-next tree.

I added the following merge fix patch:

From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Tue, 10 Jan 2017 12:22:21 +1100
Subject: [PATCH] selinux: merge fix for "smc: establish new socket family"

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---
 security/selinux/hooks.c            | 4 +++-
 security/selinux/include/classmap.h | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bada3cd42b9c..712fd0e7c91d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 			return SECCLASS_KCM_SOCKET;
 		case PF_QIPCRTR:
 			return SECCLASS_QIPCRTR_SOCKET;
-#if PF_MAX > 43
+		case PF_SMC:
+			return SECCLASS_SMC_SOCKET;
+#if PF_MAX > 44
 #error New address family defined, please update this function.
 #endif
 		}
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 0dfd26d0b8d8..40f1d4f8bc2a 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = {
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "qipcrtr_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
+	{ "smc_socket",
+	  { COMMON_SOCK_PERMS, NULL } },
 	{ NULL }
   };
 
-#if PF_MAX > 43
+#if PF_MAX > 44
 #error New address family defined, please update secclass_map.
 #endif
-- 
2.10.2

-- 
Cheers,
Stephen Rothwell

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: linux-next: build failure after merge of the selinux tree
  2017-01-10  1:27 linux-next: build failure after merge of the selinux tree Stephen Rothwell
@ 2017-01-11  3:11 ` Paul Moore
  2017-02-10  2:50 ` Stephen Rothwell
  1 sibling, 0 replies; 4+ messages in thread
From: Paul Moore @ 2017-01-11  3:11 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: David Miller, Networking, linux-next, linux-kernel, Ursula Braun,
	Stephen Smalley

On Mon, Jan 9, 2017 at 8:27 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi Paul,
>
> After merging the selinux tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from /home/sfr/next/next/security/selinux/avc.c:35:0:
> /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
>  #error New address family defined, please update secclass_map.
>   ^
> /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class':
> /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function.
>
> Caused by commit
>
>   da69a5306ab9 ("selinux: support distinctions among all network address families")
>
> interacting with commit
>
>   ac7138746e14 ("smc: establish new socket family")
>
> from the net-next tree.
>
> I added the following merge fix patch:

Thanks Stephen.

There are still some concerns around which protocol/address families
require their own SELinux object class, but it looks like SMC should
have it's own object class.  If the "selinux: support distinctions
among all network address families" commit doesn't go up to Linus
during the next merge window I'll make sure it is updated for PF_SMC.

> From: Stephen Rothwell <sfr@canb.auug.org.au>
> Date: Tue, 10 Jan 2017 12:22:21 +1100
> Subject: [PATCH] selinux: merge fix for "smc: establish new socket family"
>
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> ---
>  security/selinux/hooks.c            | 4 +++-
>  security/selinux/include/classmap.h | 4 +++-
>  2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index bada3cd42b9c..712fd0e7c91d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
>                         return SECCLASS_KCM_SOCKET;
>                 case PF_QIPCRTR:
>                         return SECCLASS_QIPCRTR_SOCKET;
> -#if PF_MAX > 43
> +               case PF_SMC:
> +                       return SECCLASS_SMC_SOCKET;
> +#if PF_MAX > 44
>  #error New address family defined, please update this function.
>  #endif
>                 }
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index 0dfd26d0b8d8..40f1d4f8bc2a 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = {
>           { COMMON_SOCK_PERMS, NULL } },
>         { "qipcrtr_socket",
>           { COMMON_SOCK_PERMS, NULL } },
> +       { "smc_socket",
> +         { COMMON_SOCK_PERMS, NULL } },
>         { NULL }
>    };
>
> -#if PF_MAX > 43
> +#if PF_MAX > 44
>  #error New address family defined, please update secclass_map.
>  #endif
> --
> 2.10.2
>
> --
> Cheers,
> Stephen Rothwell



-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: linux-next: build failure after merge of the selinux tree
  2017-01-10  1:27 linux-next: build failure after merge of the selinux tree Stephen Rothwell
  2017-01-11  3:11 ` Paul Moore
@ 2017-02-10  2:50 ` Stephen Rothwell
  2017-02-10 12:34   ` Paul Moore
  1 sibling, 1 reply; 4+ messages in thread
From: Stephen Rothwell @ 2017-02-10  2:50 UTC (permalink / raw)
  To: David Miller, Networking, James Morris
  Cc: Paul Moore, linux-next, linux-kernel, Ursula Braun,
	Stephen Smalley

Hi all,

On Tue, 10 Jan 2017 12:27:03 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> After merging the selinux tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
> 
> In file included from /home/sfr/next/next/security/selinux/avc.c:35:0:
> /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
>  #error New address family defined, please update secclass_map.
>   ^
> /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class':
> /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function.
> 
> Caused by commit
> 
>   da69a5306ab9 ("selinux: support distinctions among all network address families")
> 
> interacting with commit
> 
>   ac7138746e14 ("smc: establish new socket family")
> 
> from the net-next tree.
> 
> I added the following merge fix patch:
> 
> From: Stephen Rothwell <sfr@canb.auug.org.au>
> Date: Tue, 10 Jan 2017 12:22:21 +1100
> Subject: [PATCH] selinux: merge fix for "smc: establish new socket family"
> 
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> ---
>  security/selinux/hooks.c            | 4 +++-
>  security/selinux/include/classmap.h | 4 +++-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index bada3cd42b9c..712fd0e7c91d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
>  			return SECCLASS_KCM_SOCKET;
>  		case PF_QIPCRTR:
>  			return SECCLASS_QIPCRTR_SOCKET;
> -#if PF_MAX > 43
> +		case PF_SMC:
> +			return SECCLASS_SMC_SOCKET;
> +#if PF_MAX > 44
>  #error New address family defined, please update this function.
>  #endif
>  		}
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index 0dfd26d0b8d8..40f1d4f8bc2a 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = {
>  	  { COMMON_SOCK_PERMS, NULL } },
>  	{ "qipcrtr_socket",
>  	  { COMMON_SOCK_PERMS, NULL } },
> +	{ "smc_socket",
> +	  { COMMON_SOCK_PERMS, NULL } },
>  	{ NULL }
>    };
>  
> -#if PF_MAX > 43
> +#if PF_MAX > 44
>  #error New address family defined, please update secclass_map.
>  #endif
> -- 
> 2.10.2

This now applies when I merge the security tree (as it merged the
selinux tree, presumably).
-- 
Cheers,
Stephen Rothwell

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: linux-next: build failure after merge of the selinux tree
  2017-02-10  2:50 ` Stephen Rothwell
@ 2017-02-10 12:34   ` Paul Moore
  0 siblings, 0 replies; 4+ messages in thread
From: Paul Moore @ 2017-02-10 12:34 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: David Miller, Networking, James Morris, linux-next, linux-kernel,
	Ursula Braun, Stephen Smalley

On Thu, Feb 9, 2017 at 9:50 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi all,
>
> On Tue, 10 Jan 2017 12:27:03 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>
>> After merging the selinux tree, today's linux-next build (x86_64
>> allmodconfig) failed like this:
>>
>> In file included from /home/sfr/next/next/security/selinux/avc.c:35:0:
>> /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
>>  #error New address family defined, please update secclass_map.
>>   ^
>> /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class':
>> /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function.
>>
>> Caused by commit
>>
>>   da69a5306ab9 ("selinux: support distinctions among all network address families")
>>
>> interacting with commit
>>
>>   ac7138746e14 ("smc: establish new socket family")
>>
>> from the net-next tree.
>>
>> I added the following merge fix patch:
>>
>> From: Stephen Rothwell <sfr@canb.auug.org.au>
>> Date: Tue, 10 Jan 2017 12:22:21 +1100
>> Subject: [PATCH] selinux: merge fix for "smc: establish new socket family"
>>
>> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
>> ---
>>  security/selinux/hooks.c            | 4 +++-
>>  security/selinux/include/classmap.h | 4 +++-
>>  2 files changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index bada3cd42b9c..712fd0e7c91d 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
>>                       return SECCLASS_KCM_SOCKET;
>>               case PF_QIPCRTR:
>>                       return SECCLASS_QIPCRTR_SOCKET;
>> -#if PF_MAX > 43
>> +             case PF_SMC:
>> +                     return SECCLASS_SMC_SOCKET;
>> +#if PF_MAX > 44
>>  #error New address family defined, please update this function.
>>  #endif
>>               }
>> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
>> index 0dfd26d0b8d8..40f1d4f8bc2a 100644
>> --- a/security/selinux/include/classmap.h
>> +++ b/security/selinux/include/classmap.h
>> @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = {
>>         { COMMON_SOCK_PERMS, NULL } },
>>       { "qipcrtr_socket",
>>         { COMMON_SOCK_PERMS, NULL } },
>> +     { "smc_socket",
>> +       { COMMON_SOCK_PERMS, NULL } },
>>       { NULL }
>>    };
>>
>> -#if PF_MAX > 43
>> +#if PF_MAX > 44
>>  #error New address family defined, please update secclass_map.
>>  #endif
>> --
>> 2.10.2
>
> This now applies when I merge the security tree (as it merged the
> selinux tree, presumably).

Yes, James just pulled the SELinux tree yesterday.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-02-10 12:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-10  1:27 linux-next: build failure after merge of the selinux tree Stephen Rothwell
2017-01-11  3:11 ` Paul Moore
2017-02-10  2:50 ` Stephen Rothwell
2017-02-10 12:34   ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).