Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP connections
Casey Schaufler
casey at schaufler-ca.com
Tue Mar 30 15:42:04 UTC 2021
Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct
sk_acceptq_is_full()' breaks a system with the Smack LSM.
Reverting this change results in a return to correct behavior.
The Smack testsuite can be found at:
https://github.com/smack-team/smack-testsuite.git
The failing test is ipv4-tcp-local-peersec.sh, but it seems
that most TCP connections hang with SYN_SENT. Oddly, ssh
to 127.0.0.1 works, but other TCP connections timeout.
More information about the Linux-security-module-archive
mailing list