On Mon, Jan 9, 2017 at 8:27 PM, Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote: > Hi Paul, > > After merging the selinux tree, today's linux-next build (x86_64 > allmodconfig) failed like this: > > In file included from /home/sfr/next/next/security/selinux/avc.c:35:0: > /home/sfr/next/next/security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map. > #error New address family defined, please update secclass_map. > ^ > /home/sfr/next/next/security/selinux/hooks.c: In function 'socket_type_to_security_class': > /home/sfr/next/next/security/selinux/hooks.c:1409:2: error: #error New address family defined, please update this function. > > Caused by commit > > da69a5306ab9 ("selinux: support distinctions among all network address families") > > interacting with commit > > ac7138746e14 ("smc: establish new socket family") > > from the net-next tree. > > I added the following merge fix patch: Thanks Stephen. There are still some concerns around which protocol/address families require their own SELinux object class, but it looks like SMC should have it's own object class. If the "selinux: support distinctions among all network address families" commit doesn't go up to Linus during the next merge window I'll make sure it is updated for PF_SMC. > From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > Date: Tue, 10 Jan 2017 12:22:21 +1100 > Subject: [PATCH] selinux: merge fix for "smc: establish new socket family" > > Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 4 +++- > security/selinux/include/classmap.h | 4 +++- > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index bada3cd42b9c..712fd0e7c91d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1405,7 +1405,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc > return SECCLASS_KCM_SOCKET; > case PF_QIPCRTR: > return SECCLASS_QIPCRTR_SOCKET; > -#if PF_MAX > 43 > + case PF_SMC: > + return SECCLASS_SMC_SOCKET; > +#if PF_MAX > 44 > #error New address family defined, please update this function. > #endif > } > diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h > index 0dfd26d0b8d8..40f1d4f8bc2a 100644 > --- a/security/selinux/include/classmap.h > +++ b/security/selinux/include/classmap.h > @@ -235,9 +235,11 @@ struct security_class_mapping secclass_map[] = { > { COMMON_SOCK_PERMS, NULL } }, > { "qipcrtr_socket", > { COMMON_SOCK_PERMS, NULL } }, > + { "smc_socket", > + { COMMON_SOCK_PERMS, NULL } }, > { NULL } > }; > > -#if PF_MAX > 43 > +#if PF_MAX > 44 > #error New address family defined, please update secclass_map. > #endif > -- > 2.10.2 > > -- > Cheers, > Stephen Rothwell -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html