projects
/
platform
/
kernel
/
linux-rpi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5c6c268
)
selinux: fix broken peer recv check
author
Chad Hanson
<chanson@trustedcs.com>
Wed, 11 Dec 2013 22:07:56 +0000
(17:07 -0500)
committer
Paul Moore
<pmoore@redhat.com>
Wed, 11 Dec 2013 22:07:56 +0000
(17:07 -0500)
Fix a broken networking check. Return an error if peer recv fails. If
secmark is active and the packet recv succeeds the peer recv error is
ignored.
Signed-off-by: Chad Hanson <chanson@trustedcs.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
security/selinux/hooks.c
patch
|
blob
|
history
diff --git
a/security/selinux/hooks.c
b/security/selinux/hooks.c
index
a98228e
..
bf0537d
100644
(file)
--- a/
security/selinux/hooks.c
+++ b/
security/selinux/hooks.c
@@
-4338,8
+4338,10
@@
static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
}
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
PEER__RECV, &ad);
- if (err)
+ if (err)
{
selinux_netlbl_err(skb, err, 0);
+ return err;
+ }
}
if (secmark_active) {