Bug 210425 - [labeled networking] NetLabel CIPSOv4 passthrough mapping does not work correctly
Summary: [labeled networking] NetLabel CIPSOv4 passthrough mapping does not work corre...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Eric Paris
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: 208884
TreeView+ depends on / blocked
 
Reported: 2006-10-11 23:27 UTC by Paul Moore
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version: beta2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-12-23 01:16:08 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Paul Moore 2006-10-11 23:27:36 UTC
Description of problem:
The NetLabel subsystem has a problem with the CIPSOv4 passthrough mapping does
not work correctly, in some cases kernel oopses are possibile.  There have been
patches posted to the SELinux and netdev mailing lists which fix these problems.

 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895810450&w=2
 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895712178&w=2
 * http://marc.theaimsgroup.com/?l=linux-netdev&m=116060895710963&w=2

Version-Release number of selected component (if applicable):
kernel-2.6.18-1.2725.el5

How reproducible:
Everytime

Steps to Reproduce:
1. netlabelctl cipsov4 add pass doi:1 tags:1
2. netlabelctl map del default
3. netlabelctl map add default protocol:cipsov4,1
4. runcon -l s0:c1 telnetl localhost
  
Actual results:
The kernel will oops.

Expected results:
The kernel will not oops.

Additional info:
This directly effects the LSPP efforts of RH, HP, and IBM.

Comment 1 Irina Boverman 2006-10-12 20:42:07 UTC
this defect should be resolved before rc1

Comment 2 Eric Paris 2006-10-16 20:03:22 UTC
Test kernel including fixes for this problem can be found at
people.redhat.com/sgrubb/ inside the lspp repo.  Look for lspp.52 or later.

Comment 3 Eric Paris 2006-10-26 18:26:13 UTC
posted for internel inclusion in RHEL5 on Oct 26

Comment 4 Jay Turner 2006-11-20 18:29:44 UTC
QE ack for RHEL5.

Comment 5 Don Zickus 2006-11-29 22:25:52 UTC
in 2.6.18-1.2767.el5

Comment 6 RHEL Program Management 2006-12-23 01:16:09 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.



Note You need to log in before you can comment on or make changes to this bug.