aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorChad Hanson <chanson@trustedcs.com>2013-12-23 17:45:01 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-01-09 12:24:20 -0800
commitfaecbbe4213acc9da2aa44d0577cad1a9f419946 (patch)
treeac301fed1b1cd5285fd4104c6444950d9c6dd158 /security
parentf62f6338d12d86133ea925822a3a95821a74ae58 (diff)
selinux: fix broken peer recv check
commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream. Fix a broken networking check. Return an error if peer recv fails. If secmark is active and the packet recv succeeds the peer recv error is ignored. Signed-off-by: Chad Hanson <chanson@trustedcs.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5e58d7dd7b6..57a7b362c86 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4228,8 +4228,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
}
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
PEER__RECV, &ad);
- if (err)
+ if (err) {
selinux_netlbl_err(skb, err, 0);
+ return err;
+ }
}
if (secmark_active) {