sctp: label accepted/peeled off sockets

Accepted or peeled off sockets were missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: Paul Moore <pmoore@redhat.com> Cc: David Teigland <teigland@redhat.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: David S. Miller <davem@davemloft.net>

sctp: label accepted/peeled off sockets
Accepted or peeled off sockets were missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: Paul Moore <pmoore@redhat.com> Cc: David Teigland <teigland@redhat.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: David S. Miller <davem@davemloft.net>
3538a5c8 · Marcelo Ricardo Leitner · David S. Miller · 9ba0b963 · 3538a5c8
Commit 3538a5c8 authored Dec 23, 2015 by Marcelo Ricardo Leitner Committed by David S. Miller Dec 28, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

net/sctp/socket.c net/sctp/socket.c +2 -0

No files found.
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7202,6 +7202,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,

 	if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
 		net_enable_timestamp();
+
+	security_sk_clone(sk, newsk);
 }

 static inline void sctp_copy_descendant(struct sock *sk_to,