From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936130AbdAKDLT (ORCPT ); Tue, 10 Jan 2017 22:11:19 -0500 Received: from mail-vk0-f68.google.com ([209.85.213.68]:33547 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S936074AbdAKDLR (ORCPT ); Tue, 10 Jan 2017 22:11:17 -0500 MIME-Version: 1.0 X-Originating-IP: [96.230.190.88] In-Reply-To: <20170110122703.2dbdfd18@canb.auug.org.au> References: <20170110122703.2dbdfd18@canb.auug.org.au> From: Paul Moore Date: Tue, 10 Jan 2017 22:11:15 -0500 Message-ID: Subject: Re: linux-next: build failure after merge of the selinux tree To: Stephen Rothwell Cc: David Miller , Networking , linux-next@vger.kernel.org, linux-kernel@vger.kernel.org, Ursula Braun , Stephen Smalley Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 9, 2017 at 8:27 PM, Stephen Rothwell wrote: > Hi Paul, > > After merging the selinux tree, today's linux-next build (x86_64 > allmodconfig) failed like this: > > In file included from /home/sfr/next/next/security/selinux/avc.c:35:0: > /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map. > #error New address family defined, please update secclass_map. > ^ > /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class': > /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function. > > Caused by commit > > da69a5306ab9 ("selinux: support distinctions among all network address families") > > interacting with commit > > ac7138746e14 ("smc: establish new socket family") > > from the net-next tree. > > I added the following merge fix patch: Thanks Stephen. There are still some concerns around which protocol/address families require their own SELinux object class, but it looks like SMC should have it's own object class. If the "selinux: support distinctions among all network address families" commit doesn't go up to Linus during the next merge window I'll make sure it is updated for PF_SMC. > From: Stephen Rothwell > Date: Tue, 10 Jan 2017 12:22:21 +1100 > Subject: [PATCH] selinux: merge fix for "smc: establish new socket family" > > Signed-off-by: Stephen Rothwell > --- > security/selinux/hooks.c | 4 +++- > security/selinux/include/classmap.h | 4 +++- > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index bada3cd42b9c..712fd0e7c91d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc > return SECCLASS_KCM_SOCKET; > case PF_QIPCRTR: > return SECCLASS_QIPCRTR_SOCKET; > -#if PF_MAX > 43 > + case PF_SMC: > + return SECCLASS_SMC_SOCKET; > +#if PF_MAX > 44 > #error New address family defined, please update this function. > #endif > } > diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h > index 0dfd26d0b8d8..40f1d4f8bc2a 100644 > --- a/security/selinux/include/classmap.h > +++ b/security/selinux/include/classmap.h > @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = { > { COMMON_SOCK_PERMS, NULL } }, > { "qipcrtr_socket", > { COMMON_SOCK_PERMS, NULL } }, > + { "smc_socket", > + { COMMON_SOCK_PERMS, NULL } }, > { NULL } > }; > > -#if PF_MAX > 43 > +#if PF_MAX > 44 > #error New address family defined, please update secclass_map. > #endif > -- > 2.10.2 > > -- > Cheers, > Stephen Rothwell -- paul moore www.paul-moore.com