> On Mar 29, 2021, at 3:45 PM, Tomas Habarta <[email protected]> wrote:
>
> 6663]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0",
> iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CTRUNC}, 0) = 1
> [7141]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0",
> iov_len=1}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET,
> cmsg_type=SCM_RIGHTS, cmsg_data=[15]}], msg_controllen=24, msg_flags=0}, 0) =
> 1
This is the crucial difference the control message with the forwarded
file descriptor is missing. The SELinxu system is reporting MSG_CTRUNC
and a control length of 0. The fine manpage says:
MSG_CTRUNC
indicates that some control data was discarded due to lack of
space in the buffer for ancillary data.
But the issue is NOT lack of space, SELinux almost certainly censored
the descriptor passing. See section 5.3.4 of:
https://www.nsa.gov/Portals/70/documents/resources/everyone/digital-media-center/publications/research-papers/implementing-selinux-as-linux-security-module-report.pdf
Or https://bugzilla.redhat.com/show_bug.cgi?id=1326502
--
Viktor.
