From: Paul Moore <[email protected]> Date: Mon, 6 Jun 2016 15:37:56 -0400
> On Mon, Jun 6, 2016 at 3:35 PM, Paul Moore <[email protected]> wrote: >> From: Paul Moore <[email protected]> >> >> It seems risky to always rely on the caller to ensure the socket's >> address family is correct before passing it to the NetLabel kAPI, >> especially since we see at least one LSM which didn't. Add address >> family checks to the *_delattr() functions to help prevent future >> problems. >> >> Cc: <[email protected]> >> Reported-by: Maninder Singh <[email protected]> >> Signed-off-by: Paul Moore <[email protected]> >> --- >> net/netlabel/netlabel_kapi.c | 12 ++++++++++-- >> 1 file changed, 10 insertions(+), 2 deletions(-) > > DaveM, since this is such a trivial fix I'm adding it into my > selinux#next branch right now, but if you would prefer to carry it via > netdev#next let me know. That's fine.
