3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chad Hanson <chanson@xxxxxxxxxxxxx>
commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream.
Fix a broken networking check. Return an error if peer recv fails. If
secmark is active and the packet recv succeeds the peer recv error is
ignored.
Signed-off-by: Chad Hanson <chanson@xxxxxxxxxxxxx>
Signed-off-by: Paul Moore <pmoore@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
security/selinux/hooks.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4228,8 +4228,10 @@ static int selinux_socket_sock_rcv_skb(s
}
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
PEER__RECV, &ad);
- if (err)
+ if (err) {
selinux_netlbl_err(skb, err, 0);
+ return err;
+ }
}
if (secmark_active) {
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html