summaryrefslogtreecommitdiff
path: root/sound/sh
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-12-09 16:11:53 -0500
committerBen Hutchings <ben@decadent.org.uk>2014-04-02 00:58:39 +0100
commit8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde (patch)
treeb2ffeab72fd6c37dafd374c18ba5a708ebb429be /sound/sh
parent5144a343d0579973a631112decba5d0ced76e5c7 (diff)
downloadlwn-8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde.tar.gz
lwn-8761c43b8cfdb6aa4d69d3b9a3d5f94a52945cde.zip
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
commit 5c6c26813a209e7075baf908e3ad81c1a9d389e8 upstream. Due to difficulty in arriving at the proper security label for TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets while/before they are undergoing XFRM transforms instead of waiting until afterwards so that we can determine the correct security label. Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu> Signed-off-by: Paul Moore <pmoore@redhat.com> [bwh: Backported to 3.2: s/selinux_peerlbl_enabled()/netlbl_enabled() || selinux_xfrm_enabled()/] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'sound/sh')
0 files changed, 0 insertions, 0 deletions