From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Date: Wed, 23 Dec 2015 18:44:09 +0000 (-0200)
Subject: sctp: label accepted/peeled off sockets
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3538a5c8ffa37c715029af4a2e384c077558eb18;p=openwrt%2Fstaging%2Fblogic.git

sctp: label accepted/peeled off sockets

Accepted or peeled off sockets were missing a security label (e.g.
SELinux) which means that socket was in "unlabeled" state.

This patch clones the sock's label from the parent sock and resolves the
issue (similar to AF_BLUETOOTH protocol family).

Cc: Paul Moore <pmoore@redhat.com>
Cc: David Teigland <teigland@redhat.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 570f96ad4527..529ed357a2cf 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7202,6 +7202,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
 
 	if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
 		net_enable_timestamp();
+
+	security_sk_clone(sk, newsk);
 }
 
 static inline void sctp_copy_descendant(struct sock *sk_to,