selinux: mark both IPv4 and IPv6 accepted connection sockets as labeled

The current partial labeling was introduced in 389fb800ac8b ("netlabel:
Label incoming TCP connections correctly in SELinux") due to the fact
that IPv6 labeling was not supported yet at the time.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
[PM: properly format the referenced commit ID, adjust subject]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 63c481dd71bb67f95baa973f474d729ed5a3c303..5ad2fd68abbf14b2f83a7fd1e0db6f658b09381b 100644 (file)
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -359,7 +359,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
 {
        struct sk_security_struct *sksec = sk->sk_security;
 
-       if (family == PF_INET)
+       if (family == PF_INET || family == PF_INET6)
                sksec->nlbl_state = NLBL_LABELED;
        else
                sksec->nlbl_state = NLBL_UNSET;