diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/selinux/netlink.c | 6 | ||||
| -rw-r--r-- | security/selinux/nlmsgtab.c | 3 |
3 files changed, 7 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2253f388234f..8641f8894b4c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -659,7 +659,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
| 659 | return SECCLASS_NETLINK_ROUTE_SOCKET; | 659 | return SECCLASS_NETLINK_ROUTE_SOCKET; |
| 660 | case NETLINK_FIREWALL: | 660 | case NETLINK_FIREWALL: |
| 661 | return SECCLASS_NETLINK_FIREWALL_SOCKET; | 661 | return SECCLASS_NETLINK_FIREWALL_SOCKET; |
| 662 | case NETLINK_TCPDIAG: | 662 | case NETLINK_INET_DIAG: |
| 663 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; | 663 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; |
| 664 | case NETLINK_NFLOG: | 664 | case NETLINK_NFLOG: |
| 665 | return SECCLASS_NETLINK_NFLOG_SOCKET; | 665 | return SECCLASS_NETLINK_NFLOG_SOCKET; |
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 18d08acafa78..e203883406dd 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c | |||
| @@ -80,7 +80,8 @@ static void selnl_notify(int msgtype, void *data) | |||
| 80 | nlh = NLMSG_PUT(skb, 0, 0, msgtype, len); | 80 | nlh = NLMSG_PUT(skb, 0, 0, msgtype, len); |
| 81 | selnl_add_payload(nlh, len, msgtype, data); | 81 | selnl_add_payload(nlh, len, msgtype, data); |
| 82 | nlh->nlmsg_len = skb->tail - tmp; | 82 | nlh->nlmsg_len = skb->tail - tmp; |
| 83 | netlink_broadcast(selnl, skb, 0, SELNL_GRP_AVC, GFP_USER); | 83 | NETLINK_CB(skb).dst_group = SELNLGRP_AVC; |
| 84 | netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER); | ||
| 84 | out: | 85 | out: |
| 85 | return; | 86 | return; |
| 86 | 87 | ||
| @@ -103,7 +104,8 @@ void selnl_notify_policyload(u32 seqno) | |||
| 103 | 104 | ||
| 104 | static int __init selnl_init(void) | 105 | static int __init selnl_init(void) |
| 105 | { | 106 | { |
| 106 | selnl = netlink_kernel_create(NETLINK_SELINUX, NULL); | 107 | selnl = netlink_kernel_create(NETLINK_SELINUX, SELNLGRP_MAX, NULL, |
| 108 | THIS_MODULE); | ||
| 107 | if (selnl == NULL) | 109 | if (selnl == NULL) |
| 108 | panic("SELinux: Cannot create netlink socket."); | 110 | panic("SELinux: Cannot create netlink socket."); |
| 109 | netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV); | 111 | netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV); |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 92b057becb4b..69b9329b2054 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -16,7 +16,7 @@ | |||
| 16 | #include <linux/rtnetlink.h> | 16 | #include <linux/rtnetlink.h> |
| 17 | #include <linux/if.h> | 17 | #include <linux/if.h> |
| 18 | #include <linux/netfilter_ipv4/ip_queue.h> | 18 | #include <linux/netfilter_ipv4/ip_queue.h> |
| 19 | #include <linux/tcp_diag.h> | 19 | #include <linux/inet_diag.h> |
| 20 | #include <linux/xfrm.h> | 20 | #include <linux/xfrm.h> |
| 21 | #include <linux/audit.h> | 21 | #include <linux/audit.h> |
| 22 | 22 | ||
| @@ -76,6 +76,7 @@ static struct nlmsg_perm nlmsg_firewall_perms[] = | |||
| 76 | static struct nlmsg_perm nlmsg_tcpdiag_perms[] = | 76 | static struct nlmsg_perm nlmsg_tcpdiag_perms[] = |
| 77 | { | 77 | { |
| 78 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 78 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| 79 | { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | ||
| 79 | }; | 80 | }; |
| 80 | 81 | ||
| 81 | static struct nlmsg_perm nlmsg_xfrm_perms[] = | 82 | static struct nlmsg_perm nlmsg_xfrm_perms[] = |