selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables
authorLorenzo Colitti <lorenzo@google.com>
Wed, 3 Feb 2016 16:17:12 +0000 (01:17 +0900)
committerDavid S. Miller <davem@davemloft.net>
Tue, 9 Feb 2016 09:55:05 +0000 (04:55 -0500)
Without this, using SOCK_DESTROY in enforcing mode results in:

  SELinux: unrecognized netlink message type=21 for sclass=32

Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
security/selinux/nlmsgtab.c

index 2bbb418..8495b93 100644 (file)
@@ -83,6 +83,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
        { TCPDIAG_GETSOCK,      NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
        { DCCPDIAG_GETSOCK,     NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
        { SOCK_DIAG_BY_FAMILY,  NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+       { SOCK_DESTROY,         NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
 };
 
 static struct nlmsg_perm nlmsg_xfrm_perms[] =