diff options
| author | James Morris <jmorris@namei.org> | 2009-01-04 22:56:01 +0100 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-01-04 22:56:01 +0100 |
| commit | 5c8c40be4b5a2944483bfc1a45d6c3fa02551af3 (patch) | |
| tree | d9a79fae500aa5172df7446a2c7a7bdd4e4d469c /security/selinux/hooks.c | |
| parent | keys: fix sparse warning by adding __user annotation to cast (diff) | |
| parent | smack: Add support for unlabeled network hosts and networks (diff) | |
| download | linux-5c8c40be4b5a2944483bfc1a45d6c3fa02551af3.tar.xz linux-5c8c40be4b5a2944483bfc1a45d6c3fa02551af3.zip | |
Merge branch 'master' of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index dbeaa783b2a9..df30a7555d8a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4185,7 +4185,7 @@ static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk, static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { - int err; + int err = 0; struct sk_security_struct *sksec = sk->sk_security; u32 peer_sid; u32 sk_sid = sksec->sid; @@ -4202,7 +4202,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, if (selinux_compat_net) err = selinux_sock_rcv_skb_iptables_compat(sk, skb, &ad, family, addrp); - else + else if (selinux_secmark_enabled()) err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, PACKET__RECV, &ad); if (err) @@ -4705,7 +4705,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, if (selinux_ip_postroute_iptables_compat(skb->sk, ifindex, &ad, family, addrp)) return NF_DROP; - } else { + } else if (selinux_secmark_enabled()) { if (avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET, PACKET__SEND, &ad)) return NF_DROP; |