On Tue, Feb 15, 2022 at 11:58 AM Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> wrote: > > > > Em seg., 14 de fev. de 2022 21:54, Jakub Kicinski <kuba@xxxxxxxxxx> escreveu: >> >> On Mon, 14 Feb 2022 17:14:04 -0500 Paul Moore wrote: >> > If I can get an ACK from one of the SCTP and/or netdev folks I'll >> > merge this into the selinux/next branch. >> >> No objections here FWIW, I'd defer the official acking to the SCTP >> maintainers. > > > None from my side either, but I really want to hear from Xin. He has worked on this since day 0. > Looks okay to me. The difference from the old one is that: with selinux_sctp_process_new_assoc() called in selinux_sctp_assoc_established(), the client sksec->peer_sid is using the first asoc's peer_secid, instead of the latest asoc's peer_secid. And not sure if it will cause any problems when doing the extra check sksec->peer_sid != asoc->peer_secid for the latest asoc and *returns err*. But I don't know about selinux, I guess there must be a reason from selinux side. I will ACK on patch 0/2. Thanks Ondrej for working on this patiently.