1
linux/net/tipc
Stephen Smalley fdd75ea8df net/tipc: initialize security state for new connection socket
Calling connect() with an AF_TIPC socket would trigger a series
of error messages from SELinux along the lines of:
SELinux: Invalid class 0
type=AVC msg=audit(1434126658.487:34500): avc:  denied  { <unprintable> }
  for pid=292 comm="kworker/u16:5" scontext=system_u:system_r:kernel_t:s0
  tcontext=system_u:object_r:unlabeled_t:s0 tclass=<unprintable>
  permissive=0

This was due to a failure to initialize the security state of the new
connection sock by the tipc code, leaving it with junk in the security
class field and an unlabeled secid.  Add a call to security_sk_clone()
to inherit the security state from the parent socket.

Reported-by: Tim Shearer <tim.shearer@overturenetworks.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-07-08 16:08:23 -07:00
..
addr.c tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
addr.h tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
bcast.c tipc: purge backlog queue counters when broadcast link is reset 2015-06-28 16:43:02 -07:00
bcast.h tipc: add broadcast link window set/get to nl api 2015-05-09 16:40:02 -04:00
bearer.c tipc: simplify resetting and disabling of bearers 2015-05-14 12:24:45 -04:00
bearer.h tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
core.c tipc: rename functions defined in subscr.c 2015-05-04 15:04:00 -04:00
core.h tipc: simplify packet sequence number handling 2015-05-14 12:24:46 -04:00
discover.c tipc: involve reference counter for node structure 2015-03-29 12:40:28 -07:00
discover.h
eth_media.c
ib_media.c
Kconfig tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
link.c tipc: purge backlog queue counters when broadcast link is reset 2015-06-28 16:43:02 -07:00
link.h tipc: purge backlog queue counters when broadcast link is reset 2015-06-28 16:43:02 -07:00
Makefile tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
msg.c tipc: add packet sequence number at instant of transmission 2015-05-14 12:24:46 -04:00
msg.h tipc: add packet sequence number at instant of transmission 2015-05-14 12:24:46 -04:00
name_distr.c tipc: involve reference counter for node structure 2015-03-29 12:40:28 -07:00
name_distr.h
name_table.c tipc: rename functions defined in subscr.c 2015-05-04 15:04:00 -04:00
name_table.h
net.c tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
net.h
netlink_compat.c tipc: send explicit not supported error in nl compat 2015-05-09 16:40:03 -04:00
netlink.c
netlink.h
node.c tipc: add packet sequence number at instant of transmission 2015-05-14 12:24:46 -04:00
node.h tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
server.c tipc: use sock_create_kern interface to create kernel socket 2015-05-14 13:39:33 -04:00
server.h
socket.c net/tipc: initialize security state for new connection socket 2015-07-08 16:08:23 -07:00
socket.h tipc: fix netns refcnt leak 2015-03-17 22:11:26 -04:00
subscr.c tipc: adjust locking policy of subscription 2015-05-04 15:04:01 -04:00
subscr.h tipc: rename functions defined in subscr.c 2015-05-04 15:04:00 -04:00
sysctl.c
udp_media.c udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb(). 2015-04-07 15:29:08 -04:00