selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled

The current partial labeling was introduced in 389fb800ac8b ("netlabel: Label incoming TCP connections correctly in SELinux") due to the fact that IPv6 labeling was not supported yet at the time. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> [PM: properly format the referenced commit ID, adjust subject] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Guido Trentalancia <guido@trentalancia.com> 2024-08-28 11:35:19 +0200
committer: Paul Moore <paul@paul-moore.com> 2024-08-28 11:48:07 -0400
commit: a3422eb4facdebb685b9b4688feb60430450e3c9 (patch)
tree: 457db9ea2d6b08d2a73b5bd425d43282c1840a48 /security
parent: 4ad858bd6fbe21c563f177d499da5f99b4b2480e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 63c481dd71bb..5ad2fd68abbf 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -359,7 +359,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
 {
 	struct sk_security_struct *sksec = sk->sk_security;
 
-	if (family == PF_INET)
+	if (family == PF_INET || family == PF_INET6)
 		sksec->nlbl_state = NLBL_LABELED;
 	else
 		sksec->nlbl_state = NLBL_UNSET;
author	Guido Trentalancia <guido@trentalancia.com>	2024-08-28 11:35:19 +0200
committer	Paul Moore <paul@paul-moore.com>	2024-08-28 11:48:07 -0400
commit	a3422eb4facdebb685b9b4688feb60430450e3c9 (patch)
tree	457db9ea2d6b08d2a73b5bd425d43282c1840a48 /security
parent	4ad858bd6fbe21c563f177d499da5f99b4b2480e (diff)