On Mon, May 13, 2019 at 6:50 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Fri, May 10, 2019 at 1:13 PM Paolo Abeni <pabeni@xxxxxxxxxx> wrote:
> > calling connect(AF_UNSPEC) on an already connected TCP socket is an
> > established way to disconnect() such socket. After commit 68741a8adab9
> > ("selinux: Fix ltp test connect-syscall failure") it no longer works
> > and, in the above scenario connect() fails with EAFNOSUPPORT.
> >
> > Fix the above explicitly early checking for AF_UNSPEC family, and
> > returning success in that case.
> >
> > Suggested-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > Fixes: 68741a8adab9 ("selinux: Fix ltp test connect-syscall failure")
> > Reported-by: Tom Deseyn <tdeseyn@xxxxxxxxxx>
> > Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
> > ---
> > v2 -> v3:
> > - do the check for AF_UNSPEC at the begining, as suggested by Paul
> > v1 -> v2:
> > - avoid validation for AF_UNSPEC
> > ---
> > security/selinux/hooks.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
>
> Thanks Paolo, this looks good. It sounded like DaveM wanted this to
> go to -stable so I'll merge it and mark it as such; I think I will
> wait until the end of this week just to see if there are any other
> things which crop up during the merge window.
Just a quick follow-up, I just merged this into selinux/stable-5.2 and
assuming the build/test runs clean overnight I'll send this to Linus
tomorrow. Thanks again for the report and the fix.
--
paul moore
www.paul-moore.com
