[PATCH] linux: handle MPTCP consistently with TCP

Paolo Abeni pabeni at redhat.com
Wed Dec 16 17:22:11 UTC 2020


On Wed, 2020-12-16 at 08:31 -0800, Casey Schaufler wrote:
> On 12/16/2020 3:55 AM, Paolo Abeni wrote:
> > The MPTCP protocol uses a specific protocol value, even if
> > it's an extension to TCP. Additionally, MPTCP sockets
> > could 'fall-back' to TCP at run-time, depending on peer MPTCP
> > support and available resources.
> > 
> > As a consequence of the specific protocol number, selinux
> > applies the raw_socket class to MPTCP sockets.
> Have you looked at the implications for Smack?

AFAICS, the only hooks which can be affected is
smack_socket_post_create() - that is, the only hook with a 'protocol'
argument coming directly from the socket APIs.

If I read the code correctly, such hook behaves independently from
'protocol' value. Overall no changes should be needed for smack.



More information about the Linux-security-module-archive mailing list