• James Morris's avatar
    [NET]: Add sock_create_lite() · 398b3c44
    James Morris authored
    The purpose of this is to allow sockets created by the kernel in this way
    to be passed through the LSM socket creation hooks and be labeled and
    mediated in the same manner as other sockets.
    
    This patches addresses a class of potential issues with LSMs, where such
    sockets will not be labeled correctly (if at all), or mediated during
    creation.  Under SELinux, it fixes a specific bug where RPC sockets
    created by the kernel during TCP NFS serving are unlabeled.
    398b3c44
svcsock.c 40.4 KB