rpms/kernel/devel linux-2.6-selinux-socket-label.patch, NONE, 1.1 kernel-2.6.spec, 1.2720, 1.2721

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Sep 29 21:19:59 UTC 2006 

Author: dwmw2

Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15403

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6-selinux-socket-label.patch 
Log Message:
fix socket mislabelling

linux-2.6-selinux-socket-label.patch:
 hooks.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

--- NEW FILE linux-2.6-selinux-socket-label.patch ---
--- linux-2.6.18.ppc/security/selinux/hooks.c~	2006-09-28 14:37:20.000000000 +0100
+++ linux-2.6.18.ppc/security/selinux/hooks.c	2006-09-29 19:00:25.000000000 +0100
@@ -3604,7 +3604,9 @@ void selinux_sock_graft(struct sock* sk,
 	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
 	struct sk_security_struct *sksec = sk->sk_security;
 
-	isec->sid = sksec->sid;
+	if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+	    sk->sk_family == PF_UNIX)
+		isec->sid = sksec->sid;
 
 	selinux_netlbl_sock_graft(sk, parent);
 }


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2720
retrieving revision 1.2721
diff -u -r1.2720 -r1.2721
--- kernel-2.6.spec	29 Sep 2006 21:01:21 -0000	1.2720
+++ kernel-2.6.spec	29 Sep 2006 21:19:56 -0000	1.2721
@@ -498,6 +498,7 @@
 Patch1801: linux-2.6-selinux-mprotect-checks.patch
 Patch1802: linux-2.6-selinux-support-range-transitions.patch
 Patch1803: linux-2.6-audit-code-walking-out-of-bounds.patch
+Patch1804: linux-2.6-selinux-socket-label.patch
 
 # Warn about usage of various obsolete functionality that may go away.
 Patch1900: linux-2.6-obsolete-oss-warning.patch
@@ -1111,6 +1112,8 @@
 # Add support for SELinux range transitions
 %patch1802 -p1
 %patch1803 -p1
+# Fix socket labelling
+%patch1804 -p1
 
 # Warn about obsolete functionality usage.
 %patch1900 -p1
@@ -1952,6 +1955,9 @@
 %endif
 
 %changelog
+* Fri Sep 29 2006 David Woodhouse <dwmw2 at redhat.com>
+- Fix socket labelling (#204655)
+
 * Fri Sep 29 2006 Dave Jones <davej at redhat.com>
 - Execshield improvements. (Bart Oldeman)

More information about the fedora-cvs-commits mailing list