sctp: label accepted/peeled off sockets

Accepted or peeled off sockets were missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: Paul Moore <[email protected]> Cc: David Teigland <[email protected]> Signed-off-by: Marcelo Ricardo Leitner <[email protected]> Acked-by: Paul Moore <[email protected]> Signed-off-by: David S. Miller <[email protected]>
CamonZ · Dec 28, 2015 · 3538a5c · 3538a5c
1 parent 9ba0b96
commit 3538a5c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
@@ -7202,6 +7202,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
 
 	if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
 		net_enable_timestamp();
+
+	security_sk_clone(sk, newsk);
 }
 
 static inline void sctp_copy_descendant(struct sock *sk_to,