summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2024-07-16 14:56:13 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2024-07-16 14:56:13 -0700
commit42b5a01596f1f9471b58a2f59e1fceeb8db79ffc (patch)
tree0cd407556b616baa28c695bebec789b21d67e589
parent11ab4cd5ec3f5f531ca0cb3014b7c6869c4aea5d (diff)
parente86cac0acdb1a74f608bacefe702f2034133a047 (diff)
Merge tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler: "Two fixes for Smack networking labeling by Konstantin Andreev" * tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-next: smack: unix sockets: fix accept()ed socket label smack: tcp: ipv4, fix incorrect labeling
Diffstat
-rw-r--r--security/smack/smack_lsm.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c1fe422cfbe1..4164699cd4f6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3871,12 +3871,18 @@ static int smack_unix_stream_connect(struct sock *sock,
}
}
- /*
- * Cross reference the peer labels for SO_PEERSEC.
- */
if (rc == 0) {
+ /*
+ * Cross reference the peer labels for SO_PEERSEC.
+ */
nsp->smk_packet = ssp->smk_out;
ssp->smk_packet = osp->smk_out;
+
+ /*
+ * new/child/established socket must inherit listening socket labels
+ */
+ nsp->smk_out = osp->smk_out;
+ nsp->smk_in = osp->smk_in;
}
return rc;
@@ -4456,7 +4462,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
rcu_read_unlock();
if (hskp == NULL)
- rc = netlbl_req_setattr(req, &skp->smk_netlabel);
+ rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel);
else
netlbl_req_delattr(req);
generated by cgit v1.2.3-58-ga151 (git 2.39.0) at 2024-11-21 13:26:25 +0000