rpms/kernel/devel linux-2.6-selinux-socket-label.patch, NONE, 1.1 kernel-2.6.spec, 1.2720, 1.2721
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 29 21:19:59 UTC 2006
Author: dwmw2
Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15403
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-selinux-socket-label.patch
Log Message:
fix socket mislabelling
linux-2.6-selinux-socket-label.patch:
hooks.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE linux-2.6-selinux-socket-label.patch ---
--- linux-2.6.18.ppc/security/selinux/hooks.c~ 2006-09-28 14:37:20.000000000 +0100
+++ linux-2.6.18.ppc/security/selinux/hooks.c 2006-09-29 19:00:25.000000000 +0100
@@ -3604,7 +3604,9 @@ void selinux_sock_graft(struct sock* sk,
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security;
- isec->sid = sksec->sid;
+ if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+ sk->sk_family == PF_UNIX)
+ isec->sid = sksec->sid;
selinux_netlbl_sock_graft(sk, parent);
}
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2720
retrieving revision 1.2721
diff -u -r1.2720 -r1.2721
--- kernel-2.6.spec 29 Sep 2006 21:01:21 -0000 1.2720
+++ kernel-2.6.spec 29 Sep 2006 21:19:56 -0000 1.2721
@@ -498,6 +498,7 @@
Patch1801: linux-2.6-selinux-mprotect-checks.patch
Patch1802: linux-2.6-selinux-support-range-transitions.patch
Patch1803: linux-2.6-audit-code-walking-out-of-bounds.patch
+Patch1804: linux-2.6-selinux-socket-label.patch
# Warn about usage of various obsolete functionality that may go away.
Patch1900: linux-2.6-obsolete-oss-warning.patch
@@ -1111,6 +1112,8 @@
# Add support for SELinux range transitions
%patch1802 -p1
%patch1803 -p1
+# Fix socket labelling
+%patch1804 -p1
# Warn about obsolete functionality usage.
%patch1900 -p1
@@ -1952,6 +1955,9 @@
%endif
%changelog
+* Fri Sep 29 2006 David Woodhouse <dwmw2 at redhat.com>
+- Fix socket labelling (#204655)
+
* Fri Sep 29 2006 Dave Jones <davej at redhat.com>
- Execshield improvements. (Bart Oldeman)
More information about the fedora-cvs-commits
mailing list