[PATCH] MLSXFRM: fix mis-labelling of child sockets
Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX won't have an appropriate label derived from the peer, so don't use it. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
9a69d1aecc
commit
2148ccc437
@ -3619,7 +3619,9 @@ static void selinux_sock_graft(struct sock* sk, struct socket *parent)
|
||||
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
|
||||
struct sk_security_struct *sksec = sk->sk_security;
|
||||
|
||||
isec->sid = sksec->sid;
|
||||
if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
|
||||
sk->sk_family == PF_UNIX)
|
||||
isec->sid = sksec->sid;
|
||||
|
||||
selinux_netlbl_sock_graft(sk, parent);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user