calipso: Allow request sockets to be relabelled by the lsm.

Request sockets need to have a label that takes into account the incoming connection as well as their parent's label. This is used for the outgoing SYN-ACK and for their child full-socket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Huw Davies <huw@codeweavers.com> 2016-06-27 15:05:29 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-06-27 15:05:29 -0400
commit: e1adea927080821ebfa7505bff752a4015955660 (patch)
tree: adbbbe9962bf497bdf119849a37c8bbcc1eea034 /security
parent: 56ac42bc94b18d45b6c484edeac33be86bfb3efa (diff)
download: linux-e1adea927080821ebfa7505bff752a4015955660.tar.gz
linux-e1adea927080821ebfa7505bff752a4015955660.tar.bz2
linux-e1adea927080821ebfa7505bff752a4015955660.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 2477a75f16e7..ca220c3fbcf9 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -284,7 +284,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family)
 	int rc;
 	struct netlbl_lsm_secattr secattr;
 
-	if (family != PF_INET)
+	if (family != PF_INET && family != PF_INET6)
 		return 0;
 
 	netlbl_secattr_init(&secattr);
author	Huw Davies <huw@codeweavers.com>	2016-06-27 15:05:29 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-06-27 15:05:29 -0400
commit	e1adea927080821ebfa7505bff752a4015955660 (patch)
tree	adbbbe9962bf497bdf119849a37c8bbcc1eea034 /security
parent	56ac42bc94b18d45b6c484edeac33be86bfb3efa (diff)
download	linux-e1adea927080821ebfa7505bff752a4015955660.tar.gz linux-e1adea927080821ebfa7505bff752a4015955660.tar.bz2 linux-e1adea927080821ebfa7505bff752a4015955660.zip