aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_unlabeled.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-08-02 14:45:08 -0400
committerDavid S. Miller <davem@davemloft.net>2013-08-02 19:57:01 -0400
commit6a8b7f0c85f1f42eb8b6e68ef3d5ba8020d8e272 (patch)
tree2097e9baf7e2af21a6cc80206df4f3c58c8a4840 /net/netlabel/netlabel_unlabeled.c
parent5f671d6b4ec3e6d66c2a868738af2cdea09e7509 (diff)
netlabel: use domain based selectors when address based selectors are not available
NetLabel has the ability to selectively assign network security labels to outbound traffic based on either the LSM's "domain" (different for each LSM), the network destination, or a combination of both. Depending on the type of traffic, local or forwarded, and the type of traffic selector, domain or address based, different hooks are used to label the traffic; the goal being minimal overhead. Unfortunately, there is a bug such that a system using NetLabel domain based traffic selectors does not correctly label outbound local traffic that is not assigned to a socket. The issue is that in these cases the associated NetLabel hook only looks at the address based selectors and not the domain based selectors. This patch corrects this by checking both the domain and address based selectors so that the correct labeling is applied, regardless of the configuration type. In order to acomplish this fix, this patch also simplifies some of the NetLabel domainhash structures to use a more common outbound traffic mapping type: struct netlbl_dommap_def. This simplifies some of the code in this patch and paves the way for further simplifications in the future. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_unlabeled.c')
-rw-r--r--net/netlabel/netlabel_unlabeled.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index af3531926ee0..8f0897407a2c 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1541,7 +1541,7 @@ int __init netlbl_unlabel_defconf(void)
1541 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1541 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1542 if (entry == NULL) 1542 if (entry == NULL)
1543 return -ENOMEM; 1543 return -ENOMEM;
1544 entry->type = NETLBL_NLTYPE_UNLABELED; 1544 entry->def.type = NETLBL_NLTYPE_UNLABELED;
1545 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 1545 ret_val = netlbl_domhsh_add_default(entry, &audit_info);
1546 if (ret_val != 0) 1546 if (ret_val != 0)
1547 return ret_val; 1547 return ret_val;