| Message ID | 20240828093518.27340-1-guido@trentalancia.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [RESEND] selinux: mark all newly created Internet domain sockets as labeled sockets | expand |
On Aug 28, 2024 Guido Trentalancia <guido@trentalancia.com> wrote: > > The current partial labeling was introduced in > commit 389fb800ac8be2832efedd19978a2b8ced37eb61 > due to the fact that IPv6 labeling was not > supported yet at the time. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > --- > security/selinux/netlabel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Much better, merged into selinux/dev, thanks Guido. -- paul-moore.com
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 55885634e880..f6846cbdd977 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -358,7 +358,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { struct sk_security_struct *sksec = sk->sk_security; - if (family == PF_INET) + if (family == PF_INET || family == PF_INET6) sksec->nlbl_state = NLBL_LABELED; else sksec->nlbl_state = NLBL_UNSET;
The current partial labeling was introduced in commit 389fb800ac8be2832efedd19978a2b8ced37eb61 due to the fact that IPv6 labeling was not supported yet at the time. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- security/selinux/netlabel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)