Rather than removing the netlabel socket attribute on connections set the ambient domain. This is more in line with the way netlabel "should" be used. Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d9055a0df75c..f965c9e6287e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4057,7 +4057,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, if (hskp == NULL) rc = netlbl_req_setattr(req, &skp->smk_netlabel); else - netlbl_req_delattr(req); + rc = netlbl_req_setattr(req, &smack_net_ambient->smk_netlabel); return rc; } -- 2.17.0
