aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 15:49:40 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 15:49:40 -0500
commit0191b625ca5a46206d2fb862bb08f36f2fcb3b31 (patch)
tree454d1842b1833d976da62abcbd5c47521ebe9bd7 /security/selinux/hooks.c
parent54a696bd07c14d3b1192d03ce7269bc59b45209a (diff)
parenteb56092fc168bf5af199d47af50c0d84a96db898 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1429 commits) net: Allow dependancies of FDDI & Tokenring to be modular. igb: Fix build warning when DCA is disabled. net: Fix warning fallout from recent NAPI interface changes. gro: Fix potential use after free sfc: If AN is enabled, always read speed/duplex from the AN advertising bits sfc: When disabling the NIC, close the device rather than unregistering it sfc: SFT9001: Add cable diagnostics sfc: Add support for multiple PHY self-tests sfc: Merge top-level functions for self-tests sfc: Clean up PHY mode management in loopback self-test sfc: Fix unreliable link detection in some loopback modes sfc: Generate unique names for per-NIC workqueues 802.3ad: use standard ethhdr instead of ad_header 802.3ad: generalize out mac address initializer 802.3ad: initialize ports LACPDU from const initializer 802.3ad: remove typedef around ad_system 802.3ad: turn ports is_individual into a bool 802.3ad: turn ports is_enabled into a bool 802.3ad: make ntt bool ixgbe: Fix set_ringparam in ixgbe to use the same memory pools. ... Fixed trivial IPv4/6 address printing conflicts in fs/cifs/connect.c due to the conversion to %pI (in this networking merge) and the addition of doing IPv6 addresses (from the earlier merge of CIFS).
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 853b58c8b2cb..dbeaa783b2a9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4735,7 +4735,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4735 * as fast and as clean as possible. */ 4735 * as fast and as clean as possible. */
4736 if (selinux_compat_net || !selinux_policycap_netpeer) 4736 if (selinux_compat_net || !selinux_policycap_netpeer)
4737 return selinux_ip_postroute_compat(skb, ifindex, family); 4737 return selinux_ip_postroute_compat(skb, ifindex, family);
4738 4738#ifdef CONFIG_XFRM
4739 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec 4739 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4740 * packet transformation so allow the packet to pass without any checks 4740 * packet transformation so allow the packet to pass without any checks
4741 * since we'll have another chance to perform access control checks 4741 * since we'll have another chance to perform access control checks
@@ -4744,7 +4744,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4744 * is NULL, in this case go ahead and apply access control. */ 4744 * is NULL, in this case go ahead and apply access control. */
4745 if (skb->dst != NULL && skb->dst->xfrm != NULL) 4745 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4746 return NF_ACCEPT; 4746 return NF_ACCEPT;
4747 4747#endif
4748 secmark_active = selinux_secmark_enabled(); 4748 secmark_active = selinux_secmark_enabled();
4749 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4749 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4750 if (!secmark_active && !peerlbl_active) 4750 if (!secmark_active && !peerlbl_active)