1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f590fb8e9143..156ef93d6f7d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4524,11 +4524,11 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
        if (selinux_secmark_enabled())
                if (avc_has_perm(sksec->sid, skb->secmark,
                                 SECCLASS_PACKET, PACKET__SEND, &ad))
-                        return NF_DROP;
+                        return NF_DROP_ERR(-ECONNREFUSED);
        if (selinux_policycap_netpeer)
                if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
-                        return NF_DROP;
+                        return NF_DROP_ERR(-ECONNREFUSED);
        return NF_ACCEPT;
 }

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f590fb8e9143..156ef93d6f7d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -4524,11 +4524,11 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4524	if (selinux_secmark_enabled())	4524	if (selinux_secmark_enabled())
4525	if (avc_has_perm(sksec->sid, skb->secmark,	4525	if (avc_has_perm(sksec->sid, skb->secmark,
4526	SECCLASS_PACKET, PACKET__SEND, &ad))	4526	SECCLASS_PACKET, PACKET__SEND, &ad))
4527	return NF_DROP;	4527	return NF_DROP_ERR(-ECONNREFUSED);
4528		4528
4529	if (selinux_policycap_netpeer)	4529	if (selinux_policycap_netpeer)
4530	if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))	4530	if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4531	return NF_DROP;	4531	return NF_DROP_ERR(-ECONNREFUSED);
4532		4532
4533	return NF_ACCEPT;	4533	return NF_ACCEPT;
4534	}	4534	}