On Wed, 2022-12-14 at 23:01 +0100, Paolo Abeni wrote: > This series is an attempt to solve the LSM labeling breakage > reported here: > > https://lore.kernel.org/linux-security-module/CAHC9VhSQnhH3UL4gqzu+YiA1Q3YyLLCv88gLJOvw-0+uw5Lvkw@xxxxxxxxxxxxxx/ > > As per previous discussion, a new LSM hook is introduced and > invoked by the mptcp code to let LSMs set the appropriate label > for the newly created subflow. > > I'm not sure the chosen hook name is a perfect fit, any suggestion > more then welcome. > The new hook requires both the mptcp socket reference and the > subflow socket reference, even if the provided LSM implementation > for selinux ends-up accessing only the subflow socket. Possibly > other LSM implementation could need or use the addtional parameter. I forgot to mention this has been tested vs the reproducer described in the above link and vs the mptcp self-tests. Cheers, Paolo
