2 files changed, 3 insertions, 3 deletions

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index cb30c7e350b3..ed6af12cdf43 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -495,7 +495,7 @@ static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
                                        char *name1, char *name2)
 {
         if (!ipv6_addr_any(addr))
-                audit_log_format(ab, " %s=" NIP6_FMT, name1, NIP6(*addr));
+                audit_log_format(ab, " %s=%pI6", name1, addr);
         if (port)
                 audit_log_format(ab, " %s=%d", name2, ntohs(port));
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2b..aedf02b1345a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
          * as fast and as clean as possible. */
         if (selinux_compat_net || !selinux_policycap_netpeer)
                 return selinux_ip_postroute_compat(skb, ifindex, family);
-
+#ifdef CONFIG_XFRM
         /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
          * packet transformation so allow the packet to pass without any checks
          * since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
          *       is NULL, in this case go ahead and apply access control. */
         if (skb->dst != NULL && skb->dst->xfrm != NULL)
                 return NF_ACCEPT;
-
+#endif
         secmark_active = selinux_secmark_enabled();
         peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
         if (!secmark_active && !peerlbl_active)