> @@ -3672,16 +3674,20 @@ static int selinux_skb_flow_in(struct sk
> if (err)
> goto out;
>
> - if (xfrm_sid) {
> - err = security_transition_sid(xfrm_sid, skb->secmark,
> -
> SECCLASS_PACKET, &trans_sid);
> - if (err)
> - goto out;
> + if (xfrm_sid)
> + skb->secmark = xfrm_sid;
>
> - skb->secmark = trans_sid;
> - }
> + err = selinux_netlbl_skb_sid(skb, skb->secmark, &nlbl_sid);
I take it nlbl_sid here will be 0 if netlabel is NOT configured
for the traffic correct?
> --- net-2.6.orig/security/selinux/ss/mls.c
> +++ net-2.6/security/selinux/ss/mls.c
> @@ -547,7 +547,7 @@ int mls_compute_sid(struct context *scon
>
&rtr->target_range);
> }
> }
> - else if (tclass == SECCLASS_PACKET)
> + if (tclass == SECCLASS_PACKET)
What's the purpose of getting rid of "else" above?
I haven't reviewed the netlbl native changes, but the hooks.c changes
seem ok to me.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
