crypto: af_alg - properly label AF_ALG socket
Th AF_ALG socket was missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This was recently demonstrated in the cryptsetup package (cryptsetup v1.6.5 and later.) See https://bugzilla.redhat.com/show_bug.cgi?id=1115120 This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: stable@vger.kernel.org Signed-off-by: Milan Broz <gmazyland@gmail.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Milan Broz
Herbert Xu
Родитель
f3c400ef47
Коммит
4c63f83c2c
|
|
@ -21,6 +21,7 @@
|
||||||
#include <linux/module.h>
|
#include <linux/module.h>
|
||||||
#include <linux/net.h>
|
#include <linux/net.h>
|
||||||
#include <linux/rwsem.h>
|
#include <linux/rwsem.h>
|
||||||
|
#include <linux/security.h>
|
||||||
|
|
||||||
struct alg_type_list {
|
struct alg_type_list {
|
||||||
const struct af_alg_type *type;
|
const struct af_alg_type *type;
|
||||||
|
|
@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
|
||||||
|
|
||||||
sock_init_data(newsock, sk2);
|
sock_init_data(newsock, sk2);
|
||||||
sock_graft(sk2, newsock);
|
sock_graft(sk2, newsock);
|
||||||
|
security_sk_clone(sk, sk2);
|
||||||
|
|
||||||
err = type->accept(ask->private, sk2);
|
err = type->accept(ask->private, sk2);
|
||||||
if (err) {
|
if (err) {
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче