Kuniyuki Iwashima fa2df45af1 dccp: Call security_inet_conn_request() after setting IPv4 addresses.
Initially, commit 4237c75c0a35 ("[MLSXFRM]: Auto-labeling of child
sockets") introduced security_inet_conn_request() in some functions
where reqsk is allocated.  The hook is added just after the allocation,
so reqsk's IPv4 remote address was not initialised then.

However, SELinux/Smack started to read it in netlbl_req_setattr()
after the cited commits.

This bug was partially fixed by commit 284904aa7946 ("lsm: Relocate
the IPv4 security_inet_conn_request() hooks").

This patch fixes the last bug in DCCPv4.

Fixes: 389fb800ac8b ("netlabel: Label incoming TCP connections correctly in SELinux")
Fixes: 07feee8f812f ("netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-11-02 12:55:42 +01:00
..
2023-10-23 08:45:25 +01:00
2023-10-01 19:09:54 +01:00
2023-05-31 13:06:57 +02:00
2023-08-29 17:39:15 -07:00
2023-10-30 14:36:57 -07:00
2023-10-26 20:27:58 -07:00
2023-06-24 15:41:46 -07:00
2023-10-30 14:36:57 -07:00
2023-10-01 19:09:54 +01:00
2023-10-30 10:12:29 -10:00
2023-10-27 09:12:47 -07:00
2023-10-26 20:27:58 -07:00
2023-10-01 19:09:54 +01:00
2023-10-30 14:36:57 -07:00
2023-10-11 10:39:01 +01:00
2023-11-01 11:16:34 -10:00