| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFqZXNumv+NNZjR4KSD-U7pDXszn1YwZoKwfYO2GxvHpaUnQHA@mail.gmail.com> Date: Mon, 10 Jun 2024 17:14:50 +0200 From: Ondrej Mosnacek <omosnace@...hat.com> To: Casey Schaufler <casey@...aufler-ca.com> Cc: Paul Moore <paul@...l-moore.com>, netdev@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH v2 0/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options On Fri, Jun 7, 2024 at 8:50 PM Casey Schaufler <casey@...aufler-ca.com> wrote: > > On 6/7/2024 9:07 AM, Ondrej Mosnacek wrote: > > This series aims to improve cipso_v4_skbuff_delattr() to fully > > remove the CIPSO options instead of just clearing them with NOPs. > > That is implemented in the second patch, while the first patch is > > a bugfix for cipso_v4_delopt() that the second patch depends on. > > > > Tested using selinux-testsuite a TMT/Beakerlib test from this PR: > > https://src.fedoraproject.org/tests/selinux/pull-request/488 > > Smack also uses CIPSO. The Smack testsuite is: > https://github.com/smack-team/smack-testsuite.git I tried to run it now, but 6 out of 114 tests fail for me already on the baseline kernel (I tried with the v6.9 tag from mainline). The output is not very verbose, so I'm not sure what is actually failing and if it's caused by something on my side... With my patches applied, the number of failed tests was the same, though, so there is no evidence of a regression, at least. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
Powered by blists - more mailing lists