selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled

The current partial labeling was introduced in 389fb800 ("netlabel: Label incoming TCP connections correctly in SELinux") due to the fact that IPv6 labeling was not supported yet at the time. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> [PM: properly format the referenced commit ID, adjust subject] Signed-off-by: Paul Moore <paul@paul-moore.com>

selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled
The current partial labeling was introduced in 389fb800 ("netlabel: Label incoming TCP connections correctly in SELinux") due to the fact that IPv6 labeling was not supported yet at the time. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> [PM: properly format the referenced commit ID, adjust subject] Signed-off-by: Paul Moore <paul@paul-moore.com>
a3422eb4 · Guido Trentalancia · Paul Moore · 4ad858bd · a3422eb4
Commit a3422eb4 authored Aug 28, 2024 by Guido Trentalancia Committed by Paul Moore Aug 28, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

security/selinux/netlabel.c security/selinux/netlabel.c +1 -1

No files found.
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -359,7 +359,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
 {
 	struct sk_security_struct *sksec = sk->sk_security;

-	if (family == PF_INET)
+	if (family == PF_INET || family == PF_INET6)
 		sksec->nlbl_state = NLBL_LABELED;
 	else
 		sksec->nlbl_state = NLBL_UNSET;