Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 0fdb9385 authored by Paul Moore's avatar Paul Moore Committed by Greg Kroah-Hartman
Browse files

selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute() 



commit c0828e50485932b7e019df377a6b0a8d1ebd3080 upstream.

Due to difficulty in arriving at the proper security label for
TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets
while/before they are undergoing XFRM transforms instead of waiting
until afterwards so that we can determine the correct security label.

Reported-by: default avatarJanak Desai <Janak.Desai@gtri.gatech.edu>
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 07035708
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment