selinux: ensure that the cached NetLabel secattr matches the desired SID - linux

diff options

author	Paul Moore <pmoore@redhat.com>	2013-12-03 17:36:11 +0100
committer	Paul Moore <pmoore@redhat.com>	2013-12-04 22:08:17 +0100
commit	050d032b25e617cd738db8d6fd5aed24d87cbbcb (patch)
tree	53771bb7cebc1cf36bbd0442d3acc1a93e4ccedb /security/selinux/hooks.c
parent	selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute() (diff)
download	linux-050d032b25e617cd738db8d6fd5aed24d87cbbcb.tar.xz linux-050d032b25e617cd738db8d6fd5aed24d87cbbcb.zip

selinux: ensure that the cached NetLabel secattr matches the desired SID

In selinux_netlbl_skbuff_setsid() we leverage a cached NetLabel secattr whenever possible. However, we never check to ensure that the desired SID matches the cached NetLabel secattr. This patch checks the SID against the secattr before use and only uses the cached secattr when the SID values match. Signed-off-by: Paul Moore <pmoore@redhat.com>

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: