path: root/crypto
diff options
authorMilan Broz <>2014-07-29 18:41:09 (GMT)
committerGreg Kroah-Hartman <>2014-08-07 21:30:25 (GMT)
commit4a6d0c804feb6f77953e6abe786fef49725faf8b (patch)
treeb8b2ead672d932a712661e08319646f1007f1b61 /crypto
parent10a622493d7f9343e8b4118031ff0c21a27cc4e9 (diff)
crypto: af_alg - properly label AF_ALG socket
commit 4c63f83c2c2e16a13ce274ee678e28246bd33645 upstream. Th AF_ALG socket was missing a security label (e.g. SELinux) which means that socket was in "unlabeled" state. This was recently demonstrated in the cryptsetup package (cryptsetup v1.6.5 and later.) See This patch clones the sock's label from the parent sock and resolves the issue (similar to AF_BLUETOOTH protocol family). Signed-off-by: Milan Broz <> Acked-by: Paul Moore <> Signed-off-by: Herbert Xu <> Signed-off-by: Greg Kroah-Hartman <>
Diffstat (limited to 'crypto')
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index ac33d5f..bf948e1 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -21,6 +21,7 @@
#include <linux/module.h>
#include <linux/net.h>
#include <linux/rwsem.h>
+#include <linux/security.h>
struct alg_type_list {
const struct af_alg_type *type;
@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sock_init_data(newsock, sk2);
sock_graft(sk2, newsock);
+ security_sk_clone(sk, sk2);
err = type->accept(ask->private, sk2);
if (err) {