On Tue, Jul 28, 2020 at 10:02 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Sun, Jul 12, 2020 at 6:00 PM Richard Haines
> <richard_c_haines@xxxxxxxxxxxxxx> wrote:
> > Reviewed the tests using kernel tree: Documentation/security/SCTP.rst
> >
> > Added tests and policy for connectx(3) handling deny and
> > SCTP_SENDMSG_CONNECT
> > Added test and policy for bindx(3) deny
> > Clarified the server test for ports < 1024
> > Added comments regarding kernel net/sctp code locations to relevant tests
> > Corrected policy for test_sctp_deny_peer_client_t
> > Corrected ip/nf tables comment to deny read packet { recv }
> > Added MCS-constrained type as suggested in [1]
> >
> > [1] https://lore.kernel.org/selinux/20200508154138.24217-7-stephen.smalley.work@xxxxxxxxx/
> >
> > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> > ---
> > policy/test_sctp.te | 43 +++++++++++++++++++++-----
> > tests/sctp/sctp_bindx.c | 8 ++---
> > tests/sctp/sctp_connectx.c | 47 +++++++++++++++++++++--------
> > tests/sctp/test | 62 +++++++++++++++++++++++++++++++-------
> > 4 files changed, 126 insertions(+), 34 deletions(-)
>
> Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Now applied, thanks!
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
