Skip to content
Commit ca10b9e9 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

selinux: add a skb_owned_by() hook 

Commit 90ba9b19

 (tcp: tcp_make_synack() can use alloc_skb())
broke certain SELinux/NetLabel configurations by no longer correctly
assigning the sock to the outgoing SYNACK packet.

Cost of atomic operations on the LISTEN socket is quite big,
and we would like it to happen only if really needed.

This patch introduces a new security_ops->skb_owned_by() method,
that is a void operation unless selinux is active.

Reported-by: default avatarMiroslav Vadkerti <mvadkert@redhat.com>
Diagnosed-by: default avatarPaul Moore <pmoore@redhat.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-security-module@vger.kernel.org
Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
Tested-by: default avatarPaul Moore <pmoore@redhat.com>
Acked-by: default avatarPaul Moore <pmoore@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c802d759
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment