Rather than removing the netlabel socket attribute on connections set the ambient domain. This is more in line with the way netlabel "should" be used. Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 25b5160e343b..337a05c34931 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4143,7 +4143,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, if (hskp == NULL) rc = netlbl_req_setattr(req, &skp->smk_netlabel); else - netlbl_req_delattr(req); + rc = netlbl_req_setattr(req, &smack_net_ambient->smk_netlabel); return rc; } -- 2.19.1
