diff options
author | Huw Davies <huw@codeweavers.com> | 2016-06-27 21:02:51 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 21:02:51 +0200 |
commit | ceba1832b1b2da0149c51de62a847c00bca1677a (patch) | |
tree | 5f03426f96c98a387cc1087865fe99b32410561c /security | |
parent | netlabel: Move bitmap manipulation functions to the NetLabel core. (diff) | |
download | linux-ceba1832b1b2da0149c51de62a847c00bca1677a.tar.xz linux-ceba1832b1b2da0149c51de62a847c00bca1677a.zip |
calipso: Set the calipso socket label to match the secattr.
CALIPSO is a hop-by-hop IPv6 option. A lot of this patch is based on
the equivalent CISPO code. The main difference is due to manipulating
the options in the hop-by-hop header.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/netlabel.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 1f989a539fd4..5470f32eca54 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -333,7 +333,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) struct sk_security_struct *sksec = sk->sk_security; struct netlbl_lsm_secattr *secattr; - if (family != PF_INET) + if (family != PF_INET && family != PF_INET6) return 0; secattr = selinux_netlbl_sock_genattr(sk); |