aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2b..aedf02b1345a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4626 * as fast and as clean as possible. */ 4626 * as fast and as clean as possible. */
4627 if (selinux_compat_net || !selinux_policycap_netpeer) 4627 if (selinux_compat_net || !selinux_policycap_netpeer)
4628 return selinux_ip_postroute_compat(skb, ifindex, family); 4628 return selinux_ip_postroute_compat(skb, ifindex, family);
4629 4629#ifdef CONFIG_XFRM
4630 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec 4630 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4631 * packet transformation so allow the packet to pass without any checks 4631 * packet transformation so allow the packet to pass without any checks
4632 * since we'll have another chance to perform access control checks 4632 * since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4635 * is NULL, in this case go ahead and apply access control. */ 4635 * is NULL, in this case go ahead and apply access control. */
4636 if (skb->dst != NULL && skb->dst->xfrm != NULL) 4636 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4637 return NF_ACCEPT; 4637 return NF_ACCEPT;
4638 4638#endif
4639 secmark_active = selinux_secmark_enabled(); 4639 secmark_active = selinux_secmark_enabled();
4640 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4640 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4641 if (!secmark_active && !peerlbl_active) 4641 if (!secmark_active && !peerlbl_active)