Red Hat Bugzilla – Bug 210032
[labeled networking] correct netlabel secid for packets without a known label
Last modified: 2007-11-30 17:07:35 EST
Netlabel should be using SECSID_NULL for packets which have no known label. Not
the explicit SECSID_UNLABELED
*** Bug 209555 has been marked as a duplicate of this bug. ***
I think something may have been lost in translation, NetLabel should be using
SECINITSID_UNLABELED not SECINITSID_NETMSG; at least this is what the patches
accepted for 2.6.19 change (as well as the patches for RHEL5 I believe, I just
wanted to clarify this BZ entry).
Has someone verified the right thing is happening in the latest RHEL5 code?
There's no patch attached to this bug and no testing results so I'm not really
sure where we stand.
There is no way to determine from a running system if the patch is applied or
not as both SECINITSID_UNLABELED and SECINITSID_NETMSG have the same SELinux
context in all of the SELinux policies that are in RHEL5. The kernel source
must be verified to ensure the patch has been applied.
A pointer to the patch can be found in BZ 209555.
Patch confirmed with 2.6.18-8.el5.