diff options
author | Huw Davies <huw@codeweavers.com> | 2016-06-27 21:05:29 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 21:05:29 +0200 |
commit | e1adea927080821ebfa7505bff752a4015955660 (patch) | |
tree | adbbbe9962bf497bdf119849a37c8bbcc1eea034 /security | |
parent | ipv6: Allow request socks to contain IPv6 options. (diff) | |
download | linux-e1adea927080821ebfa7505bff752a4015955660.tar.xz linux-e1adea927080821ebfa7505bff752a4015955660.zip |
calipso: Allow request sockets to be relabelled by the lsm.
Request sockets need to have a label that takes into account the
incoming connection as well as their parent's label. This is used
for the outgoing SYN-ACK and for their child full-socket.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/netlabel.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 2477a75f16e7..ca220c3fbcf9 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -284,7 +284,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) int rc; struct netlbl_lsm_secattr secattr; - if (family != PF_INET) + if (family != PF_INET && family != PF_INET6) return 0; netlbl_secattr_init(&secattr); |