stephensmalley
commented
7 years ago I believe this is resolved by commit a4b5aaf1a4709b1c55f5fb95f21cc63c1bdc5e3f, which adds a "pass" configuration in tests/inet_socket/cipso-load and tests it.
Closed pcmoore closed 6 years ago
stephensmalley
commented
7 years ago I believe this is resolved by commit a4b5aaf1a4709b1c55f5fb95f21cc63c1bdc5e3f, which adds a "pass" configuration in tests/inet_socket/cipso-load and tests it.
pcmoore
commented
7 years ago Let's keep this open, that commit only adds support for tag type 5 (ranged categories); we should test for both tag type 1 (category bitmap) and type 2 (enumerated categories). Tag type 1 is probably the most important as it is the "default" supported across implementations.
pcmoore
commented
6 years ago Thanks to commit 9d7d40ab1e04a6e679023a48ee2765fc3f8ca1ca I think we can close this now.
The inet_socket tests currently use the "local" type to send full SELinux labels over the loopback device, but we have seen at least one bug in the past relating to NetLabel category bitmap import/export which would not be caught by the "local" NetLabel tests. This issue is to track development of an additional NetLabel test configuration which would test the "pass" configuration sending/receiving a category bitmap.