selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled

The current partial labeling was introduced in 389fb800ac8b ("netlabel: Label incoming TCP connections correctly in SELinux") due to the fact that IPv6 labeling was not supported yet at the time. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> [PM: properly format the referenced commit ID, adjust subject] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Guido Trentalancia <guido@trentalancia.com> 2024-08-28 11:35:19 +0200
committer: Paul Moore <paul@paul-moore.com> 2024-08-28 17:48:07 +0200
commit: a3422eb4facdebb685b9b4688feb60430450e3c9 (patch)
tree: 457db9ea2d6b08d2a73b5bd425d43282c1840a48 /security/selinux
parent: selinux: replace kmem_cache_create() with KMEM_CACHE() (diff)
download: linux-a3422eb4facdebb685b9b4688feb60430450e3c9.tar.xz
linux-a3422eb4facdebb685b9b4688feb60430450e3c9.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 63c481dd71bb..5ad2fd68abbf 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -359,7 +359,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
 {
 	struct sk_security_struct *sksec = sk->sk_security;
 
-	if (family == PF_INET)
+	if (family == PF_INET || family == PF_INET6)
 		sksec->nlbl_state = NLBL_LABELED;
 	else
 		sksec->nlbl_state = NLBL_UNSET;
author	Guido Trentalancia <guido@trentalancia.com>	2024-08-28 11:35:19 +0200
committer	Paul Moore <paul@paul-moore.com>	2024-08-28 17:48:07 +0200
commit	a3422eb4facdebb685b9b4688feb60430450e3c9 (patch)
tree	457db9ea2d6b08d2a73b5bd425d43282c1840a48 /security/selinux
parent	selinux: replace kmem_cache_create() with KMEM_CACHE() (diff)
download	linux-a3422eb4facdebb685b9b4688feb60430450e3c9.tar.xz linux-a3422eb4facdebb685b9b4688feb60430450e3c9.zip