linux/net
Stephen Smalley fdd75ea8df net/tipc: initialize security state for new connection socket
Calling connect() with an AF_TIPC socket would trigger a series
of error messages from SELinux along the lines of:
SELinux: Invalid class 0
type=AVC msg=audit(1434126658.487:34500): avc:  denied  { <unprintable> }
  for pid=292 comm="kworker/u16:5" scontext=system_u:system_r:kernel_t:s0
  tcontext=system_u:object_r:unlabeled_t:s0 tclass=<unprintable>
  permissive=0

This was due to a failure to initialize the security state of the new
connection sock by the tipc code, leaving it with junk in the security
class field and an unlabeled secid.  Add a call to security_sk_clone()
to inherit the security state from the parent socket.

Reported-by: Tim Shearer <tim.shearer@overturenetworks.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-07-08 16:08:23 -07:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth
bridge bridge: mdb: start delete timer for temp static entries 2015-07-08 14:52:58 -07:00
caif
can
ceph
core rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver 2015-07-08 16:01:52 -07:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 ip_tunnel: fix ipv4 pmtu check to honor inner ip header df 2015-07-08 16:03:09 -07:00
ipv6 ipv6: Make MLD packets to only be processed locally 2015-07-03 09:52:38 -07:00
ipx
irda
iucv
key
l2tp
lapb
llc
mac80211
mac802154
mpls
netfilter
netlabel
netlink netlink: Delete an unnecessary check before the function call "module_put" 2015-07-03 09:27:43 -07:00
netrom
nfc
openvswitch
packet
phonet
rds net-RDS: Delete an unnecessary check before the function call "module_put" 2015-07-03 09:27:42 -07:00
rfkill
rose
rxrpc
sched
sctp
sunrpc
switchdev
tipc net/tipc: initialize security state for new connection socket 2015-07-08 16:08:23 -07:00
unix
vmw_vsock
wimax
wireless
x25
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c