Hello, On Wed, 2020-12-16 at 08:31 -0800, Casey Schaufler wrote: > On 12/16/2020 3:55 AM, Paolo Abeni wrote: > > The MPTCP protocol uses a specific protocol value, even if > > it's an extension to TCP. Additionally, MPTCP sockets > > could 'fall-back' to TCP at run-time, depending on peer MPTCP > > support and available resources. > > > > As a consequence of the specific protocol number, selinux > > applies the raw_socket class to MPTCP sockets. > > Have you looked at the implications for Smack? AFAICS, the only hooks which can be affected is smack_socket_post_create() - that is, the only hook with a 'protocol' argument coming directly from the socket APIs. If I read the code correctly, such hook behaves independently from 'protocol' value. Overall no changes should be needed for smack. Thanks! Paolo
