diff options
author | Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> | 2015-12-23 16:44:09 -0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-12-28 00:18:47 -0500 |
commit | 3538a5c8ffa37c715029af4a2e384c077558eb18 (patch) | |
tree | ad231d72e2e789a9140d4f49563212a88df0b84e /net | |
parent | 9ba0b9636dc07a328ad3bffe9b22edb4cbb2901b (diff) | |
download | lwn-3538a5c8ffa37c715029af4a2e384c077558eb18.tar.gz lwn-3538a5c8ffa37c715029af4a2e384c077558eb18.zip |
sctp: label accepted/peeled off sockets
Accepted or peeled off sockets were missing a security label (e.g.
SELinux) which means that socket was in "unlabeled" state.
This patch clones the sock's label from the parent sock and resolves the
issue (similar to AF_BLUETOOTH protocol family).
Cc: Paul Moore <pmoore@redhat.com>
Cc: David Teigland <teigland@redhat.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/sctp/socket.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 570f96ad4527..529ed357a2cf 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -7202,6 +7202,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, if (newsk->sk_flags & SK_FLAGS_TIMESTAMP) net_enable_timestamp(); + + security_sk_clone(sk, newsk); } static inline void sctp_copy_descendant(struct sock *sk_to, |