| Message ID | 166008319941.447963.8509896484646848800.stgit@olly (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | tests/sctp: allow both ENOSPC and EINPROGRESS for CIPSO tag space errors | expand |
On Wed, Aug 10, 2022 at 12:14 AM Paul Moore <paul@paul-moore.com> wrote: > If the NetLabel subsystem in the kernel is configured to apply CIPSO > packet labels directly to the packets instead of the sockets, the > kernel will return EINPROGRESS on a failed connect(2) instead of > ENOSPC. This is due to differences in how the CIPSO labels are > applied to network traffic in the two cases and how the error > conditions are able to be propagated back to userspace. > > This patch allows both error codes to the relevant SCTP test cases. > > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > tests/sctp/test | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/tests/sctp/test b/tests/sctp/test > index 69dcbef..5626ab8 100755 > --- a/tests/sctp/test > +++ b/tests/sctp/test > @@ -508,7 +508,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c300", > # TAG 1 allows categories 0 to 239 to be sent > $result = system > "runcon -t test_sctp_client_t -l s0:c20.c300 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; > -ok( $result >> 8 eq 7 ); > +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); > > if ($test_clpeeloff) { > > @@ -675,7 +675,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c335", > # TAG 2 allows a maximum of 15 categories in exchange > $result = system > "runcon -t test_sctp_client_t -l s0:c200.c216 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; > -ok( $result >> 8 eq 7 ); > +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); > > if ($test_clpeeloff) { > > @@ -842,7 +842,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c50", > # TAG 2 allows a maximum of 7 ranges in exchange > $result = system > "runcon -t test_sctp_client_t -l s0:c20,c22,c24,c30.c33,c38,c42.c45,c48,c50 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; > -ok( $result >> 8 eq 7 ); > +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); > > if ($test_clpeeloff) { This patch makes sense regardless of the pending kernel fixes, so I applied it now: https://github.com/SELinuxProject/selinux-testsuite/commit/c04b5bb4bdcf894a6de6afa0e7e24911dee8dcbf Thanks!
On Tue, Aug 23, 2022 at 11:45 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > On Wed, Aug 10, 2022 at 12:14 AM Paul Moore <paul@paul-moore.com> wrote: > > If the NetLabel subsystem in the kernel is configured to apply CIPSO > > packet labels directly to the packets instead of the sockets, the > > kernel will return EINPROGRESS on a failed connect(2) instead of > > ENOSPC. This is due to differences in how the CIPSO labels are > > applied to network traffic in the two cases and how the error > > conditions are able to be propagated back to userspace. > > > > This patch allows both error codes to the relevant SCTP test cases. > > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > --- > > tests/sctp/test | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) ... > This patch makes sense regardless of the pending kernel fixes, so I > applied it now: > https://github.com/SELinuxProject/selinux-testsuite/commit/c04b5bb4bdcf894a6de6afa0e7e24911dee8dcbf Agreed, thanks Ondrej.
diff --git a/tests/sctp/test b/tests/sctp/test index 69dcbef..5626ab8 100755 --- a/tests/sctp/test +++ b/tests/sctp/test @@ -508,7 +508,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c300", # TAG 1 allows categories 0 to 239 to be sent $result = system "runcon -t test_sctp_client_t -l s0:c20.c300 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; -ok( $result >> 8 eq 7 ); +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); if ($test_clpeeloff) { @@ -675,7 +675,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c335", # TAG 2 allows a maximum of 15 categories in exchange $result = system "runcon -t test_sctp_client_t -l s0:c200.c216 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; -ok( $result >> 8 eq 7 ); +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); if ($test_clpeeloff) { @@ -842,7 +842,7 @@ $pid = server_start( "-t test_sctp_server_t -l s0:c20.c50", # TAG 2 allows a maximum of 7 ranges in exchange $result = system "runcon -t test_sctp_client_t -l s0:c20,c22,c24,c30.c33,c38,c42.c45,c48,c50 -- $basedir/sctp_client $v seq 127.0.0.1 1035 2>&1"; -ok( $result >> 8 eq 7 ); +ok( ( $result >> 8 eq 7 ) || ( $result >> 8 eq 6 ) ); if ($test_clpeeloff) {
If the NetLabel subsystem in the kernel is configured to apply CIPSO packet labels directly to the packets instead of the sockets, the kernel will return EINPROGRESS on a failed connect(2) instead of ENOSPC. This is due to differences in how the CIPSO labels are applied to network traffic in the two cases and how the error conditions are able to be propagated back to userspace. This patch allows both error codes to the relevant SCTP test cases. Signed-off-by: Paul Moore <paul@paul-moore.com> --- tests/sctp/test | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)