selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled
The current partial labeling was introduced in 389fb800ac
("netlabel:
Label incoming TCP connections correctly in SELinux") due to the fact
that IPv6 labeling was not supported yet at the time.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
[PM: properly format the referenced commit ID, adjust subject]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
4ad858bd6f
commit
a3422eb4fa
@ -359,7 +359,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
|
||||
{
|
||||
struct sk_security_struct *sksec = sk->sk_security;
|
||||
|
||||
if (family == PF_INET)
|
||||
if (family == PF_INET || family == PF_INET6)
|
||||
sksec->nlbl_state = NLBL_LABELED;
|
||||
else
|
||||
sksec->nlbl_state = NLBL_UNSET;
|
||||
|
Loading…
Reference in New Issue
Block a user