Paul Moore wrote: > > On Thu, Aug 15, 2024 at 4:32 AM Jeongjun Park <aha310510@xxxxxxxxx> wrote: > > > > IPPROTO_SMC feature has been added to net/smc. It is now possible to > > create smc sockets in the following way: > > > > /* create v4 smc sock */ > > v4 = socket(AF_INET, SOCK_STREAM, IPPROTO_SMC); > > > > /* create v6 smc sock */ > > v6 = socket(AF_INET6, SOCK_STREAM, IPPROTO_SMC); > > > > Therefore, we need to add code to support IPPROTO_SMC in > > socket_type_to_security_class(). > > > > Signed-off-by: Jeongjun Park <aha310510@xxxxxxxxx> > > --- > > security/selinux/hooks.c | 2 ++ > > 1 file changed, 2 insertions(+) > > I'm a little concerned that the small patch below might not be all > that is needed to properly support SMC in SELinux. Can you explain > what testing you've done with SMC on a SELinux system? I don't have much knowledge about smc, so I can't tested everything, but I created a socket, performed setsockopt, and tested two sockets communicating with each other. When I tested it, performing smc-related functions worked well without any major problems. And after analyzing it myself, I didn't see any additional patches needed to support IPPROTO_SMC in selinux other than this patch. So you don't have to worry. Regards, Jeongjun Park > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index bfa61e005aac..36f951f0c574 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -1176,6 +1176,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc > > return SECCLASS_TCP_SOCKET; > > else if (extsockclass && protocol == IPPROTO_SCTP) > > return SECCLASS_SCTP_SOCKET; > > + else if (extsockclass && protocol == IPPROTO_SMC) > > + return SECCLASS_SMC_SOCKET; > > else > > return SECCLASS_RAWIP_SOCKET; > > case SOCK_DGRAM: > > -- > paul-moore.com
