On Wed, 2020-12-16 at 08:31 -0800, Casey Schaufler wrote:
On 12/16/2020 3:55 AM, Paolo Abeni wrote:
> The MPTCP protocol uses a specific protocol value, even if
> it's an extension to TCP. Additionally, MPTCP sockets
> could 'fall-back' to TCP at run-time, depending on peer MPTCP
> support and available resources.
> As a consequence of the specific protocol number, selinux
> applies the raw_socket class to MPTCP sockets.
Have you looked at the implications for Smack?
AFAICS, the only hooks which can be affected is
smack_socket_post_create() - that is, the only hook with a 'protocol'
argument coming directly from the socket APIs.
If I read the code correctly, such hook behaves independently from
'protocol' value. Overall no changes should be needed for smack.