git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Wed, 16 Dec 2020 11:55:27 +0000 (12:55 +0100)
committer	Paul Moore <paul@paul-moore.com>
	Tue, 5 Jan 2021 00:43:59 +0000 (19:43 -0500)
commit	95ca90726ea6c9444c752ea370e35ec7b6776434
tree	5d512809bcd8eecce82ded279012da46575ee8f2	tree \| snapshot
parent	e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62	commit \| diff

selinux: handle MPTCP consistently with TCP

The MPTCP protocol uses a specific protocol value, even if
it's an extension to TCP. Additionally, MPTCP sockets
could 'fall-back' to TCP at run-time, depending on peer MPTCP
support and available resources.

As a consequence of the specific protocol number, selinux
applies the raw_socket class to MPTCP sockets.

Existing TCP application converted to MPTCP - or forced to
use MPTCP socket with user-space hacks - will need an
updated policy to run successfully.

This change lets selinux attach the TCP socket class to
MPTCP sockets, too, so that no policy changes are needed in
the above scenario.

Note that the MPTCP is setting, propagating and updating the
security context on all the subflows and related request
socket.

Link: https://lore.kernel.org/linux-security-module/CAHC9VhTaK3xx0hEGByD2zxfF7fadyPP1kb-WeWH_YCyq9X-sRg@mail.gmail.com/T/#t
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
[PM: tweaked subject's prefix]
Signed-off-by: Paul Moore <paul@paul-moore.com>