diff options
Diffstat (limited to 'crypto-properly-label-AF_ALG-socket.patch')
-rw-r--r-- | crypto-properly-label-AF_ALG-socket.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/crypto-properly-label-AF_ALG-socket.patch b/crypto-properly-label-AF_ALG-socket.patch deleted file mode 100644 index b42186bd..00000000 --- a/crypto-properly-label-AF_ALG-socket.patch +++ /dev/null @@ -1,44 +0,0 @@ -Th AF_ALG socket was missing a security label (e.g. SELinux) -which means that socket was in "unlabeled" state. - -This was recently demonstrated in the cryptsetup package -(cryptsetup v1.6.5 and later.) -See https://bugzilla.redhat.com/show_bug.cgi?id=1115120 - -This patch clones the sock's label from the parent sock -and resolves the issue (similar to AF_BLUETOOTH protocol family). - -Cc: stable@vger.kernel.org -Signed-off-by: Milan Broz <gmazyland@gmail.com> ---- - crypto/af_alg.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index 966f893..6a3ad80 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -21,6 +21,7 @@ - #include <linux/module.h> - #include <linux/net.h> - #include <linux/rwsem.h> -+#include <linux/security.h> - - struct alg_type_list { - const struct af_alg_type *type; -@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - - sock_init_data(newsock, sk2); - sock_graft(sk2, newsock); -+ security_sk_clone(sk, sk2); - - err = type->accept(ask->private, sk2); - if (err) { --- -2.0.1 - -_______________________________________________ -Selinux mailing list -Selinux@tycho.nsa.gov -To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. -To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
\ No newline at end of file |