On Mon, Nov 27, 2023 at 9:51 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Mon, Nov 27, 2023 at 12:36 PM Alan Wandke <alanwandke.linux@xxxxxxxxx> wrote: > > > > In order to support the NETFILTER_NETLINK protocol, either NF_TABLES or IP_SET must be enabled. > > Neither are strict dependencies in Kconfig. Fix this by enabling NF_TABLES in the defconfig. > > > > Before: > > ./netlinkcreate: socket(AF_NETLINK, SOCK_DGRAM, netfilter/12): Protocol not supported > > not ok 3 > > # Test 3 got: "256" (./test at line 25) > > # Expected: "0" > > # ./test line 25 is: ok( $result, 0 ); > > > > After: > > ok 3 > > > > Signed-off-by: Alan Wandke <alanwandke.linux@xxxxxxxxx> > > Looks like we could enable it via a number of different config options > but we need NF_TABLES regardless for the secmark tests in inet_socket > and sctp to run, so adding that to the defconfig makes the most sense. > > Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> Seems reasonable, thanks! The patch is now applied: https://github.com/SELinuxProject/selinux-testsuite/commit/fa65d2f59c4d974ef736bc1cd3bfab75b78ac5f0 -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
