sctp: label accepted/peeled off sockets Accepted or peeled off sockets were missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Cc: Paul Moore <pmoore@redhat.com> Cc: David Teigland <teigland@redhat.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 3538a5c8ffa37c715029af4a2e384c077558eb18 [log] [tgz]
author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Wed Dec 23 16:44:09 2015 -0200
committer: David S. Miller <davem@davemloft.net> Mon Dec 28 00:18:47 2015 -0500
tree: ad231d72e2e789a9140d4f49563212a88df0b84e
parent: 9ba0b9636dc07a328ad3bffe9b22edb4cbb2901b [diff] [blame]
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 570f96a..529ed35 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c

@@ -7202,6 +7202,8 @@
 
 	if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
 		net_enable_timestamp();
+
+	security_sk_clone(sk, newsk);
 }
 
 static inline void sctp_copy_descendant(struct sock *sk_to,
commit	3538a5c8ffa37c715029af4a2e384c077558eb18	[log] [tgz]
author	Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>	Wed Dec 23 16:44:09 2015 -0200
committer	David S. Miller <davem@davemloft.net>	Mon Dec 28 00:18:47 2015 -0500
tree	ad231d72e2e789a9140d4f49563212a88df0b84e
parent	9ba0b9636dc07a328ad3bffe9b22edb4cbb2901b [diff] [blame]