From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.0 5/7] Revert "net: Reset secmark when scrubbing packet"
Date: Sun, 26 Apr 2015 15:40:04 +0200 [thread overview]
Message-ID: <20150426120018.972536006@linuxfoundation.org> (raw)
In-Reply-To: <20150426120018.032351371@linuxfoundation.org>
4.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 4c0ee414e877b899f7fc80aafb98d9425c02797f ]
This patch reverts commit b8fb4e0648a2ab3734140342002f68fb0c7d1602
because the secmark must be preserved even when a packet crosses
namespace boundaries. The reason is that security labels apply to
the system as a whole and is not per-namespace.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/skbuff.c | 1 -
1 file changed, 1 deletion(-)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4178,7 +4178,6 @@ void skb_scrub_packet(struct sk_buff *sk
skb_dst_drop(skb);
skb->mark = 0;
skb_sender_cpu_clear(skb);
- skb_init_secmark(skb);
secpath_reset(skb);
nf_reset(skb);
nf_reset_trace(skb);
next prev parent reply other threads:[~2015-04-26 13:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-26 13:39 [PATCH 4.0 0/7] 4.0.1-stable review Greg Kroah-Hartman
2015-04-26 13:40 ` [PATCH 4.0 1/7] udptunnels: Call handle_offloads after inserting vlan tag Greg Kroah-Hartman
2015-04-26 13:40 ` [PATCH 4.0 2/7] tcp: tcp_make_synack() should clear skb->tstamp Greg Kroah-Hartman
2015-04-26 13:40 ` [PATCH 4.0 3/7] bnx2x: Fix busy_poll vs netpoll Greg Kroah-Hartman
2015-04-26 13:40 ` [PATCH 4.0 4/7] bpf: fix verifier memory corruption Greg Kroah-Hartman
2015-04-26 13:40 ` Greg Kroah-Hartman [this message]
2015-04-26 13:40 ` [PATCH 4.0 7/7] fs: take i_mutex during prepare_binprm for set[ug]id executables Greg Kroah-Hartman
2015-04-26 20:05 ` [PATCH 4.0 0/7] 4.0.1-stable review Guenter Roeck
2015-04-26 20:33 ` Greg Kroah-Hartman
2015-04-27 17:18 ` Shuah Khan
2015-04-27 17:26 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150426120018.972536006@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).