summaryrefslogtreecommitdiff
path: root/net/core/sock.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/core/sock.c')
-rw-r--r--net/core/sock.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/net/core/sock.c b/net/core/sock.c
index d7d6d3a8efe5..fd5f9d3873c1 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1221,12 +1221,21 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
}
return -EPERM;
case SO_PASSSEC:
+ if (!IS_ENABLED(CONFIG_SECURITY_NETWORK) || sk_may_scm_recv(sk))
+ return -EOPNOTSUPP;
+
assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
return 0;
case SO_PASSCRED:
+ if (!sk_may_scm_recv(sk))
+ return -EOPNOTSUPP;
+
assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
return 0;
case SO_PASSPIDFD:
+ if (!sk_is_unix(sk))
+ return -EOPNOTSUPP;
+
assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
return 0;
case SO_TYPE:
@@ -1855,10 +1864,16 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
break;
case SO_PASSCRED:
+ if (!sk_may_scm_recv(sk))
+ return -EOPNOTSUPP;
+
v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
break;
case SO_PASSPIDFD:
+ if (!sk_is_unix(sk))
+ return -EOPNOTSUPP;
+
v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
break;
@@ -1956,6 +1971,9 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
break;
case SO_PASSSEC:
+ if (!IS_ENABLED(CONFIG_SECURITY_NETWORK) || !sk_may_scm_recv(sk))
+ return -EOPNOTSUPP;
+
v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
break;
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-11 13:45:01 +0000