> On Fri, 8 Sep 2006, Venkat Yekkirala wrote:
>
> > + if (selinux_compat_net) {
> > + err = selinux_xfrm_decode_session(skb, &peersid, 0);
> > + BUG_ON(err);
>
> I'm pretty sure this should not be a BUG_ON. IIUC, you want
> to panic the
> kernel because one of the nested SAs has a different security context.
No, we are sending in 0 for the ckall param by which we are telling
the function NOT to do any checks, but to simply set the return param
peersid to the secid on the first xfrm if any and succeed by returning 0.
Must not fail.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
