* [GIT PULL] SELinux patches for v4.17 @ 2018-04-04 1:37 Paul Moore 2018-04-06 23:07 ` Linus Torvalds 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2018-04-04 1:37 UTC (permalink / raw) To: Linus Torvalds; +Cc: selinux, linux-security-module, linux-kernel Hi Linus, A bigger than usual pull request for SELinux, 13 patches (lucky!) along with a scary looking diffstat. Although if you look a bit closer, excluding the usual minor tweaks/fixes, there are really only two significant changes in this pull request: the addition of proper SELinux access controls for SCTP and the encapsulation of a lot of internal SELinux state. The SCTP changes are the result of a multi-month effort (maybe even a year or longer?) between the SELinux folks and the SCTP folks to add proper SELinux controls. A special thanks go to Richard for seeing this through and keeping the effort moving forward. The state encapsulation work is a bit of janitorial work that came out of some early work on SELinux namespacing. The question of namespacing is still an open one, but I believe there is some real value in the encapsulation work so we've split that out and are now sending that up to you. Everything passes the selinux-testsuite, but there are a few known merge conflicts. The first is with the netdev tree and is in net/sctp/socket.c. Unfortunately it is a bit ugly, thankfully Stephen Rothwell has already done the heavy lifting in resolving the merge for you, and the SCTP folks have given his merge patch a thumbs-up. Link below: * https://marc.info/?l=linux-netdev&m=152047486123499&w=2 There are also two conflicts with James' security tree, both rather easy. The first is in security/selinux/hooks.c and is quite trivial, but since I've got the linux-next archive handy, here is a link to the merge fixup: * https://marc.info/?l=linux-next&m=152160312324537&w=2 The second security/SELinux conflict is in include/linux/lsm_hooks.h and while the size of the fixup is scary at first, it is really just the three new LSM/SCTP hooks and isn't that bad at all: * https://marc.info/?l=linux-next&m=152273068901460&w=2 In the past I know you have preferred to handle your own merge conflict resolution, but the above is a bit more than usual, at least for the SELinux tree. If you would prefer that I handle the merge conflicts and send you a new PR (or something else), let me know. Thanks, -Paul -- The following changes since commit 7928b2cbe55b2a410a0f5c1f154610059c57b1b2: Linux 4.16-rc1 (2018-02-11 15:04:29 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux -pr-20180403 for you to fetch changes up to 6b6bc6205d98796361962ee282a063f18ba8dc57: selinux: wrap AVC state (2018-03-20 16:58:17 -0400) ---------------------------------------------------------------- selinux/stable-4.17 PR 20180403 ---------------------------------------------------------------- Arnd Bergmann (1): selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration Paul Moore (1): selinux: rename the {is,set}_enforcing() functions Richard Haines (7): netlabel: If PF_INET6, check sk_buff ip header version security: Add support for SCTP security hooks sctp: Add ip option support sctp: Add LSM hooks selinux: Add SCTP support selinux: Fix ltp test connect-syscall failure selinux: Update SELinux SCTP documentation Stephen Smalley (4): selinux: wrap global selinux state selinux: fix handling of uninitialized selinux state in get_bools/classes selinux: wrap selinuxfs state selinux: wrap AVC state Documentation/security/LSM-sctp.rst | 175 +++++ Documentation/security/SELinux-sctp.rst | 158 +++++ include/linux/lsm_hooks.h | 36 + include/linux/security.h | 25 + include/net/sctp/sctp.h | 4 +- include/net/sctp/structs.h | 12 + include/uapi/linux/sctp.h | 1 + net/netlabel/netlabel_unlabeled.c | 10 + net/sctp/chunk.c | 10 +- net/sctp/ipv6.c | 45 +- net/sctp/output.c | 34 +- net/sctp/protocol.c | 43 ++ net/sctp/sm_make_chunk.c | 12 + net/sctp/sm_statefuns.c | 18 + net/sctp/socket.c | 73 +- security/security.c | 22 + security/selinux/avc.c | 282 ++++---- security/selinux/hooks.c | 922 +++++++++++++++++++------- security/selinux/ibpkey.c | 3 +- security/selinux/include/avc.h | 38 +- security/selinux/include/avc_ss.h | 9 +- security/selinux/include/classmap.h | 2 +- security/selinux/include/conditional.h | 11 +- security/selinux/include/netlabel.h | 22 +- security/selinux/include/objsec.h | 6 +- security/selinux/include/security.h | 231 +++++-- security/selinux/netif.c | 2 +- security/selinux/netlabel.c | 148 ++++- security/selinux/netnode.c | 4 +- security/selinux/netport.c | 2 +- security/selinux/selinuxfs.c | 493 ++++++++------ security/selinux/ss/avtab.c | 9 +- security/selinux/ss/avtab.h | 3 - security/selinux/ss/ebitmap.c | 7 +- security/selinux/ss/ebitmap.h | 3 - security/selinux/ss/hashtab.c | 8 +- security/selinux/ss/hashtab.h | 4 - security/selinux/ss/mls.c | 72 +- security/selinux/ss/mls.h | 38 +- security/selinux/ss/services.c | 1100 ++++++++++++++++++------------- security/selinux/ss/services.h | 24 +- security/selinux/ss/status.c | 47 +- security/selinux/xfrm.c | 23 +- 43 files changed, 2939 insertions(+), 1252 deletions(-) create mode 100644 Documentation/security/LSM-sctp.rst create mode 100644 Documentation/security/SELinux-sctp.rst -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-04 1:37 [GIT PULL] SELinux patches for v4.17 Paul Moore @ 2018-04-06 23:07 ` Linus Torvalds 2018-04-07 16:54 ` Richard Haines 2018-04-08 6:13 ` Xin Long 0 siblings, 2 replies; 12+ messages in thread From: Linus Torvalds @ 2018-04-06 23:07 UTC (permalink / raw) To: Paul Moore, Xin Long; +Cc: selinux, LSM List, Linux Kernel Mailing List On Tue, Apr 3, 2018 at 6:37 PM, Paul Moore <paul@paul-moore.com> wrote: > > Everything passes the selinux-testsuite, but there are a few known > merge conflicts. The first is with the netdev tree and is in > net/sctp/socket.c. Unfortunately it is a bit ugly, thankfully Stephen > Rothwell has already done the heavy lifting in resolving the merge for > you, and the SCTP folks have given his merge patch a thumbs-up. I ended up re-doing the merge, and it looks like some more sctp changes happened after Stephen's merge anyway, so mine didn't end up quite like his. Adding Xin Long to see if he can verify it again, but it all *looks* sane. While looking at it, it struck me that the new security hooks don't seem to hook into __sctp_connect(), which also does that scope = sctp_scope(&to); asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL); thing. Is that intentional? The sendmsg case does that security_sctp_bind_connect, the actual __sctp_connect() does not. This is not because I screwed up the merge - it's that way in the SELinux tree too. And I obviously _left_ it that way, but while doing the merge and trying to understand what was going on, this struck me. I'm probably missing something really obvious why the connect case doesn't want to do it thgere. NOTE! I do see it being done in __sctp_setsockopt_connectx(). But __sctp_connect() has another caller (in sctp_connect()) which doesn't have that security_sctp_bind_connect() call. So please check my resolution, but also somebody should tell me "Linus, you're a cretin, sctp_connect() doesn't want that security_sctp_bind_connect() at all because it was already done by XYZ" Linus ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-06 23:07 ` Linus Torvalds @ 2018-04-07 16:54 ` Richard Haines 2018-04-07 17:03 ` Linus Torvalds 2018-04-08 6:13 ` Xin Long 1 sibling, 1 reply; 12+ messages in thread From: Richard Haines @ 2018-04-07 16:54 UTC (permalink / raw) To: Linus Torvalds, Paul Moore, Xin Long Cc: selinux, LSM List, Linux Kernel Mailing List On Fri, 2018-04-06 at 16:07 -0700, Linus Torvalds wrote: > On Tue, Apr 3, 2018 at 6:37 PM, Paul Moore <paul@paul-moore.com> > wrote: > > > > Everything passes the selinux-testsuite, but there are a few known > > merge conflicts. The first is with the netdev tree and is in > > net/sctp/socket.c. Unfortunately it is a bit ugly, thankfully > > Stephen > > Rothwell has already done the heavy lifting in resolving the merge > > for > > you, and the SCTP folks have given his merge patch a thumbs-up. > > I ended up re-doing the merge, and it looks like some more sctp > changes happened after Stephen's merge anyway, so mine didn't end up > quite like his. > > Adding Xin Long to see if he can verify it again, but it all *looks* > sane. > > While looking at it, it struck me that the new security hooks don't > seem to hook into __sctp_connect(), which also does that > > scope = sctp_scope(&to); > asoc = sctp_association_new(ep, sk, scope, > GFP_KERNEL); > > thing. Is that intentional? The sendmsg case does that > security_sctp_bind_connect, the actual __sctp_connect() does not. > > This is not because I screwed up the merge - it's that way in the > SELinux tree too. And I obviously _left_ it that way, but while doing > the merge and trying to understand what was going on, this struck me. > > I'm probably missing something really obvious why the connect case > doesn't want to do it thgere. > > NOTE! I do see it being done in __sctp_setsockopt_connectx(). But > __sctp_connect() has another caller (in sctp_connect()) which doesn't > have that security_sctp_bind_connect() call. > > So please check my resolution, but also somebody should tell me > "Linus, you're a cretin, sctp_connect() doesn't want that > security_sctp_bind_connect() at all because it was already done by > XYZ" > > Linus Thought I would answer the questions as I wrote the SELinux/SCTP patches. sctp_connect() or __sctp_connect() do not need to call security_sctp_bind_connect(). This is because the connect(2) call will handle the checks required via security_socket_connect(): connect(2) | SYSCALL_DEFINE3(connect, ....) | security_socket_connect() | sctp_connect() SCTP uses security_sctp_bind_connect() as this can handle one or more addresses for either sctp_connectx(3) or sctp_bindx(3). It is also used for handling the sendmsg(2) and sctp_sendmsg(3) calls in SCTP for a new association (that is effectively a "connect"). Hope this helps Richard > -- > To unsubscribe from this list: send the line "unsubscribe linux- > security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-07 16:54 ` Richard Haines @ 2018-04-07 17:03 ` Linus Torvalds 2018-04-08 12:50 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Linus Torvalds @ 2018-04-07 17:03 UTC (permalink / raw) To: Richard Haines Cc: Paul Moore, Xin Long, selinux, LSM List, Linux Kernel Mailing List On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines <richard_c_haines@btinternet.com> wrote: >> >> So please check my resolution, but also somebody should tell me >> "Linus, you're a cretin, sctp_connect() doesn't want that >> security_sctp_bind_connect() at all because it was already done by >> XYZ" > > sctp_connect() or __sctp_connect() do not need to call > security_sctp_bind_connect(). This is because the connect(2) call will > handle the checks required via security_socket_connect(): Ok, thanks, that's exactly what I wanted to get. Anyway, somebody should still verify that it all looks good in my tree, but I don't actually expect the merge to have had any issues even if the refactoring made it a bit more complex than most merges are. Linus ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-07 17:03 ` Linus Torvalds @ 2018-04-08 12:50 ` Paul Moore 2018-04-08 14:09 ` Richard Haines 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2018-04-08 12:50 UTC (permalink / raw) To: Linus Torvalds, Richard Haines Cc: Xin Long, selinux, LSM List, Linux Kernel Mailing List On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines <richard_c_haines@btinternet.com> wrote: So please check my resolution, but also somebody should tell me "Linus, you're a cretin, sctp_connect() doesn't want that security_sctp_bind_connect() at all because it was already done by XYZ" sctp_connect() or __sctp_connect() do not need to call security_sctp_bind_connect(). This is because the connect(2) call will handle the checks required via security_socket_connect(): Ok, thanks, that's exactly what I wanted to get. Anyway, somebody should still verify that it all looks good in my tree, but I don't actually expect the merge to have had any issues even if the refactoring made it a bit more complex than most merges are. Thanks for the quick response Richard. Xin Long looked it over and gave it the thumbs up, I'll take a look too, but to be honest I trust his SCTP understanding much more than mine. I also do weekly tests of each rcX release at a minimum so if something odd pops up I'll make sure you get a fix. Thanks again everyone. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 12:50 ` Paul Moore @ 2018-04-08 14:09 ` Richard Haines 2018-04-08 17:43 ` Xin Long 0 siblings, 1 reply; 12+ messages in thread From: Richard Haines @ 2018-04-08 14:09 UTC (permalink / raw) To: Paul Moore, Linus Torvalds Cc: Xin Long, selinux, LSM List, Linux Kernel Mailing List On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: > On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foundation > .org> wrote: > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines > <richard_c_haines@btinternet.com> wrote: > > So please check my resolution, but also somebody should tell me > "Linus, you're a cretin, sctp_connect() doesn't want that > security_sctp_bind_connect() at all because it was already done by > XYZ" > > sctp_connect() or __sctp_connect() do not need to call > security_sctp_bind_connect(). This is because the connect(2) call > will > handle the checks required via security_socket_connect(): > > Ok, thanks, that's exactly what I wanted to get. > > Anyway, somebody should still verify that it all looks good in my > tree, but I don't actually expect the merge to have had any issues > even if the refactoring made it a bit more complex than most merges > are. > > Thanks for the quick response Richard. > > Xin Long looked it over and gave it the thumbs up, I'll take a look > too, but to be honest I trust his SCTP understanding much more than > mine. I also do weekly tests of each rcX release at a minimum so if > something odd pops up I'll make sure you get a fix. > > Thanks again everyone. I built the kernel this morning and sorry to spoil the party, but I've run into a problem with lksctp-tools when running the func_tests: make v6test .. .. ./test_timetolive_v6 test_timetolive.c 0 INFO : Creating fillmsg of size 3087 test_timetolive.c 1 PASS : Send a message with timeout test_timetolive.c 2 PASS : Send a message with no timeout test_timetolive.c 3 PASS : Send a fragmented message with timeout test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** test_timetolive.c 4 BROK : Got a datamsg of unexpected length:23, expected length:27 DUMP_CORE sctputil.c: 247 /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a test_timetolive_v6 fails make v4 test fails the same way. I'm using lksctp-tools from [1]. I have not investigated the cause yet as just found this and thought I should flag first just in case someone has the answer !!! On the bright side, I've run the sctp-tests from [2] with no problems and also the selinux-testsuite with my SCTP patch from [3] using an updated Fedora policy from [4] (with sctp support added), all in enforcing mode. Also the LTP test passed: cd /opt/ltp/ cat runtest/syscalls |grep connect01>runtest/connect-syscall ./runltp -pq -f connect-syscall .... [1] https://github.com/sctp/lksctp-tools [2] https://github.com/sctp/sctp-tests [3] https://marc.info/?l=selinux&m=152156947715709&w=2 [4] https://github.com/fedora-selinux/selinux-policy > > -- > paul moore > www.paul-moore.com > > > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 14:09 ` Richard Haines @ 2018-04-08 17:43 ` Xin Long 2018-04-08 18:59 ` Richard Haines 0 siblings, 1 reply; 12+ messages in thread From: Xin Long @ 2018-04-08 17:43 UTC (permalink / raw) To: Richard Haines Cc: Paul Moore, Linus Torvalds, selinux, LSM List, Linux Kernel Mailing List On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines <richard_c_haines@btinternet.com> wrote: > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: >> On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foundation >> .org> wrote: >> On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines >> <richard_c_haines@btinternet.com> wrote: >> >> So please check my resolution, but also somebody should tell me >> "Linus, you're a cretin, sctp_connect() doesn't want that >> security_sctp_bind_connect() at all because it was already done by >> XYZ" >> >> sctp_connect() or __sctp_connect() do not need to call >> security_sctp_bind_connect(). This is because the connect(2) call >> will >> handle the checks required via security_socket_connect(): >> >> Ok, thanks, that's exactly what I wanted to get. >> >> Anyway, somebody should still verify that it all looks good in my >> tree, but I don't actually expect the merge to have had any issues >> even if the refactoring made it a bit more complex than most merges >> are. >> >> Thanks for the quick response Richard. >> >> Xin Long looked it over and gave it the thumbs up, I'll take a look >> too, but to be honest I trust his SCTP understanding much more than >> mine. I also do weekly tests of each rcX release at a minimum so if >> something odd pops up I'll make sure you get a fix. >> >> Thanks again everyone. > > I built the kernel this morning and sorry to spoil the party, but I've > run into a problem with lksctp-tools when running the func_tests: > > make v6test > .. > .. > ./test_timetolive_v6 > test_timetolive.c 0 INFO : Creating fillmsg of size 3087 > test_timetolive.c 1 PASS : Send a message with timeout > test_timetolive.c 2 PASS : Send a message with no timeout > test_timetolive.c 3 PASS : Send a fragmented message with timeout > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** > test_timetolive.c 4 BROK : Got a datamsg of unexpected length:23, > expected length:27 > DUMP_CORE sctputil.c: 247 > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a > test_timetolive_v6 fails > > make v4 test fails the same way. I'm using lksctp-tools from [1]. I > have not investigated the cause yet as just found this and thought I > should flag first just in case someone has the answer !!! test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, I had another case failed,./test_1_to_1_events, it's caused by: commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b Author: Xin Long <lucien.xin@gmail.com> Date: Wed Mar 14 19:05:34 2018 +0800 sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT It's not kernel's issue, after that commit, ./test_1_to_1_events should have been improved. or avoid it by 'sysctl -w net.sctp.auth_enable=1' I'm not sure why test_timetolive(_v6) is not working in your env. > > On the bright side, I've run the sctp-tests from [2] with no problems > and also the selinux-testsuite with my SCTP patch from [3] using an > updated Fedora policy from [4] (with sctp support added), all in > enforcing mode. > > Also the LTP test passed: > cd /opt/ltp/ > cat runtest/syscalls |grep connect01>runtest/connect-syscall > ./runltp -pq -f connect-syscall > .... > > [1] https://github.com/sctp/lksctp-tools > [2] https://github.com/sctp/sctp-tests > [3] https://marc.info/?l=selinux&m=152156947715709&w=2 > [4] https://github.com/fedora-selinux/selinux-policy > > >> >> -- >> paul moore >> www.paul-moore.com >> >> >> ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 17:43 ` Xin Long @ 2018-04-08 18:59 ` Richard Haines 2018-04-08 22:44 ` Richard Haines 0 siblings, 1 reply; 12+ messages in thread From: Richard Haines @ 2018-04-08 18:59 UTC (permalink / raw) To: Xin Long Cc: Paul Moore, Linus Torvalds, selinux, LSM List, Linux Kernel Mailing List On Mon, 2018-04-09 at 01:43 +0800, Xin Long wrote: > On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines > <richard_c_haines@btinternet.com> wrote: > > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: > > > On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-founda > > > tion > > > .org> wrote: > > > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines > > > <richard_c_haines@btinternet.com> wrote: > > > > > > So please check my resolution, but also somebody should tell me > > > "Linus, you're a cretin, sctp_connect() doesn't want that > > > security_sctp_bind_connect() at all because it was already done > > > by > > > XYZ" > > > > > > sctp_connect() or __sctp_connect() do not need to call > > > security_sctp_bind_connect(). This is because the connect(2) call > > > will > > > handle the checks required via security_socket_connect(): > > > > > > Ok, thanks, that's exactly what I wanted to get. > > > > > > Anyway, somebody should still verify that it all looks good in my > > > tree, but I don't actually expect the merge to have had any > > > issues > > > even if the refactoring made it a bit more complex than most > > > merges > > > are. > > > > > > Thanks for the quick response Richard. > > > > > > Xin Long looked it over and gave it the thumbs up, I'll take a > > > look > > > too, but to be honest I trust his SCTP understanding much more > > > than > > > mine. I also do weekly tests of each rcX release at a minimum so > > > if > > > something odd pops up I'll make sure you get a fix. > > > > > > Thanks again everyone. > > > > I built the kernel this morning and sorry to spoil the party, but > > I've > > run into a problem with lksctp-tools when running the func_tests: > > > > make v6test > > .. > > .. > > ./test_timetolive_v6 > > test_timetolive.c 0 INFO : Creating fillmsg of size 3087 > > test_timetolive.c 1 PASS : Send a message with timeout > > test_timetolive.c 2 PASS : Send a message with no timeout > > test_timetolive.c 3 PASS : Send a fragmented message with timeout > > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** > > test_timetolive.c 4 BROK : Got a datamsg of unexpected length:23, > > expected length:27 > > DUMP_CORE sctputil.c: 247 > > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a > > test_timetolive_v6 fails > > > > make v4 test fails the same way. I'm using lksctp-tools from [1]. I > > have not investigated the cause yet as just found this and thought > > I > > should flag first just in case someone has the answer !!! > > test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, I > had > another case failed,./test_1_to_1_events, it's caused by: > commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b > Author: Xin Long <lucien.xin@gmail.com> > Date: Wed Mar 14 19:05:34 2018 +0800 > > sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT > > It's not kernel's issue, after that commit, ./test_1_to_1_events > should > have been improved. or avoid it by 'sysctl -w net.sctp.auth_enable=1' > > I'm not sure why test_timetolive(_v6) is not working in your env. It appears to depend on the run sequence of the tests. I rebooted the system, ran test_timetolive_v6, it worked okay. Ran "sctp-tests run" on a terminal, then ran test_timetolive_v6 at various intervals on another terminal. Once sctp-tests started the "=== ndatasched ===" sequence, test_timetolive_v6 failed. > > > > > On the bright side, I've run the sctp-tests from [2] with no > > problems > > and also the selinux-testsuite with my SCTP patch from [3] using an > > updated Fedora policy from [4] (with sctp support added), all in > > enforcing mode. > > > > Also the LTP test passed: > > cd /opt/ltp/ > > cat runtest/syscalls |grep connect01>runtest/connect-syscall > > ./runltp -pq -f connect-syscall > > .... > > > > [1] https://github.com/sctp/lksctp-tools > > [2] https://github.com/sctp/sctp-tests > > [3] https://marc.info/?l=selinux&m=152156947715709&w=2 > > [4] https://github.com/fedora-selinux/selinux-policy > > > > > > > > > > -- > > > paul moore > > > www.paul-moore.com > > > > > > > > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux- > security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 18:59 ` Richard Haines @ 2018-04-08 22:44 ` Richard Haines 2018-04-09 5:31 ` Xin Long 0 siblings, 1 reply; 12+ messages in thread From: Richard Haines @ 2018-04-08 22:44 UTC (permalink / raw) To: Xin Long; +Cc: LSM List, Linus Torvalds, selinux, Linux Kernel Mailing List On Sun, 2018-04-08 at 19:59 +0100, Richard Haines via Selinux wrote: > On Mon, 2018-04-09 at 01:43 +0800, Xin Long wrote: > > On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines > > <richard_c_haines@btinternet.com> wrote: > > > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: > > > > On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foun > > > > da > > > > tion > > > > .org> wrote: > > > > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines > > > > <richard_c_haines@btinternet.com> wrote: > > > > > > > > So please check my resolution, but also somebody should tell me > > > > "Linus, you're a cretin, sctp_connect() doesn't want that > > > > security_sctp_bind_connect() at all because it was already done > > > > by > > > > XYZ" > > > > > > > > sctp_connect() or __sctp_connect() do not need to call > > > > security_sctp_bind_connect(). This is because the connect(2) > > > > call > > > > will > > > > handle the checks required via security_socket_connect(): > > > > > > > > Ok, thanks, that's exactly what I wanted to get. > > > > > > > > Anyway, somebody should still verify that it all looks good in > > > > my > > > > tree, but I don't actually expect the merge to have had any > > > > issues > > > > even if the refactoring made it a bit more complex than most > > > > merges > > > > are. > > > > > > > > Thanks for the quick response Richard. > > > > > > > > Xin Long looked it over and gave it the thumbs up, I'll take a > > > > look > > > > too, but to be honest I trust his SCTP understanding much more > > > > than > > > > mine. I also do weekly tests of each rcX release at a minimum > > > > so > > > > if > > > > something odd pops up I'll make sure you get a fix. > > > > > > > > Thanks again everyone. > > > > > > I built the kernel this morning and sorry to spoil the party, but > > > I've > > > run into a problem with lksctp-tools when running the func_tests: > > > > > > make v6test > > > .. > > > .. > > > ./test_timetolive_v6 > > > test_timetolive.c 0 INFO : Creating fillmsg of size 3087 > > > test_timetolive.c 1 PASS : Send a message with timeout > > > test_timetolive.c 2 PASS : Send a message with no timeout > > > test_timetolive.c 3 PASS : Send a fragmented message with > > > timeout > > > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** > > > test_timetolive.c 4 BROK : Got a datamsg of unexpected > > > length:23, > > > expected length:27 > > > DUMP_CORE sctputil.c: 247 > > > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a > > > test_timetolive_v6 fails > > > > > > make v4 test fails the same way. I'm using lksctp-tools from [1]. > > > I > > > have not investigated the cause yet as just found this and > > > thought > > > I > > > should flag first just in case someone has the answer !!! > > > > test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, > > I > > had > > another case failed,./test_1_to_1_events, it's caused by: > > commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b > > Author: Xin Long <lucien.xin@gmail.com> > > Date: Wed Mar 14 19:05:34 2018 +0800 > > > > sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT > > > > It's not kernel's issue, after that commit, ./test_1_to_1_events > > should > > have been improved. or avoid it by 'sysctl -w > > net.sctp.auth_enable=1' > > > > I'm not sure why test_timetolive(_v6) is not working in your env. > > It appears to depend on the run sequence of the tests. I rebooted the > system, ran test_timetolive_v6, it worked okay. > Ran "sctp-tests run" on a terminal, then ran test_timetolive_v6 at > various intervals on another terminal. Once sctp-tests started the > "=== > ndatasched ===" sequence, test_timetolive_v6 failed. 1) When SCTP is initialised /proc/sys/net/sctp/prsctp_enable = 1 2) When sctp-tests/testcase/regression/extoverflow/test.sh is executed, on exit it sets prsctp_enable = 0. This seems to be causing the issue I'm seeing. I can now simulate the problem: Running from fresh boot: checksctp cat /proc/sys/net/sctp/prsctp_enable 1 ./test_timetolive_v6 passes echo 0 > /proc/sys/net/sctp/prsctp_enable ./test_timetolive_v6 fails echo 1 > /proc/sys/net/sctp/prsctp_enable ./test_timetolive_v6 passes I've no idea why as yet !!! > > > > > > > > > On the bright side, I've run the sctp-tests from [2] with no > > > problems > > > and also the selinux-testsuite with my SCTP patch from [3] using > > > an > > > updated Fedora policy from [4] (with sctp support added), all in > > > enforcing mode. > > > > > > Also the LTP test passed: > > > cd /opt/ltp/ > > > cat runtest/syscalls |grep connect01>runtest/connect-syscall > > > ./runltp -pq -f connect-syscall > > > .... > > > > > > [1] https://github.com/sctp/lksctp-tools > > > [2] https://github.com/sctp/sctp-tests > > > [3] https://marc.info/?l=selinux&m=152156947715709&w=2 > > > [4] https://github.com/fedora-selinux/selinux-policy > > > > > > > > > > > > > > -- > > > > paul moore > > > > www.paul-moore.com > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux- > > security-module" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 22:44 ` Richard Haines @ 2018-04-09 5:31 ` Xin Long 0 siblings, 0 replies; 12+ messages in thread From: Xin Long @ 2018-04-09 5:31 UTC (permalink / raw) To: Richard Haines Cc: LSM List, Linus Torvalds, selinux, Linux Kernel Mailing List On Mon, Apr 9, 2018 at 6:44 AM, Richard Haines <richard_c_haines@btinternet.com> wrote: > On Sun, 2018-04-08 at 19:59 +0100, Richard Haines via Selinux wrote: >> On Mon, 2018-04-09 at 01:43 +0800, Xin Long wrote: >> > On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines >> > <richard_c_haines@btinternet.com> wrote: >> > > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: >> > > > On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foun >> > > > da >> > > > tion >> > > > .org> wrote: >> > > > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines >> > > > <richard_c_haines@btinternet.com> wrote: >> > > > >> > > > So please check my resolution, but also somebody should tell me >> > > > "Linus, you're a cretin, sctp_connect() doesn't want that >> > > > security_sctp_bind_connect() at all because it was already done >> > > > by >> > > > XYZ" >> > > > >> > > > sctp_connect() or __sctp_connect() do not need to call >> > > > security_sctp_bind_connect(). This is because the connect(2) >> > > > call >> > > > will >> > > > handle the checks required via security_socket_connect(): >> > > > >> > > > Ok, thanks, that's exactly what I wanted to get. >> > > > >> > > > Anyway, somebody should still verify that it all looks good in >> > > > my >> > > > tree, but I don't actually expect the merge to have had any >> > > > issues >> > > > even if the refactoring made it a bit more complex than most >> > > > merges >> > > > are. >> > > > >> > > > Thanks for the quick response Richard. >> > > > >> > > > Xin Long looked it over and gave it the thumbs up, I'll take a >> > > > look >> > > > too, but to be honest I trust his SCTP understanding much more >> > > > than >> > > > mine. I also do weekly tests of each rcX release at a minimum >> > > > so >> > > > if >> > > > something odd pops up I'll make sure you get a fix. >> > > > >> > > > Thanks again everyone. >> > > >> > > I built the kernel this morning and sorry to spoil the party, but >> > > I've >> > > run into a problem with lksctp-tools when running the func_tests: >> > > >> > > make v6test >> > > .. >> > > .. >> > > ./test_timetolive_v6 >> > > test_timetolive.c 0 INFO : Creating fillmsg of size 3087 >> > > test_timetolive.c 1 PASS : Send a message with timeout >> > > test_timetolive.c 2 PASS : Send a message with no timeout >> > > test_timetolive.c 3 PASS : Send a fragmented message with >> > > timeout >> > > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** >> > > test_timetolive.c 4 BROK : Got a datamsg of unexpected >> > > length:23, >> > > expected length:27 >> > > DUMP_CORE sctputil.c: 247 >> > > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a >> > > test_timetolive_v6 fails >> > > >> > > make v4 test fails the same way. I'm using lksctp-tools from [1]. >> > > I >> > > have not investigated the cause yet as just found this and >> > > thought >> > > I >> > > should flag first just in case someone has the answer !!! >> > >> > test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, >> > I >> > had >> > another case failed,./test_1_to_1_events, it's caused by: >> > commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b >> > Author: Xin Long <lucien.xin@gmail.com> >> > Date: Wed Mar 14 19:05:34 2018 +0800 >> > >> > sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT >> > >> > It's not kernel's issue, after that commit, ./test_1_to_1_events >> > should >> > have been improved. or avoid it by 'sysctl -w >> > net.sctp.auth_enable=1' >> > >> > I'm not sure why test_timetolive(_v6) is not working in your env. >> >> It appears to depend on the run sequence of the tests. I rebooted the >> system, ran test_timetolive_v6, it worked okay. >> Ran "sctp-tests run" on a terminal, then ran test_timetolive_v6 at >> various intervals on another terminal. Once sctp-tests started the >> "=== >> ndatasched ===" sequence, test_timetolive_v6 failed. > > 1) When SCTP is initialised /proc/sys/net/sctp/prsctp_enable = 1 > 2) When sctp-tests/testcase/regression/extoverflow/test.sh is executed, > on exit it sets prsctp_enable = 0. This seems to be causing the issue > I'm seeing. I can now simulate the problem: > > Running from fresh boot: > checksctp > cat /proc/sys/net/sctp/prsctp_enable > 1 > ./test_timetolive_v6 > passes > echo 0 > /proc/sys/net/sctp/prsctp_enable > ./test_timetolive_v6 > fails > echo 1 > /proc/sys/net/sctp/prsctp_enable > ./test_timetolive_v6 > passes I see ... commit 8ae808eb853e3789b81b8a502cdf22bb01b76880 Author: Xin Long <lucien.xin@gmail.com> Date: Sat Oct 8 11:40:16 2016 +0800 sctp: remove the old ttl expires policy ttl expire is considered as one of the prsctp policies after this commit, so prsctp_enable is required. I will think to update this test case in lksctp-tools. Thanks for the reproducer. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-06 23:07 ` Linus Torvalds 2018-04-07 16:54 ` Richard Haines @ 2018-04-08 6:13 ` Xin Long 2018-04-08 12:45 ` Paul Moore 1 sibling, 1 reply; 12+ messages in thread From: Xin Long @ 2018-04-08 6:13 UTC (permalink / raw) To: Linus Torvalds; +Cc: Paul Moore, selinux, LSM List, Linux Kernel Mailing List On Sat, Apr 7, 2018 at 7:07 AM, Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Tue, Apr 3, 2018 at 6:37 PM, Paul Moore <paul@paul-moore.com> wrote: >> >> Everything passes the selinux-testsuite, but there are a few known >> merge conflicts. The first is with the netdev tree and is in >> net/sctp/socket.c. Unfortunately it is a bit ugly, thankfully Stephen >> Rothwell has already done the heavy lifting in resolving the merge for >> you, and the SCTP folks have given his merge patch a thumbs-up. > > I ended up re-doing the merge, and it looks like some more sctp > changes happened after Stephen's merge anyway, so mine didn't end up > quite like his. > You're right, a sctp fix went into net-next after Stephen's that merge. https://patchwork.ozlabs.org/patch/884469/ (v1) https://patchwork.ozlabs.org/patch/884971/ (v2) Which caused the resolution to have changed again. I've checked the new resolution on your tree, the SCTP part is all good. Thanks. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [GIT PULL] SELinux patches for v4.17 2018-04-08 6:13 ` Xin Long @ 2018-04-08 12:45 ` Paul Moore 0 siblings, 0 replies; 12+ messages in thread From: Paul Moore @ 2018-04-08 12:45 UTC (permalink / raw) To: Xin Long, Linus Torvalds; +Cc: selinux, LSM List, Linux Kernel Mailing List On April 8, 2018 2:13:51 AM Xin Long <lucien.xin@gmail.com> wrote: On Sat, Apr 7, 2018 at 7:07 AM, Linus Torvalds <torvalds@linux-foundation.org> wrote: On Tue, Apr 3, 2018 at 6:37 PM, Paul Moore <paul@paul-moore.com> wrote: Everything passes the selinux-testsuite, but there are a few known merge conflicts. The first is with the netdev tree and is in net/sctp/socket.c. Unfortunately it is a bit ugly, thankfully Stephen Rothwell has already done the heavy lifting in resolving the merge for you, and the SCTP folks have given his merge patch a thumbs-up. I ended up re-doing the merge, and it looks like some more sctp changes happened after Stephen's merge anyway, so mine didn't end up quite like his. You're right, a sctp fix went into net-next after Stephen's that merge. https://patchwork.ozlabs.org/patch/884469/ (v1) https://patchwork.ozlabs.org/patch/884971/ (v2) Which caused the resolution to have changed again. I've checked the new resolution on your tree, the SCTP part is all good. Thanks for double checking that Xin. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2018-04-09 5:31 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-04-04 1:37 [GIT PULL] SELinux patches for v4.17 Paul Moore 2018-04-06 23:07 ` Linus Torvalds 2018-04-07 16:54 ` Richard Haines 2018-04-07 17:03 ` Linus Torvalds 2018-04-08 12:50 ` Paul Moore 2018-04-08 14:09 ` Richard Haines 2018-04-08 17:43 ` Xin Long 2018-04-08 18:59 ` Richard Haines 2018-04-08 22:44 ` Richard Haines 2018-04-09 5:31 ` Xin Long 2018-04-08 6:13 ` Xin Long 2018-04-08 12:45 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).