Bug 210032 - [labeled networking] correct netlabel secid for packets without a known label
[labeled networking] correct netlabel secid for packets without a known label
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
: 209555 (view as bug list)
Depends On:
Blocks: 208884
  Show dependency treegraph
Reported: 2006-10-09 12:57 EDT by Eric Paris
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-19 13:04:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eric Paris 2006-10-09 12:57:58 EDT
Netlabel should be using SECSID_NULL for packets which have no known label.  Not
Comment 1 Don Zickus 2006-10-10 21:38:12 EDT
in kernel-2.6.18-1.2725.el5
Comment 2 Eric Paris 2006-10-11 10:23:23 EDT
*** Bug 209555 has been marked as a duplicate of this bug. ***
Comment 3 Paul Moore 2006-10-11 10:26:46 EDT
I think something may have been lost in translation, NetLabel should be using
SECINITSID_UNLABELED not SECINITSID_NETMSG; at least this is what the patches
accepted for 2.6.19 change (as well as the patches for RHEL5 I believe, I just
wanted to clarify this BZ entry).
Comment 4 Jay Turner 2007-02-13 11:50:22 EST
Has someone verified the right thing is happening in the latest RHEL5 code? 
There's no patch attached to this bug and no testing results so I'm not really
sure where we stand.
Comment 5 Paul Moore 2007-02-15 12:44:22 EST
There is no way to determine from a running system if the patch is applied or 
not as both SECINITSID_UNLABELED and SECINITSID_NETMSG have the same SELinux 
context in all of the SELinux policies that are in RHEL5.  The kernel source 
must be verified to ensure the patch has been applied.

A pointer to the patch can be found in BZ 209555.
Comment 6 Jay Turner 2007-02-19 13:04:16 EST
Patch confirmed with 2.6.18-8.el5.

Note You need to log in before you can comment on or make changes to this bug.