diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-07 01:15:56 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-07 01:15:56 +0200 |
commit | 10b1eb7d8ce5635a7deb273f8291d8a0a7681de1 (patch) | |
tree | 946b7d496a4e24db5120be376e075b52982fae83 /net/socket.c | |
parent | Merge tag 'printk-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff) | |
parent | dh key: get rid of stack allocated array for zeroes (diff) | |
download | linux-10b1eb7d8ce5635a7deb273f8291d8a0a7681de1.tar.xz linux-10b1eb7d8ce5635a7deb273f8291d8a0a7681de1.zip |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security system updates from James Morris:
- incorporate new socketpair() hook into LSM and wire up the SELinux
and Smack modules. From David Herrmann:
"The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets
created via socketpair(2), and return the same information as if
you emulated socketpair(2) via a temporary listener socket.
Right now SO_PEERSEC will return the unlabeled credentials for a
socketpair, rather than the actual credentials of the creating
process."
- remove the unused security_settime LSM hook (Sargun Dhillon).
- remove some stack allocated arrays from the keys code (Tycho
Andersen)
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
dh key: get rid of stack allocated array for zeroes
dh key: get rid of stack allocated array
big key: get rid of stack array allocation
smack: provide socketpair callback
selinux: provide socketpair callback
net: hook socketpair() into LSM
security: add hook for socketpair()
security: remove security_settime
Diffstat (limited to 'net/socket.c')
-rw-r--r-- | net/socket.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/socket.c b/net/socket.c index 2d752e9eb3f9..af57d85bcb48 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1445,6 +1445,13 @@ int __sys_socketpair(int family, int type, int protocol, int __user *usockvec) goto out; } + err = security_socket_socketpair(sock1, sock2); + if (unlikely(err)) { + sock_release(sock2); + sock_release(sock1); + goto out; + } + err = sock1->ops->socketpair(sock1, sock2); if (unlikely(err < 0)) { sock_release(sock2); |