[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9ce148b0-7694-83f7-0d04-546e2cae9500@6wind.com>
Date: Tue, 14 Sep 2021 09:50:10 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Eugene Syromiatnikov <esyr@...hat.com>,
Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Antony Antony <antony.antony@...unet.com>,
Christian Langrock <christian.langrock@...unet.com>
Cc: selinux@...r.kernel.org, Paul Moore <paul@...l-moore.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, "Dmitry V. Levin" <ldv@...ace.io>,
linux-api@...r.kernel.org
Subject: Re: [PATCH v2] include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI
breakage
Le 12/09/2021 à 14:22, Eugene Syromiatnikov a écrit :
> Commit 2d151d39073a ("xfrm: Add possibility to set the default to block
> if we have no policy") broke ABI by changing the value of the XFRM_MSG_MAPPING
> enum item, thus also evading the build-time check
> in security/selinux/nlmsgtab.c:selinux_nlmsg_lookup for presence of proper
> security permission checks in nlmsg_xfrm_perms. Fix it by placing
> XFRM_MSG_SETDEFAULT/XFRM_MSG_GETDEFAULT to the end of the enum, right before
> __XFRM_MSG_MAX, and updating the nlmsg_xfrm_perms accordingly.
>
> Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy")
> References: https://lore.kernel.org/netdev/20210901151402.GA2557@altlinux.org/
> Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Powered by blists - more mailing lists