diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-07-07 09:43:45 -0400 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2015-10-13 03:46:12 +0100 |
commit | 79bff4bc9204dec190576741babecf73786f48a3 (patch) | |
tree | f0739c0925021143bbad594e696f31f362644b9b /net/mac80211/sta_info.h | |
parent | 2ef259c0f5b2f3ca28ccb7bf126a0a2177012f89 (diff) | |
download | kernel_samsung_smdk4412-79bff4bc9204dec190576741babecf73786f48a3.zip kernel_samsung_smdk4412-79bff4bc9204dec190576741babecf73786f48a3.tar.gz kernel_samsung_smdk4412-79bff4bc9204dec190576741babecf73786f48a3.tar.bz2 |
net/tipc: initialize security state for new connection socket
[ Upstream commit fdd75ea8df370f206a8163786e7470c1277a5064 ]
Calling connect() with an AF_TIPC socket would trigger a series
of error messages from SELinux along the lines of:
SELinux: Invalid class 0
type=AVC msg=audit(1434126658.487:34500): avc: denied { <unprintable> }
for pid=292 comm="kworker/u16:5" scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=<unprintable>
permissive=0
This was due to a failure to initialize the security state of the new
connection sock by the tipc code, leaving it with junk in the security
class field and an unlabeled secid. Add a call to security_sk_clone()
to inherit the security state from the parent socket.
Reported-by: Tim Shearer <tim.shearer@overturenetworks.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2: adjust context, indentation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'net/mac80211/sta_info.h')
0 files changed, 0 insertions, 0 deletions