[kernel] Apply different patch from Milan Broz to fix LUKS partitions (rhbz 1115120)
Josh Boyer
jwboyer at fedoraproject.org
Wed Jul 30 15:22:33 UTC 2014
commit 74a17995ecd302938e44188a32b59abbe4cd0084
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed Jul 30 11:21:58 2014 -0400
Apply different patch from Milan Broz to fix LUKS partitions (rhbz 1115120)
crypto-properly-label-AF_ALG-socket.patch | 44 ++++++++++++
kernel.spec | 7 ++-
...-4da6daf4d3df5a977e4623963f141a627fd2efce.patch | 75 --------------------
3 files changed, 49 insertions(+), 77 deletions(-)
---
diff --git a/crypto-properly-label-AF_ALG-socket.patch b/crypto-properly-label-AF_ALG-socket.patch
new file mode 100644
index 0000000..b42186b
--- /dev/null
+++ b/crypto-properly-label-AF_ALG-socket.patch
@@ -0,0 +1,44 @@
+Th AF_ALG socket was missing a security label (e.g. SELinux)
+which means that socket was in "unlabeled" state.
+
+This was recently demonstrated in the cryptsetup package
+(cryptsetup v1.6.5 and later.)
+See https://bugzilla.redhat.com/show_bug.cgi?id=1115120
+
+This patch clones the sock's label from the parent sock
+and resolves the issue (similar to AF_BLUETOOTH protocol family).
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Milan Broz <gmazyland at gmail.com>
+---
+ crypto/af_alg.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/af_alg.c b/crypto/af_alg.c
+index 966f893..6a3ad80 100644
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -21,6 +21,7 @@
+ #include <linux/module.h>
+ #include <linux/net.h>
+ #include <linux/rwsem.h>
++#include <linux/security.h>
+
+ struct alg_type_list {
+ const struct af_alg_type *type;
+@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
+
+ sock_init_data(newsock, sk2);
+ sock_graft(sk2, newsock);
++ security_sk_clone(sk, sk2);
+
+ err = type->accept(ask->private, sk2);
+ if (err) {
+--
+2.0.1
+
+_______________________________________________
+Selinux mailing list
+Selinux at tycho.nsa.gov
+To unsubscribe, send email to Selinux-leave at tycho.nsa.gov.
+To get help, send an email containing "help" to Selinux-request at tycho.nsa.gov.
\ No newline at end of file
diff --git a/kernel.spec b/kernel.spec
index 91f243b..960e0bc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -644,7 +644,7 @@ Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
Patch25118: sched-fix-sched_setparam-policy-1-logic.patch
#rhbz 1115120
-Patch25120: selinux-4da6daf4d3df5a977e4623963f141a627fd2efce.patch
+Patch25120: crypto-properly-label-AF_ALG-socket.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
@@ -1378,7 +1378,7 @@ ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
ApplyPatch sched-fix-sched_setparam-policy-1-logic.patch
#rhbz 1115120
-ApplyPatch selinux-4da6daf4d3df5a977e4623963f141a627fd2efce.patch
+ApplyPatch crypto-properly-label-AF_ALG-socket.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
@@ -2265,6 +2265,9 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Jul 30 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Apply different patch from Milan Broz to fix LUKS partitions (rhbz 1115120)
+
* Tue Jul 29 2014 Kyle McMartin <kyle at fedoraproject.org>
- kernel-arm64.patch: update from upstream git.
More information about the scm-commits
mailing list