This is a note to let you know that I've just added the patch titled
Revert "net: Reset secmark when scrubbing packet"
to the 4.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
revert-net-reset-secmark-when-scrubbing-packet.patch
and it can be found in the queue-4.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Apr 21 23:10:35 CEST 2015
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Apr 2015 16:12:53 +0800
Subject: Revert "net: Reset secmark when scrubbing packet"
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
[ Upstream commit 4c0ee414e877b899f7fc80aafb98d9425c02797f ]
This patch reverts commit b8fb4e0648a2ab3734140342002f68fb0c7d1602
because the secmark must be preserved even when a packet crosses
namespace boundaries. The reason is that security labels apply to
the system as a whole and is not per-namespace.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/core/skbuff.c | 1 -
1 file changed, 1 deletion(-)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4178,7 +4178,6 @@ void skb_scrub_packet(struct sk_buff *sk
skb_dst_drop(skb);
skb->mark = 0;
skb_sender_cpu_clear(skb);
- skb_init_secmark(skb);
secpath_reset(skb);
nf_reset(skb);
nf_reset_trace(skb);
Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are
queue-4.0/revert-net-reset-secmark-when-scrubbing-packet.patch
queue-4.0/skbuff-do-not-scrub-skb-mark-within-the-same-name-space.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html