In function selinux_netlbl_inet_csk_clone() mark
as labeled not only IPv4, but also IPv6 sockets.
The current partial labeling was introduced in
commit 389fb800ac8be2832efedd19978a2b8ced37eb61
due to the fact that IPv6 labeling was not
supported yet at the time.
Signed-off-by: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
---
security/selinux/netlabel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/selinux/netlabel.c 2024-08-25 22:19:37.556414928
+0200
+++ b/security/selinux/netlabel.c 2024-08-25 22:20:02.860415642
+0200
@@ -358,7 +358,7 @@ void selinux_netlbl_inet_csk_clone(struc
{
struct sk_security_struct *sksec = sk->sk_security;
- if (family == PF_INET)
+ if (family == PF_INET || family == PF_INET6)
sksec->nlbl_state = NLBL_LABELED;
else
sksec->nlbl_state = NLBL_UNSET;
