]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
selinux: check connect-related permissions on TCP Fast Open
authorStephen Smalley <stephen.smalley.work@gmail.com>
Thu, 18 Jun 2026 17:55:14 +0000 (13:55 -0400)
committerPaul Moore <paul@paul-moore.com>
Wed, 1 Jul 2026 21:09:53 +0000 (17:09 -0400)
commit44c74d27d1b9aaa99fa8a83640c1223575262b80
treeb06f66beb40cbdc977ac9e1f32f891435a1b168f
parentdc59e4fea9d83f03bad6bddf3fa2e52491777482
selinux: check connect-related permissions on TCP Fast Open

Similar to Landlock, SELinux was not updated when TCP Fast Open
support was introduced to ensure connect-related permissions are
checked when using TCP Fast Open. Update its socket_sendmsg() hook to
call selinux_socket_connect() when MSG_FASTOPEN is passed.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-security-module/20260616201615.275032-1-hexlabsecurity@proton.me/
Link: https://lore.kernel.org/linux-security-module/20260617180526.15627-2-matthieu@buffet.re/
Reported-by: Bryam Vargas <hexlabsecurity@proton.me>
Reported-by: Matthieu Buffet <matthieu@buffet.re>
Reported-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Bryam Vargas <hexlabsecurity@proton.me>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c