talos-op-linux/security/selinux/nlmsgtab.c, branch v4.4.4 Talos™ II Linux sources for OpenPOWER https://git.raptorcs.com/git/talos-op-linux/atom?h=v4.4.4 2015-04-13T17:09:44+00:00 selinux/nlmsg: add a build time check for rtnl/xfrm cmds 2015-04-13T17:09:44+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-13T13:20:37+00:00 urn:sha1:cf890138087a6da2f56a642acb80476370b04332 When a new rtnl or xfrm command is added, this part of the code is frequently missing. Let's help the developer with a build time test. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_MAPPING 2015-04-13T01:19:40+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-10T14:24:28+00:00 urn:sha1:bd2cba07381a6dba60bc1c87ed8b37931d244da1 This command is missing. Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink") CC: Martin Willi <martin@strongswan.org> Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_MIGRATE 2015-04-13T01:19:40+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-10T14:24:27+00:00 urn:sha1:8d465bb777179c4bea731b828ec484088cc9fbc1 This command is missing. Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE") Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_REPORT 2015-04-13T01:19:40+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-10T14:24:26+00:00 urn:sha1:b0b59b0056acd6f157a04cc895f7e24692fb08aa This command is missing. Fixes: 97a64b4577ae ("[XFRM]: Introduce XFRM_MSG_REPORT.") Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO 2015-04-08T19:19:17+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-08T16:36:42+00:00 urn:sha1:5b5800fad072133e4a9c2efbf735baaac83dec86 These commands are missing. Fixes: 28d8909bc790 ("[XFRM]: Export SAD info.") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_GETSPDINFO 2015-04-08T19:19:17+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-08T16:36:41+00:00 urn:sha1:5e6deebafb45fb271ae6939d48832e920b8fb74e This command is missing. Fixes: ecfd6b183780 ("[XFRM]: Export SPD info") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add XFRM_MSG_NEWSPDINFO 2015-04-08T19:19:16+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-08T16:36:40+00:00 urn:sha1:2b7834d3e1b828429faa5dc41a480919e52d3f31 This new command is missing. Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink") Reported-by: Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add RTM_GETNSID 2015-04-08T19:19:16+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-08T16:36:39+00:00 urn:sha1:387f989a60db00207c39b9fe9ef32c897356aaba This new command is missing. Fixes: 9a9634545c70 ("netns: notify netns id events") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID 2015-04-08T19:19:15+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-08T16:36:38+00:00 urn:sha1:5bdfbc1f19d047a182d2bab102c22bbf2a1ea244 These new commands are missing. Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types 2014-02-05T17:20:48+00:00 Paul Moore pmoore@redhat.com 2014-01-28T19:45:41+00:00 urn:sha1:6a96e15096da6e7491107321cfa660c7c2aa119d The SELinux AF_NETLINK/NETLINK_SOCK_DIAG socket class was missing the SOCK_DIAG_BY_FAMILY definition which caused SELINUX_ERR messages when the ss tool was run. # ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 14189 * 14190 u_str ESTAB 0 0 * 14145 * 14144 u_str ESTAB 0 0 * 14151 * 14150 {...} # ausearch -m SELINUX_ERR ---- time->Thu Jan 23 11:11:16 2014 type=SYSCALL msg=audit(1390493476.445:374): arch=c000003e syscall=44 success=yes exit=40 a0=3 a1=7fff03aa11f0 a2=28 a3=0 items=0 ppid=1852 pid=1895 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ss" exe="/usr/sbin/ss" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=SELINUX_ERR msg=audit(1390493476.445:374): SELinux: unrecognized netlink message type=20 for sclass=32 Signed-off-by: Paul Moore <pmoore@redhat.com>