Commit b1f2d93c authored by David Brazdil's avatar David Brazdil Committed by Zheng Zengkai
Browse files

selinux: vsock: Set SID for socket returned by accept() 



stable inclusion
from stable-5.10.27
commit 5ebb9947b488a73c03a7d1aec7142f3873d6704f
bugzilla: 51493

--------------------------------

[ Upstream commit 1f935e8e ]

For AF_VSOCK, accept() currently returns sockets that are unlabelled.
Other socket families derive the child's SID from the SID of the parent
and the SID of the incoming packet. This is typically done as the
connected socket is placed in the queue that accept() removes from.

Reuse the existing 'security_sk_clone' hook to copy the SID from the
parent (server) socket to the child. There is no packet SID in this
case.

Fixes: d021c344 ("VSOCK: Introduce VM Sockets")
Signed-off-by: default avatarDavid Brazdil <dbrazdil@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Acked-by: default avatar  Weilong Chen <chenweilong@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 0ee79a5f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment