Bug 210425 - [labeled networking] NetLabel CIPSOv4 passthrough mapping does not work correctly
[labeled networking] NetLabel CIPSOv4 passthrough mapping does not work corre...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
Depends On:
Blocks: 208884
  Show dependency treegraph
Reported: 2006-10-11 19:27 EDT by Paul Moore
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: beta2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-22 20:16:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Moore 2006-10-11 19:27:36 EDT
Description of problem:
The NetLabel subsystem has a problem with the CIPSOv4 passthrough mapping does
not work correctly, in some cases kernel oopses are possibile.  There have been
patches posted to the SELinux and netdev mailing lists which fix these problems.

 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895810450&w=2
 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895712178&w=2
 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895710963&w=2

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. netlabelctl cipsov4 add pass doi:1 tags:1
2. netlabelctl map del default
3. netlabelctl map add default protocol:cipsov4,1
4. runcon -l s0:c1 telnetl localhost
Actual results:
The kernel will oops.

Expected results:
The kernel will not oops.

Additional info:
This directly effects the LSPP efforts of RH, HP, and IBM.
Comment 1 Irina Boverman 2006-10-12 16:42:07 EDT
this defect should be resolved before rc1
Comment 2 Eric Paris 2006-10-16 16:03:22 EDT
Test kernel including fixes for this problem can be found at
people.redhat.com/sgrubb/ inside the lspp repo.  Look for lspp.52 or later.
Comment 3 Eric Paris 2006-10-26 14:26:13 EDT
posted for internel inclusion in RHEL5 on Oct 26
Comment 4 Jay Turner 2006-11-20 13:29:44 EST
QE ack for RHEL5.
Comment 5 Don Zickus 2006-11-29 17:25:52 EST
in 2.6.18-1.2767.el5
Comment 6 RHEL Product and Program Management 2006-12-22 20:16:09 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.