diff options
author | Paul Moore <pmoore@redhat.com> | 2013-12-09 16:11:53 -0500 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2014-04-02 00:58:39 +0100 |
commit | 8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde (patch) | |
tree | b2ffeab72fd6c37dafd374c18ba5a708ebb429be /sound/sh | |
parent | 5144a343d0579973a631112decba5d0ced76e5c7 (diff) | |
download | lwn-8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde.tar.gz lwn-8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde.zip |
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
commit 5c6c26813a209e7075baf908e3ad81c1a9d389e8 upstream.
Due to difficulty in arriving at the proper security label for
TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets
while/before they are undergoing XFRM transforms instead of waiting
until afterwards so that we can determine the correct security label.
Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu>
Signed-off-by: Paul Moore <pmoore@redhat.com>
[bwh: Backported to 3.2:
s/selinux_peerlbl_enabled()/netlbl_enabled() || selinux_xfrm_enabled()/]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'sound/sh')
0 files changed, 0 insertions, 0 deletions