Bug 656950

Summary: If secmark packets are rejected by SELinux, the calling app should get a eperm returned
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dougsland, gansalmon, itamar, jonathan, kernel-maint, kmcmartin, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 656952 (view as bug list) Environment:
Last Closed: 2011-10-12 17:04:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 656952, 743245    

Description Daniel Walsh 2010-11-24 15:14:14 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2010-11-24 15:15:29 UTC 
Playing with SECMARK and trying to get certain failure situations, I notice links/firefox hang when selinux is blocking packet flow.
Comment 2 Eric Paris 2010-11-24 15:44:21 UTC 
upstream (net-next tree) commits (reverse order)

2fe66ec242d3f76e3b0101f36419e7e5405bcff3
04f6d70f6e64900a5d70a5fc199dd9d5fa787738
1f1aaf82825865a50cef0b4722607abb12aeee52
ee58681195bf243bafc44ca53f3c24429d096cce
da6836500414ae734cd9873c2d553db594f831e9
Comment 3 Kyle McMartin 2010-12-09 22:29:54 UTC 
Barf. I assume these are queued for .38?
Comment 4 Eric Paris 2010-12-09 23:24:34 UTC 
These secmark commits are all on the way to -38 in
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git

One or two of these might have already gone to stable:
15714f7b58011cf3948cab2988abea560240c74f
2606fd1fa5710205b23ee859563502aa18362447
1cc63249adfa957b34ca51effdee90ff8261d63f
1ae4de0cdf855305765592647025bde55e85e451
ff660c80d00b52287f1f67ee6c115dc0057bcdde

Actual patches for this bug (same as comment #2)
da6836500414ae734cd9873c2d553db594f831e9
ee58681195bf243bafc44ca53f3c24429d096cce
1f1aaf82825865a50cef0b4722607abb12aeee52
04f6d70f6e64900a5d70a5fc199dd9d5fa787738
2fe66ec242d3f76e3b0101f36419e7e5405bcff3