+ mlsxfrm-fix-mis-labelling-of-child-sockets.patch added to -mm tree

akpm@xxxxxxxx · Fri, 29 Sep 2006 14:45:47 -0700

The patch titled

     MLSXFRM: fix mis-labelling of child sockets

has been added to the -mm tree.  Its filename is

     mlsxfrm-fix-mis-labelling-of-child-sockets.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: MLSXFRM: fix mis-labelling of child sockets
From: David Woodhouse <dwmw2@xxxxxxxxxxxxx>

Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX won't
have an appropriate label derived from the peer, so don't use it.

Signed-off-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Cc: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 security/selinux/hooks.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -puN security/selinux/hooks.c~mlsxfrm-fix-mis-labelling-of-child-sockets security/selinux/hooks.c

--- a/security/selinux/hooks.c~mlsxfrm-fix-mis-labelling-of-child-sockets
+++ a/security/selinux/hooks.c
@@ -3619,7 +3619,9 @@ static void selinux_sock_graft(struct so
 	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
 	struct sk_security_struct *sksec = sk->sk_security;
 
-	isec->sid = sksec->sid;
+	if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+	    sk->sk_family == PF_UNIX)
+		isec->sid = sksec->sid;
 
 	selinux_netlbl_sock_graft(sk, parent);
 }
_

Patches currently in -mm which might be from dwmw2@xxxxxxxxxxxxx are

origin.patch
git-gfs2.patch
hdrcheck-permission-fix.patch
git-mtd.patch
mtd-printk-format-warning.patch
git-parisc.patch
git-powerpc.patch
mlsxfrm-fix-mis-labelling-of-child-sockets.patch
add-config_headers_check-option-to-automatically-run-make-headers_check.patch
add-config_headers_check-option-to-automatically-run-make-headers_check-nobble.patch
submit-checklist-mention-headers_check.patch
epoll_pwait.patch
fix-compile-errors-for-64-bit-types-in-headers-with-__strict_ansi__.patch
the-scheduled-removal-of-some-oss-drivers-fix-fix.patch
debug-shared-irqs.patch
debug-shared-irqs-kconfig-fix.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




