diff options
author | James Morris <james.l.morris@oracle.com> | 2016-07-07 10:15:34 +1000 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2016-07-07 10:15:34 +1000 |
commit | d011a4d861ce583466a8ae72a0c8e7f51c8cba4e (patch) | |
tree | 1ff8dfe7d486f5648e69ee85e54cde1987d8296a /security/selinux/hooks.c | |
parent | 544e1cea03e6674e3c12a3b8e8cc507c3dbeaf0c (diff) | |
parent | 3f09354ac84c6904787189d85fb306bf60f714b8 (diff) | |
download | linux-d011a4d861ce583466a8ae72a0c8e7f51c8cba4e.tar.bz2 |
Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux into next
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a86d537eb79b..da934342a39f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4604,13 +4604,13 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif, addrp, family, peer_sid, &ad); if (err) { - selinux_netlbl_err(skb, err, 0); + selinux_netlbl_err(skb, family, err, 0); return err; } err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, PEER__RECV, &ad); if (err) { - selinux_netlbl_err(skb, err, 0); + selinux_netlbl_err(skb, family, err, 0); return err; } } @@ -4978,7 +4978,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex, addrp, family, peer_sid, &ad); if (err) { - selinux_netlbl_err(skb, err, 1); + selinux_netlbl_err(skb, family, err, 1); return NF_DROP; } } @@ -5064,6 +5064,15 @@ static unsigned int selinux_ipv4_output(void *priv, return selinux_ip_output(skb, PF_INET); } +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) +static unsigned int selinux_ipv6_output(void *priv, + struct sk_buff *skb, + const struct nf_hook_state *state) +{ + return selinux_ip_output(skb, PF_INET6); +} +#endif /* IPV6 */ + static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, int ifindex, u16 family) @@ -6298,6 +6307,12 @@ static struct nf_hook_ops selinux_nf_ops[] = { .hooknum = NF_INET_FORWARD, .priority = NF_IP6_PRI_SELINUX_FIRST, }, + { + .hook = selinux_ipv6_output, + .pf = NFPROTO_IPV6, + .hooknum = NF_INET_LOCAL_OUT, + .priority = NF_IP6_PRI_SELINUX_FIRST, + }, #endif /* IPV6 */ }; |