diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2019-04-03 14:28:38 -0700 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2019-04-03 14:28:38 -0700 |
| commit | f7450bc6e76860564f3842a41892f9b74313cc23 (patch) | |
| tree | 863eddb3f6473b23322512310b43f6725bc7bb7c /security | |
| parent | 4e328b08882a68649df2c2b76fd208b0d0b85503 (diff) | |
Smack: Fix IPv6 handling of 0 secmark
Handle the case where the skb for an IPv6 packet contains
a 0 in the secmark for a packet generated locally. This
can only happen for system packets, so allow the access.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index bd45c9139d34..b9abcdb36a73 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3907,6 +3907,8 @@ access_check: #ifdef SMACK_IPV6_SECMARK_LABELING if (skb && skb->secmark != 0) skp = smack_from_secid(skb->secmark); + else if (smk_ipv6_localhost(&sadd)) + break; else skp = smack_ipv6host_label(&sadd); if (skp == NULL) |