Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields

[PATCH 0/6] Various NetLabel fixes and cleanups · <hidden> · 2006-08-29
[PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · <hidden> · 2006-08-29
Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · James Morris <jmorris@namei.org> · 2006-08-29
Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · Paul Moore <hidden> · 2006-08-29
Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · James Morris <jmorris@namei.org> · 2006-08-29
Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · Paul Moore <hidden> · 2006-08-29
Re: [PATCH 1/6] NetLabel: correctly initialize the NetLabel fields · James Morris <jmorris@namei.org> · 2006-08-29
[PATCH 2/6] NetLabel: remove unused function prototypes · <hidden> · 2006-08-29
Re: [PATCH 2/6] NetLabel: remove unused function prototypes · James Morris <jmorris@namei.org> · 2006-08-29
[PATCH 3/6] NetLabel: comment corrections · <hidden> · 2006-08-29
Re: [PATCH 3/6] NetLabel: comment corrections · James Morris <jmorris@namei.org> · 2006-08-29
[PATCH 5/6] NetLabel: uninline selinux_netlbl_inode_permission() · <hidden> · 2006-08-29
Re: [PATCH 5/6] NetLabel: uninline selinux_netlbl_inode_permission() · James Morris <jmorris@namei.org> · 2006-08-29
[PATCH 4/6] NetLabel: cleanup ebitmap_import() · <hidden> · 2006-08-29
Re: [PATCH 4/6] NetLabel: cleanup ebitmap_import() · James Morris <jmorris@namei.org> · 2006-08-29
[PATCH 6/6] NetLabel: add some missing #includes to various header files · <hidden> · 2006-08-29
Re: [PATCH 6/6] NetLabel: add some missing #includes to various header files · James Morris <jmorris@namei.org> · 2006-08-29
Re: [PATCH 0/6] Various NetLabel fixes and cleanups · David Miller <davem@davemloft.net> · 2006-08-30
Re: [PATCH 0/6] Various NetLabel fixes and cleanups · Paul Moore <hidden> · 2006-08-30

From: James Morris <jmorris@namei.org>
Date: 2006-08-29 16:51:18
Also in: selinux

On Tue, 29 Aug 2006, paul.moore@hp.com wrote:

+void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
+				     int family)
+{
+        if (family == PF_INET)

No tab.

+		ssec->nlbl_state = NLBL_REQUIRE;
+	else
+		ssec->nlbl_state = NLBL_UNSET;
+}

It doesn't look like this code handles ipv4 packets mapped on ipv6 
sockets.  See the test elsewhere in the SELinux code:

	if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP))


Also, can you verify that you've tested these fixes and that they resolve 
all issues that you've encountered?



-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help