On Thu, Aug 15, 2024 at 4:32 AM Jeongjun Park <aha310510@xxxxxxxxx> wrote: > > IPPROTO_SMC feature has been added to net/smc. It is now possible to > create smc sockets in the following way: > > /* create v4 smc sock */ > v4 = socket(AF_INET, SOCK_STREAM, IPPROTO_SMC); > > /* create v6 smc sock */ > v6 = socket(AF_INET6, SOCK_STREAM, IPPROTO_SMC); > > Therefore, we need to add code to support IPPROTO_SMC in > socket_type_to_security_class(). > > Signed-off-by: Jeongjun Park <aha310510@xxxxxxxxx> > --- > security/selinux/hooks.c | 2 ++ > 1 file changed, 2 insertions(+) I'm a little concerned that the small patch below might not be all that is needed to properly support SMC in SELinux. Can you explain what testing you've done with SMC on a SELinux system? > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index bfa61e005aac..36f951f0c574 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1176,6 +1176,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc > return SECCLASS_TCP_SOCKET; > else if (extsockclass && protocol == IPPROTO_SCTP) > return SECCLASS_SCTP_SOCKET; > + else if (extsockclass && protocol == IPPROTO_SMC) > + return SECCLASS_SMC_SOCKET; > else > return SECCLASS_RAWIP_SOCKET; > case SOCK_DGRAM: -- paul-moore.com
