- mlsxfrm-fix-mis-labelling-of-child-sockets.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled

     MLSXFRM: fix mis-labelling of child sockets

has been removed from the -mm tree.  Its filename is

     mlsxfrm-fix-mis-labelling-of-child-sockets.patch

This patch was dropped because it was merged into mainline or a subsystem tree

------------------------------------------------------
Subject: MLSXFRM: fix mis-labelling of child sockets
From: David Woodhouse <dwmw2@xxxxxxxxxxxxx>

Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX won't
have an appropriate label derived from the peer, so don't use it.

Signed-off-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Acked-by: James Morris <jmorris@xxxxxxxxx>
Acked-by: Paul Moore <paul.moore@xxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 security/selinux/hooks.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -puN security/selinux/hooks.c~mlsxfrm-fix-mis-labelling-of-child-sockets security/selinux/hooks.c
--- a/security/selinux/hooks.c~mlsxfrm-fix-mis-labelling-of-child-sockets
+++ a/security/selinux/hooks.c
@@ -3619,7 +3619,9 @@ static void selinux_sock_graft(struct so
 	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
 	struct sk_security_struct *sksec = sk->sk_security;
 
-	isec->sid = sksec->sid;
+	if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+	    sk->sk_family == PF_UNIX)
+		isec->sid = sksec->sid;
 
 	selinux_netlbl_sock_graft(sk, parent);
 }
_

Patches currently in -mm which might be from dwmw2@xxxxxxxxxxxxx are

origin.patch
gregkh-pci-pci-quirks-update.patch
git-gfs2.patch
hdrcheck-permission-fix.patch
git-mtd.patch
mtd-printk-format-warning.patch
git-parisc.patch
git-powerpc.patch
add-config_headers_check-option-to-automatically-run-make-headers_check.patch
add-config_headers_check-option-to-automatically-run-make-headers_check-nobble.patch
submit-checklist-mention-headers_check.patch
epoll_pwait.patch
fix-compile-errors-for-64-bit-types-in-headers-with-__strict_ansi__.patch
the-scheduled-removal-of-some-oss-drivers-fix-fix.patch
debug-shared-irqs.patch
debug-shared-irqs-kconfig-fix.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux