On Sun, Jul 12, 2020 at 6:00 PM Richard Haines
<richard_c_haines@xxxxxxxxxxxxxx> wrote:
> Reviewed the tests using kernel tree: Documentation/security/SCTP.rst
>
> Added tests and policy for connectx(3) handling deny and
> SCTP_SENDMSG_CONNECT
> Added test and policy for bindx(3) deny
> Clarified the server test for ports < 1024
> Added comments regarding kernel net/sctp code locations to relevant tests
> Corrected policy for test_sctp_deny_peer_client_t
> Corrected ip/nf tables comment to deny read packet { recv }
> Added MCS-constrained type as suggested in [1]
>
> [1] https://lore.kernel.org/selinux/20200508154138.24217-7-stephen.smalley.work@xxxxxxxxx/
>
> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> ---
> policy/test_sctp.te | 43 +++++++++++++++++++++-----
> tests/sctp/sctp_bindx.c | 8 ++---
> tests/sctp/sctp_connectx.c | 47 +++++++++++++++++++++--------
> tests/sctp/test | 62 +++++++++++++++++++++++++++++++-------
> 4 files changed, 126 insertions(+), 34 deletions(-)
Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
