On Thu, Jun 9, 2016 at 8:59 AM, Paul Moore <pmoore@xxxxxxxxxx> wrote:
> From: Paul Moore <paul@xxxxxxxxxxxxxx>
>
> Much like we had to do for AF_BLUETOOTH and AF_ALG, make sure we
> properly clone the parent socket's LSM attributes to newly created
> child sockets.
>
> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> ---
> net/iucv/af_iucv.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
Another small, and obvious, fix so I'm going to merge it into
selinux#next now, but if anyone has an objection please let me know.
> diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
> index fc3598a..a0d1e36 100644
> --- a/net/iucv/af_iucv.c
> +++ b/net/iucv/af_iucv.c
> @@ -22,6 +22,7 @@
> #include <linux/skbuff.h>
> #include <linux/init.h>
> #include <linux/poll.h>
> +#include <linux/security.h>
> #include <net/sock.h>
> #include <asm/ebcdic.h>
> #include <asm/cpcmd.h>
> @@ -530,8 +531,10 @@ static void iucv_sock_close(struct sock *sk)
>
> static void iucv_sock_init(struct sock *sk, struct sock *parent)
> {
> - if (parent)
> + if (parent) {
> sk->sk_type = parent->sk_type;
> + security_sk_clone(parent, sk);
> + }
> }
>
> static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio, int kern)
>
--
paul moore
security @ redhat
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
