Re: linux-next: build failure after merge of the selinux tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 9, 2017 at 8:27 PM, Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
> Hi Paul,
>
> After merging the selinux tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from /home/sfr/next/next/security/selinux/avc.c:35:0:
> /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
>  #error New address family defined, please update secclass_map.
>   ^
> /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class':
> /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function.
>
> Caused by commit
>
>   da69a5306ab9 ("selinux: support distinctions among all network address families")
>
> interacting with commit
>
>   ac7138746e14 ("smc: establish new socket family")
>
> from the net-next tree.
>
> I added the following merge fix patch:

Thanks Stephen.

There are still some concerns around which protocol/address families
require their own SELinux object class, but it looks like SMC should
have it's own object class.  If the "selinux: support distinctions
among all network address families" commit doesn't go up to Linus
during the next merge window I'll make sure it is updated for PF_SMC.

> From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> Date: Tue, 10 Jan 2017 12:22:21 +1100
> Subject: [PATCH] selinux: merge fix for "smc: establish new socket family"
>
> Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> ---
>  security/selinux/hooks.c            | 4 +++-
>  security/selinux/include/classmap.h | 4 +++-
>  2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index bada3cd42b9c..712fd0e7c91d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
>                         return SECCLASS_KCM_SOCKET;
>                 case PF_QIPCRTR:
>                         return SECCLASS_QIPCRTR_SOCKET;
> -#if PF_MAX > 43
> +               case PF_SMC:
> +                       return SECCLASS_SMC_SOCKET;
> +#if PF_MAX > 44
>  #error New address family defined, please update this function.
>  #endif
>                 }
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index 0dfd26d0b8d8..40f1d4f8bc2a 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = {
>           { COMMON_SOCK_PERMS, NULL } },
>         { "qipcrtr_socket",
>           { COMMON_SOCK_PERMS, NULL } },
> +       { "smc_socket",
> +         { COMMON_SOCK_PERMS, NULL } },
>         { NULL }
>    };
>
> -#if PF_MAX > 43
> +#if PF_MAX > 44
>  #error New address family defined, please update secclass_map.
>  #endif
> --
> 2.10.2
>
> --
> Cheers,
> Stephen Rothwell



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux