From: Paul Moore <pmoore@redhat.com>
Date: Mon, 9 Dec 2013 21:11:53 +0000 (-0500)
Subject: selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
X-Git-Tag: v3.14-rc1~147^2~1^2~4
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c6c26813a209e7075baf908e3ad81c1a9d389e8;p=pandora-kernel.git

selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()

Due to difficulty in arriving at the proper security label for
TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets
while/before they are undergoing XFRM transforms instead of waiting
until afterwards so that we can determine the correct security label.

Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
---

Reading git-diff-tree failed